ee268643c1
This gives the privilege to system apps, platform apps,
ephemeral apps, and privileged apps to receive a
UDP socket from the system server. This is being added
for supporting UDP Encapsulation sockets for IPsec, which
must be provided by the system.
This is an analogous change to a previous change that
permitted these sockets for untrusted_apps:
0f75a62e2c
Bug: 70389346
Test: IpSecManagerTest, System app verified with SL4A
Change-Id: Iec07e97012e0eab92a95fae9818f80f183325c31
7 lines
314 B
Text
7 lines
314 B
Text
# TODO: deal with tmpfs_domain pub/priv split properly
|
|
# Read system properties managed by zygote.
|
|
allow appdomain zygote_tmpfs:file read;
|
|
|
|
neverallow appdomain system_server:udp_socket {
|
|
accept append bind create getopt ioctl listen lock name_bind
|
|
relabelfrom relabelto setattr setopt shutdown };
|