platform_system_sepolicy/public/hal_nlinterceptor.te
Chris Weir 7129b929e3 Give Netlink Interceptor route_socket perms
VTS for Netlink Interceptor needs access to netlink_route_socket, and
other services routing traffic to Netlink Interceptor may as well.

Bug: 201467304
Test: VtsHalNetlinkInterceptorV1_0Test
Change-Id: Ic52e54f1eec7175154d2e89e307740071b1ba168
2021-12-01 04:08:19 +00:00

8 lines
442 B
Text

binder_call(hal_nlinterceptor_client, hal_nlinterceptor_server)
hal_attribute_service(hal_nlinterceptor, hal_nlinterceptor_service)
binder_call(hal_nlinterceptor, servicemanager)
allow hal_nlinterceptor self:global_capability_class_set net_admin;
allow hal_nlinterceptor self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hal_nlinterceptor self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_readpriv nlmsg_write };