platform_system_sepolicy/private/app.te
Nathan Harold ea4eaaf128 Allow getsockopt and setsockopt for Encap Sockets
Because applications should be able to set the receive
timeout on UDP encapsulation sockets, we need to allow
setsockopt(). getsockopt() is an obvious allowance as
well.

Bug: 68689438
Test: compilation
Change-Id: I2eaf72bcce5695f1aee7a95ec03111eca577651c
2018-04-03 10:28:10 -07:00

7 lines
300 B
Text

# TODO: deal with tmpfs_domain pub/priv split properly
# Read system properties managed by zygote.
allow appdomain zygote_tmpfs:file read;
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };