PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add back fowner capability to netd

Browse Source 
This addresses error messages like:

11-30 18:00:15.196  6917  6917 W Binder:6596_2: type=1400 audit(0.0:46):
avc: denied { fowner } for capability=3 scontext=u:r:netd:s0
tcontext=u:r:netd:s0 tclass=capability permissive=0

11-30 18:00:15.200  6596  6917 E /system/bin/netd:
android::WriteStringToFile fchmod failed: Operation not permitted

11-30 18:00:15.200  6596  6917 E Netd    : failed to write to
/data/misc/net/rt_tables (Operation not permitted)

Bug: 31147892
Change-Id: Id11704f8e2b8c08db92de374ed44913b70d6ae66
This commit is contained in:
Christopher Wiley 2016-09-09 12:51:42 -07:00
parent 91e84be2cc
commit 28029706cf
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
netd.te
View File

@ -49,6 +49,7 @@ allow netd self:capability { dac_override chown };
# Needed to update /data/misc/net/rt_tables
allow netd net_data_file:file create_file_perms;
allow netd net_data_file:dir rw_dir_perms;
allow netd self:capability fowner;
# Allow netd to spawn dnsmasq in it's own domain
domain_auto_trans(netd, dnsmasq_exec, dnsmasq)