Add back fowner capability to netd
This addresses error messages like: 11-30 18:00:15.196 6917 6917 W Binder:6596_2: type=1400 audit(0.0:46): avc: denied { fowner } for capability=3 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability permissive=0 11-30 18:00:15.200 6596 6917 E /system/bin/netd: android::WriteStringToFile fchmod failed: Operation not permitted 11-30 18:00:15.200 6596 6917 E Netd : failed to write to /data/misc/net/rt_tables (Operation not permitted) Bug: 31147892 Change-Id: Id11704f8e2b8c08db92de374ed44913b70d6ae66
This commit is contained in:
parent
91e84be2cc
commit
28029706cf
1
netd.te
1
netd.te
@ -49,6 +49,7 @@ allow netd self:capability { dac_override chown };
|
||||
# Needed to update /data/misc/net/rt_tables
|
||||
allow netd net_data_file:file create_file_perms;
|
||||
allow netd net_data_file:dir rw_dir_perms;
|
||||
allow netd self:capability fowner;
|
||||
|
||||
# Allow netd to spawn dnsmasq in it's own domain
|
||||
domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
|
||||
|
Loading…
Reference in New Issue
Block a user