Merge changes from topic 'ipsec-service'
* changes: Add IpSecService SEPolicy Update Common NetD SEPolicy to allow Netlink XFRM
This commit is contained in:
commit
328153893f
@ -66,6 +66,7 @@ iphonesubinfo2 u:object_r:radio_service:s0
|
|||||||
iphonesubinfo u:object_r:radio_service:s0
|
iphonesubinfo u:object_r:radio_service:s0
|
||||||
ims u:object_r:radio_service:s0
|
ims u:object_r:radio_service:s0
|
||||||
imms u:object_r:imms_service:s0
|
imms u:object_r:imms_service:s0
|
||||||
|
ipsec u:object_r:ipsec_service:s0
|
||||||
isms_msim u:object_r:radio_service:s0
|
isms_msim u:object_r:radio_service:s0
|
||||||
isms2 u:object_r:radio_service:s0
|
isms2 u:object_r:radio_service:s0
|
||||||
isms u:object_r:radio_service:s0
|
isms u:object_r:radio_service:s0
|
||||||
|
@ -80,6 +80,9 @@ allow netd netdomain:{
|
|||||||
} { read write getattr setattr getopt setopt };
|
} { read write getattr setattr getopt setopt };
|
||||||
allow netd netdomain:fd use;
|
allow netd netdomain:fd use;
|
||||||
|
|
||||||
|
# give netd permission to read and write netlink xfrm
|
||||||
|
allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
|
||||||
|
|
||||||
###
|
###
|
||||||
### Neverallow rules
|
### Neverallow rules
|
||||||
###
|
###
|
||||||
|
@ -79,6 +79,7 @@ type hdmi_control_service, system_api_service, system_server_service, service_ma
|
|||||||
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
|
type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
|
||||||
|
Loading…
Reference in New Issue
Block a user