init: add "+passcred" for socket to set SO_PASSCRED
In the init scripts for socket, the type can have a suffix of "+cred" to request that the socket be bound to report SO_PASSCRED credentials on socket transactions. Here we add socket setopt to selinux rules. Test: gTest logd-unit-tests --gtest_filter=logd.statistics right after boot (fails without logd.rc change) Bug: 37985222 Change-Id: I37cdf7eea93c3e8fa52964e765eaf3007e431b1f
This commit is contained in:
parent
bf030965f9
commit
5045773a14
@ -311,8 +311,8 @@ selinux_check_access(init)
|
||||
allow init kernel:security compute_create;
|
||||
|
||||
# Create sockets for the services.
|
||||
allow init domain:unix_stream_socket { create bind };
|
||||
allow init domain:unix_dgram_socket { create bind };
|
||||
allow init domain:unix_stream_socket { create bind setopt };
|
||||
allow init domain:unix_dgram_socket { create bind setopt };
|
||||
|
||||
# Create /data/property and files within it.
|
||||
allow init property_data_file:dir create_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user