Update Common NetD SEPolicy to allow Netlink XFRM
In order to perform XFRM operations NetD needs the ability to both read and write Netlink XFRM messages. Bug: 34811756 Test: 34812052 Change-Id: I26831c58b24a4c1f344b113f0b5cf47ed2c93fee
This commit is contained in:
parent
63211f8da2
commit
7eb3dd3b02
@ -80,6 +80,9 @@ allow netd netdomain:{
|
||||
} { read write getattr setattr getopt setopt };
|
||||
allow netd netdomain:fd use;
|
||||
|
||||
# give netd permission to read and write netlink xfrm
|
||||
allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
Loading…
Reference in New Issue
Block a user