netd: allow tcp_socket name_connect
The patch in 36a5d109e6
wasn't
sufficient to address DNS over TCP. We also need to allow
name_connect.
Fixes the following denial:
<5>[ 82.120746] type=1400 audit(1830030.349:5): avc: denied { name_connect } for pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket
Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Bug: 11097631
Change-Id: I688d6923b78782e2183a9d69b7e74f95d6e3f893
This commit is contained in:
parent
36a5d109e6
commit
91ebcf3332
1
netd.te
1
netd.te
@ -11,6 +11,7 @@ allow netd self:rawip_socket *;
|
||||
allow netd self:{ tcp_socket udp_socket } *;
|
||||
allow netd node:{ tcp_socket udp_socket } node_bind;
|
||||
allow netd port:{ tcp_socket udp_socket } name_bind;
|
||||
allow netd port:tcp_socket name_connect;
|
||||
allow netd self:unix_stream_socket *;
|
||||
allow netd shell_exec:file rx_file_perms;
|
||||
allow netd system_file:file x_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user