PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow dumpstate to access netlink_generic_socket

Browse Source 
avc: denied { create } for scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0
avc: denied { create } for comm="iotop" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_generic_socket permissive=0

Bug: 68040531
Change-Id: I24a8a094d1b5c493cc695e332c927972f99ae49c
This commit is contained in:
Jin Qian 2017-10-30 11:44:42 -07:00 committed by Nick Kralevich
parent 61dc5fb26c
commit 98e99fb49f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/dumpstate.te
View File

@ -263,6 +263,8 @@ allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_re
# Allow dumpstate to run iotop
allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
# newer kernels (e.g. 4.4) have a new class for sockets
allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
###
### neverallow rules