Allow netd to read the /dev/xt_qtaguid
After move qtaguid control interface into netd. Netd need to open the xt_qtaguid resource tracking misc dev to make sure xt_qtaguid module is successfully initialized before taking action. This selinux rule change allows netd to do so and it is the same privilege normal apps currently have. Test: No more selinux denials on netd access qtaguid_device Bug: 30950746 Change-Id: I79a98bbda3f3fdb85140a06a7532cdcc4354c518
This commit is contained in:
parent
185941aaff
commit
cc781f76c9
@ -37,6 +37,8 @@ allow netd system_file:file lock;
|
|||||||
# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
|
# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
|
||||||
# complete
|
# complete
|
||||||
allow netd qtaguid_proc:file rw_file_perms;
|
allow netd qtaguid_proc:file rw_file_perms;
|
||||||
|
# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
|
||||||
|
allow netd qtaguid_device:chr_file r_file_perms;
|
||||||
|
|
||||||
r_dir_file(netd, proc_net)
|
r_dir_file(netd, proc_net)
|
||||||
# For /proc/sys/net/ipv[46]/route/flush.
|
# For /proc/sys/net/ipv[46]/route/flush.
|
||||||
|
Loading…
Reference in New Issue
Block a user