Add permission for NetworkStack updatability
NetworkStack will need to use netlink_tcpdiag_socket to get tcp info. In order to support updatability for NetworkStack as it's a mainline module, get the information from kernel directly to reduce the dependecy with framework. Test: Build and test if NetworkStack can get the tcp_info without SEPolicy exception Bug: 136162280 Change-Id: I8f584f27d5ece5e97090fb5fafe8c70c5cbbe123
This commit is contained in:
parent
0c8a90693a
commit
e063585bbf
@ -67,3 +67,6 @@ allow network_stack debugfs_wifi_tracing:file rw_file_perms;
|
||||
# dumpstate support
|
||||
allow network_stack dumpstate:fd use;
|
||||
allow network_stack dumpstate:fifo_file write;
|
||||
|
||||
# Create/use netlink_tcpdiag_socket to get tcp info
|
||||
allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
|
||||
|
@ -390,7 +390,7 @@ neverallow { appdomain -bluetooth } hci_attach_dev:chr_file
|
||||
neverallow appdomain tee_device:chr_file { read write };
|
||||
|
||||
# Privileged netlink socket interfaces.
|
||||
neverallow appdomain
|
||||
neverallow { appdomain -network_stack }
|
||||
domain:{
|
||||
netlink_tcpdiag_socket
|
||||
netlink_nflog_socket
|
||||
|
Loading…
Reference in New Issue
Block a user