system_server: allow handling app generated unix_stream_sockets

Allow system server to handle already open app unix_stream_sockets. This is needed to support system_server receiving a socket created using socketpair(AF_UNIX, SOCK_STREAM) and socketpair(AF_UNIX, SOCK_SEQPACKET). Needed for future Android functionality. Addresses the following denial: type=1400 audit(0.0:9): avc: denied { read write } for path="socket:[14911]" dev="sockfs" ino=14911 scontext=u:r:system_server:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=unix_stream_socket permissive=0 Bug: 19648474 Change-Id: I4644e318aa74ada4d98b7f49a41d13a9b9584f39

system_server: allow handling app generated unix_stream_sockets
0560e75e · Nick Kralevich · 0d0d5aa9 · 0560e75e
Commit 0560e75e authored 10 years ago by Nick Kralevich
--- a/system_server.te
+++ b/system_server.te
@@ -313,7 +313,7 @@ allow system_server gps_control:file rw_file_perms;

 # Allow system_server to use app-created sockets and pipes.
 allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown };
-allow system_server appdomain:fifo_file { getattr read write };
+allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write };

 # Allow abstract socket connection
 allow system_server rild:unix_stream_socket connectto;