sepolicy: allow netd to write to qtaguid file

Since all qtaguid related userspace implementation are moved into netd and will use netd to choose which module to run at run time. Netd module should be the only process can directly read/write to the ctrl file of qtaguid located at /proc/net/xt_qtaguid/ctrl. This sepolicy change grant netd the privilege to access qtaguid proc files. It also grant netd the permission to control trigger to turn on and off qtaguid module by write parameters to files under sys_fs. The file and directory related is properly labled. Bug: 68774956 Bug: 30950746 Test: qtaguid function still working after the native function is redirected. Change-Id: Ia6db6f16ecbf8c58f631c79c9b4893ecf2cc607b

sepolicy: allow netd to write to qtaguid file
185941aa · Chenbo Feng · aa93dad6 · 185941aa
Commit 185941aa authored 7 years ago by Chenbo Feng
--- a/public/netd.te
+++ b/public/netd.te
@@ -33,6 +33,11 @@ allow netd devpts:chr_file rw_file_perms;
 # Acquire advisory lock on /system/etc/xtables.lock
 allow netd system_file:file lock;

+# Allow netd to write to qtaguid ctrl file. This is the same privilege level that normal apps have
+# TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
+#       complete
+allow netd qtaguid_proc:file rw_file_perms;
+
 r_dir_file(netd, proc_net)
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file rw_file_perms;