From 28029706cf52beef94cb42b37602cca91cd3f021 Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Fri, 9 Sep 2016 12:51:42 -0700
Subject: [PATCH] Add back fowner capability to netd

This addresses error messages like:

11-30 18:00:15.196  6917  6917 W Binder:6596_2: type=1400 audit(0.0:46):
avc: denied { fowner } for capability=3 scontext=u:r:netd:s0
tcontext=u:r:netd:s0 tclass=capability permissive=0

11-30 18:00:15.200  6596  6917 E /system/bin/netd:
android::WriteStringToFile fchmod failed: Operation not permitted

11-30 18:00:15.200  6596  6917 E Netd    : failed to write to
/data/misc/net/rt_tables (Operation not permitted)

Bug: 31147892
Change-Id: Id11704f8e2b8c08db92de374ed44913b70d6ae66
---
 netd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netd.te b/netd.te
index 976c43d9e..f3605315e 100644
--- a/netd.te
+++ b/netd.te
@@ -49,6 +49,7 @@ allow netd self:capability { dac_override chown };
 # Needed to update /data/misc/net/rt_tables
 allow netd net_data_file:file create_file_perms;
 allow netd net_data_file:dir rw_dir_perms;
+allow netd self:capability fowner;
 
 # Allow netd to spawn dnsmasq in it's own domain
 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
-- 
GitLab