From 33bf053826e38b4ea666a41d9f89512f7e950451 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Tue, 16 Dec 2014 13:08:16 -0800
Subject: [PATCH] Rules to let netd read packets from NFLOG target.

avc: denied { create } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { setopt } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { bind } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { getopt } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { write } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { read } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1

Bug: 18335678
Change-Id: I7c03d55b4719d0fd8057507bf8ac1cf573e4744a
---
 netd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netd.te b/netd.te
index 611ec76d7..96d485ace 100644
--- a/netd.te
+++ b/netd.te
@@ -18,6 +18,7 @@ allow netd self:capability { net_admin net_raw kill };
 allow netd self:netlink_kobject_uevent_socket create_socket_perms;
 allow netd self:netlink_route_socket nlmsg_write;
 allow netd self:netlink_nflog_socket create_socket_perms;
+allow netd self:netlink_socket create_socket_perms;
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
-- 
GitLab