From 4caf8c997a30d214c8c2236cbe8a93e43e37699f Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 19 Sep 2013 15:09:38 -0400
Subject: [PATCH] Label /dev/socket/mdns with its own type.

Otherwise it gets left in the general device type, and we get denials such
as:
type=1400 msg=audit(1379617262.940:102): avc:  denied  { write } for  pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file

This of course only shows up if using a confined system_server.

Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 file.te       | 1 +
 file_contexts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/file.te b/file.te
index a9729cb1f..bc2b5b427 100644
--- a/file.te
+++ b/file.te
@@ -90,6 +90,7 @@ type dnsproxyd_socket, file_type, mlstrustedobject;
 type gps_socket, file_type;
 type installd_socket, file_type;
 type keystore_socket, file_type;
+type mdns_socket, file_type;
 type netd_socket, file_type;
 type property_socket, file_type;
 type qemud_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 3fe7d3f67..e128420cb 100644
--- a/file_contexts
+++ b/file_contexts
@@ -85,6 +85,7 @@
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/keystore	u:object_r:keystore_socket:s0
+/dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/netd	u:object_r:netd_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
 /dev/socket/qemud	u:object_r:qemud_socket:s0
-- 
GitLab