init: add "+passcred" for socket to set SO_PASSCRED

In the init scripts for socket, the type can have a suffix of "+cred" to request that the socket be bound to report SO_PASSCRED credentials on socket transactions. Here we add socket setopt to selinux rules. Test: gTest logd-unit-tests --gtest_filter=logd.statistics right after boot (fails without logd.rc change) Bug: 37985222 Change-Id: I37cdf7eea93c3e8fa52964e765eaf3007e431b1f

init: add "+passcred" for socket to set SO_PASSCRED
5045773a · Mark Salyzyn · bf030965 · 5045773a
Commit 5045773a authored 7 years ago by Mark Salyzyn
--- a/public/init.te
+++ b/public/init.te
@@ -311,8 +311,8 @@ selinux_check_access(init)
 allow init kernel:security compute_create;

 # Create sockets for the services.
-allow init domain:unix_stream_socket { create bind };
-allow init domain:unix_dgram_socket { create bind };
+allow init domain:unix_stream_socket { create bind setopt };
+allow init domain:unix_dgram_socket { create bind setopt };

 # Create /data/property and files within it.
 allow init property_data_file:dir create_dir_perms;