From 5045773a145053c5b9442804a2b73edfaede0e8a Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Mon, 8 May 2017 08:14:28 -0700
Subject: [PATCH] init: add "+passcred" for socket to set SO_PASSCRED

In the init scripts for socket, the type can have a suffix of
"+cred" to request that the socket be bound to report SO_PASSCRED
credentials on socket transactions.  Here we add socket setopt
to selinux rules.

Test: gTest logd-unit-tests --gtest_filter=logd.statistics right after boot
      (fails without logd.rc change)
Bug: 37985222
Change-Id: I37cdf7eea93c3e8fa52964e765eaf3007e431b1f
---
 public/init.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/init.te b/public/init.te
index f81f85e3c..4571c491a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -311,8 +311,8 @@ selinux_check_access(init)
 allow init kernel:security compute_create;
 
 # Create sockets for the services.
-allow init domain:unix_stream_socket { create bind };
-allow init domain:unix_dgram_socket { create bind };
+allow init domain:unix_stream_socket { create bind setopt };
+allow init domain:unix_dgram_socket { create bind setopt };
 
 # Create /data/property and files within it.
 allow init property_data_file:dir create_dir_perms;
-- 
GitLab