From 515a76b8962ac25d5d2c2c62d330ccec03f7723a Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Fri, 14 Feb 2014 17:17:55 -0800
Subject: [PATCH] Allow dhcp rawip_socket permissions.

dhcpcd opens a raw ip socket in ipv6rs_open() to use ICMPv6.  This
facility should be available for all devices which have a need to
use it.

Addresses the following denials:
<5>[   42.699877] type=1400 audit(1392332560.306:8): avc:  denied  { create } for  pid=983 comm="dhcpcd" scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket
<5>[   42.699993] type=1400 audit(1392332560.306:9): avc:  denied  { setopt } for  pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket
<5>[   42.732208] type=1400 audit(1392332560.338:10): avc:  denied  { write } for  pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket

Bug: 12473306
Change-Id: Iee57a0cb4c2d2085a24d4b5fb23a5488f0fd3e03
---
 dhcp.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dhcp.te b/dhcp.te
index 785b20409..c930b0fec 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -10,6 +10,7 @@ allow dhcp cgroup:dir { create write add_name };
 allow dhcp self:capability { setgid setuid net_admin net_raw net_bind_service };
 allow dhcp self:packet_socket create_socket_perms;
 allow dhcp self:netlink_route_socket { create_socket_perms nlmsg_write };
+allow dhcp self:rawip_socket create_socket_perms;
 allow dhcp shell_exec:file rx_file_perms;
 allow dhcp system_file:file rx_file_perms;
 # For /proc/sys/net/ipv4/conf/*/promote_secondaries
-- 
GitLab