From 5251ad1aa69fa77a8e56582666994dbca1830c53 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 27 Feb 2017 09:21:11 -0800
Subject: [PATCH] netd.te: drop dccp_socket support

No SELinux domains can create dccp_socket instances, so it doesn't make
any sense to allow netd to minipulate already-open dccp sockets.

Bug: 35784697
Test: policy compiles.
Change-Id: I189844462cbab58ed58c24fbad6a392f6b035815
---
 public/netd.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/public/netd.te b/public/netd.te
index df1820361..81f4af42b 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -72,7 +72,12 @@ allow netd permission_service:service_manager find;
 allow netd netd_listener_service:service_manager find;
 
 # Allow netd to operate on sockets that are passed to it.
-allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
+allow netd netdomain:{
+  tcp_socket
+  udp_socket
+  rawip_socket
+  tun_socket
+} { read write getattr setattr getopt setopt };
 allow netd netdomain:fd use;
 
 ###
-- 
GitLab