From 59078a940d72aef9f9e3f1e15f828cc44a101e3b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 12 Nov 2013 20:54:20 -0800
Subject: [PATCH] netd: allow tcp connections.

DNS can use TCP connections, in addition to UDP connections.
Allow TCP connections.

Addresses the following denial:

[ 1831.586826] type=1400 audit(1384129166.563:173): avc:  denied  { create } for  pid=11406 comm="netd" scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=tcp_socket

Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Bug: 11097631

(cherry picked from commit 36a5d109e6953c63d2a865eab4c4d021aa52250b)

Change-Id: Id2e383e1c74a26ef7e56499a33bf2b06b869c12b
---
 netd.te | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/netd.te b/netd.te
index 0cd087246..7466ed100 100644
--- a/netd.te
+++ b/netd.te
@@ -8,9 +8,9 @@ allow netd self:netlink_kobject_uevent_socket *;
 allow netd self:netlink_route_socket *;
 allow netd self:netlink_nflog_socket *;
 allow netd self:rawip_socket *;
-allow netd self:udp_socket *;
-allow netd node:udp_socket node_bind;
-allow netd port:udp_socket name_bind;
+allow netd self:{ tcp_socket udp_socket } *;
+allow netd node:{ tcp_socket udp_socket } node_bind;
+allow netd port:{ tcp_socket udp_socket } name_bind;
 allow netd self:unix_stream_socket *;
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
-- 
GitLab