From 6261dea31208807a3bde410f104f550dc44c94eb Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 11 Dec 2014 11:45:51 -0500
Subject: [PATCH] Allow fcntl F_SETLK on sockets.

Addresses denials such as:
type=1400 : avc: denied { lock } for comm="PushCheckSendS" path="socket:[1834573]" dev="sockfs" ino=X scontext=u:r:untrusted_app:s0 tcontext=u:r:untrusted_app:s0 tclass=tcp_socket

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

(cherry picked from commit 2c75918505a975eb77e286b5379075892ddf1f8c)

Bug: 18730521
Change-Id: Ie68955c26ddedb3acd7b7aa18afbf8b35c2c2f78
---
 global_macros | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/global_macros b/global_macros
index b4a934d6e..62d59345f 100644
--- a/global_macros
+++ b/global_macros
@@ -41,7 +41,7 @@ define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }')
 
 #####################################
 # Common socket permission sets.
-define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }')
+define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown }')
 define(`create_socket_perms', `{ create rw_socket_perms }')
 define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
 define(`create_stream_socket_perms', `{ create rw_stream_socket_perms }')
-- 
GitLab