From 65edb75d530058ec3c8cb86d6d3e28f9394740ba Mon Sep 17 00:00:00 2001
From: Sreeram Ramachandran <sreeram@google.com>
Date: Mon, 7 Jul 2014 22:04:57 -0700
Subject: [PATCH] Allow netd to create data files in /data/misc/net/.

This will be used to populate rt_tables (a mapping from routing table numbers to
table names) that's read by the iproute2 utilities.

Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de
---
 file.te       | 1 +
 file_contexts | 1 +
 netd.te       | 4 ++++
 3 files changed, 6 insertions(+)

diff --git a/file.te b/file.te
index 18bafa41c..eb7cb9047 100644
--- a/file.te
+++ b/file.te
@@ -78,6 +78,7 @@ type camera_data_file, file_type, data_file_type;
 type keystore_data_file, file_type, data_file_type;
 type media_data_file, file_type, data_file_type;
 type media_rw_data_file, file_type, data_file_type;
+type net_data_file, file_type, data_file_type;
 type nfc_data_file, file_type, data_file_type;
 type radio_data_file, file_type, data_file_type;
 type shared_relro_file, file_type, data_file_type;
diff --git a/file_contexts b/file_contexts
index 5cc65972e..57fc1f2f9 100644
--- a/file_contexts
+++ b/file_contexts
@@ -202,6 +202,7 @@
 /data/misc/dhcp(/.*)?           u:object_r:dhcp_data_file:s0
 /data/misc/keystore(/.*)?       u:object_r:keystore_data_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
+/data/misc/net(/.*)?            u:object_r:net_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
diff --git a/netd.te b/netd.te
index b7c30eb15..81275a77a 100644
--- a/netd.te
+++ b/netd.te
@@ -46,6 +46,10 @@ allow netd self:capability { dac_override chown fowner };
 allow netd wifi_data_file:file create_file_perms;
 allow netd wifi_data_file:dir rw_dir_perms;
 
+# Needed to update /data/misc/net/rt_tables
+allow netd net_data_file:file create_file_perms;
+allow netd net_data_file:dir rw_dir_perms;
+
 # Allow netd to spawn hostapd in it's own domain
 domain_auto_trans(netd, hostapd_exec, hostapd)
 allow netd hostapd:process signal;
-- 
GitLab