From 71d6ddc3ca6d5431903365706916a7ef514ce2a4 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 14 Apr 2016 00:14:58 +0900
Subject: [PATCH] selinux changes for DNS metrics.

1. Allow the system server to create the dns_listener service.
2. Allow netd to use said service.

Change-Id: Ic6394d7b2bdebf1c4d6cf70a79754a4996e943e2
---
 netd.te          | 3 +++
 service.te       | 1 +
 service_contexts | 1 +
 3 files changed, 5 insertions(+)

diff --git a/netd.te b/netd.te
index 51445fca9..6864ad6e7 100644
--- a/netd.te
+++ b/netd.te
@@ -65,6 +65,9 @@ allow netd netd_service:service_manager add;
 allow netd system_server:binder call;
 allow netd permission_service:service_manager find;
 
+# Allow netd to talk to the framework service which collects DNS query metrics.
+allow netd dns_listener_service:service_manager find;
+
 # Allow netd to operate on sockets that are passed to it.
 allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
 allow netd netdomain:fd use;
diff --git a/service.te b/service.te
index bd6ab38b0..0005e619d 100644
--- a/service.te
+++ b/service.te
@@ -49,6 +49,7 @@ type deviceidle_service, app_api_service, system_server_service, service_manager
 type devicestoragemonitor_service, system_server_service, service_manager_type;
 type diskstats_service, system_api_service, system_server_service, service_manager_type;
 type display_service, app_api_service, system_server_service, service_manager_type;
+type dns_listener_service, system_server_service, service_manager_type;
 type DockObserver_service, system_server_service, service_manager_type;
 type dreams_service, app_api_service, system_server_service, service_manager_type;
 type dropbox_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index 288ff901e..11c073615 100644
--- a/service_contexts
+++ b/service_contexts
@@ -34,6 +34,7 @@ devicestoragemonitor                      u:object_r:devicestoragemonitor_servic
 diskstats                                 u:object_r:diskstats_service:s0
 display.qservice                          u:object_r:surfaceflinger_service:s0
 display                                   u:object_r:display_service:s0
+dns_listener                              u:object_r:dns_listener_service:s0
 DockObserver                              u:object_r:DockObserver_service:s0
 dreams                                    u:object_r:dreams_service:s0
 drm.drmManager                            u:object_r:drmserver_service:s0
-- 
GitLab