From 7cda86eb46021cff20a08dcde56c1a15291fa582 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Tue, 16 Jul 2013 09:45:39 -0700
Subject: [PATCH] Permit apps to bind TCP/UDP sockets to a hostname

Change-Id: Ided2cf793e94bb58529789c3075f8480c0d0cf4e
---
 untrusted_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index 989409449..c91543ed8 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -32,6 +32,9 @@ allow untrusted_app asec_apk_file:file r_file_perms;
 # Create tcp/udp sockets
 allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind;
 allow untrusted_app self:{ tcp_socket udp_socket } { create_socket_perms accept listen };
+# Bind to a particular hostname/address/interface (e.g., localhost) instead of
+# ANY. Normally, apps should not be listening on all interfaces.
+allow untrusted_app port:{ tcp_socket udp_socket } name_bind;
 
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
-- 
GitLab