Skip to content
Snippets Groups Projects
Commit 91ebcf33 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

netd: allow tcp_socket name_connect 

The patch in 36a5d109 wasn't
sufficient to address DNS over TCP. We also need to allow
name_connect.

Fixes the following denial:

<5>[   82.120746] type=1400 audit(1830030.349:5): avc:  denied  { name_connect } for  pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket

Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Bug: 11097631

Change-Id: I688d6923b78782e2183a9d69b7e74f95d6e3f893
parent 36a5d109
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
netd.te
+ 1
0
View file @ 91ebcf33
...@@ -11,6 +11,7 @@ allow netd self:rawip_socket *; ...@@ -11,6 +11,7 @@ allow netd self:rawip_socket *;
allow netd self:{ tcp_socket udp_socket } *; allow netd self:{ tcp_socket udp_socket } *;
allow netd node:{ tcp_socket udp_socket } node_bind; allow netd node:{ tcp_socket udp_socket } node_bind;
allow netd port:{ tcp_socket udp_socket } name_bind; allow netd port:{ tcp_socket udp_socket } name_bind;
allow netd port:tcp_socket name_connect;
allow netd self:unix_stream_socket *; allow netd self:unix_stream_socket *;
allow netd shell_exec:file rx_file_perms; allow netd shell_exec:file rx_file_perms;
allow netd system_file:file x_file_perms; allow netd system_file:file x_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment