From 997461bda5aaedeabf48021e3291293e48501ef7 Mon Sep 17 00:00:00 2001
From: Sreeram Ramachandran <sreeram@google.com>
Date: Mon, 28 Jul 2014 15:13:34 -0700
Subject: [PATCH] Allow system_server to talk to netlink directly.

This is needed for http://ag/512212 to work.

Bug: 15409819
Change-Id: If91fc6891d7ce04060362c6cde8c57462394c4e8
---
 system_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/system_server.te b/system_server.te
index d7453ad2f..e6167f1d3 100644
--- a/system_server.te
+++ b/system_server.te
@@ -70,6 +70,9 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;
 
+# Set and get routes directly via netlink.
+allow system_server self:netlink_route_socket nlmsg_write;
+
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };
 
-- 
GitLab