Fix clatd, broken by selinux policing /dev/tun

Bug: 10175701 Change-Id: I185df22bdbaafd56725760ec6c71340b67455046

Fix clatd, broken by selinux policing /dev/tun
ab7dfabb · Lorenzo Colitti · 32c0dbd2 · ab7dfabb · ab7dfabb · ab7dfabb
Commit ab7dfabb authored 11 years ago by Lorenzo Colitti
--- a/clatd.te
+++ b/clatd.te
+# 464xlat daemon
+type clatd, domain;
+permissive clatd;
+type clatd_exec, exec_type, file_type;
+
+init_daemon_domain(clatd)
+net_domain(clatd)
+unconfined_domain(clatd)
--- a/file_contexts
+++ b/file_contexts
@@ -151,6 +151,7 @@
 /system/bin/ping    u:object_r:ping_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
+/system/bin/clatd	u:object_r:clatd_exec:s0
 #############################
 # Vendor files
 #

--- a/netd.te
+++ b/netd.te
@@ -47,6 +47,10 @@ allow netd hostapd:process signal;
 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
 allow netd dnsmasq:process signal;

+# Allow netd to start clatd in its own domain
+domain_auto_trans(netd, clatd_exec, clatd)
+allow netd clatd:process signal;
+
 # Support netd running mdnsd
 # TODO: prune this back further
 allow netd ctl_default_prop:property_service set;