Allow getsockopt and setsockopt for Encap Sockets

am: ea4eaaf1

Change-Id: I1b1be4cfd4a4c35ffc3e085bebf386a7aefc4fc2

private/app.te

@@ -3,5 +3,5 @@
 allow appdomain zygote_tmpfs:file read;
 
 neverallow appdomain system_server:udp_socket {
-        accept append bind create getopt ioctl listen lock name_bind
-        relabelfrom relabelto setattr setopt shutdown };
+        accept append bind create ioctl listen lock name_bind
+        relabelfrom relabelto setattr shutdown };

private/ephemeral_app.te

@@ -43,7 +43,8 @@ unix_socket_connect(ephemeral_app, traced_producer, traced)
 
 # allow ephemeral apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-allow ephemeral_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow ephemeral_app system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
 
 ###
 ### neverallow rules

private/platform_app.te

@@ -71,7 +71,8 @@ read_runtime_log_tags(platform_app)
 
 # allow platform apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-allow platform_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow platform_app system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
 
 ###
 ### Neverallow rules

private/priv_app.te

@@ -150,7 +150,8 @@ dontaudit priv_app net_dns_prop:file read;
 
 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-allow priv_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow priv_app system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
 
 ###
 ### neverallow rules

private/system_app.te

@@ -116,7 +116,8 @@ get_prop(system_app, device_logging_prop)
 
 # allow system apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-allow system_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow system_app system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
 
 ###
 ### Neverallow rules

private/untrusted_app_all.te

@@ -123,7 +123,8 @@ unix_socket_connect(untrusted_app_all, traced_producer, traced)
 
 # allow untrusted apps to use UDP sockets provided by the system server but not
 # modify them other than to connect
-allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow untrusted_app_all system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
 
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm