From b38e2790944d028a81089ec088ded54f269aa1f2 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 15 Feb 2016 17:16:06 +0900
Subject: [PATCH] Allow netd to use NETLINK_SOCK_DIAG.

This is needed to kill sockets using the new SOCK_DESTROY
operation instead of using SIOCKILLADDR.

Bug: 26976388
Change-Id: I01a63a754726a0e9fb68be48b76df4dc47752edb
---
 netd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netd.te b/netd.te
index 0f4e89194..2c0fb15ce 100644
--- a/netd.te
+++ b/netd.te
@@ -18,6 +18,7 @@ allow netd self:netlink_kobject_uevent_socket create_socket_perms;
 allow netd self:netlink_route_socket nlmsg_write;
 allow netd self:netlink_nflog_socket create_socket_perms;
 allow netd self:netlink_socket create_socket_perms;
+allow netd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
-- 
GitLab