From c4d7c0d797a9ef48df1d581578a8f84f9a45aac7 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 17 Dec 2013 12:21:17 -0800
Subject: [PATCH] system_server.te: allow getopt/getattr on zygote socket

In 61dc35072090f2735af2b39572e39eadb30573eb, I forgot to allow
system_server to run getopt/getattr on the zygote socket.

Bug: 12061011
Change-Id: I14f8fc98c1b08dfd3c2188d562e594547dba69e6
---
 system_server.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/system_server.te b/system_server.te
index 2afafa6e1..0b1ec45b7 100644
--- a/system_server.te
+++ b/system_server.te
@@ -13,6 +13,10 @@ allow system_server zygote:fd use;
 allow system_server zygote:process sigchld;
 allow system_server zygote_tmpfs:file read;
 
+# Needed to close the zygote socket, which involves getopt / getattr
+# This should be deleted after b/12061011 is fixed
+allow system_server zygote:unix_stream_socket { getopt getattr };
+
 # system server gets network and bluetooth permissions.
 net_domain(system_server)
 bluetooth_domain(system_server)
-- 
GitLab