Allow netd to read the /dev/xt_qtaguid

After move qtaguid control interface into netd. Netd need to open the xt_qtaguid resource tracking misc dev to make sure xt_qtaguid module is successfully initialized before taking action. This selinux rule change allows netd to do so and it is the same privilege normal apps currently have. Test: No more selinux denials on netd access qtaguid_device Bug: 30950746 Change-Id: I79a98bbda3f3fdb85140a06a7532cdcc4354c518

Allow netd to read the /dev/xt_qtaguid
cc781f76 · Chenbo Feng · 185941aa · cc781f76
Commit cc781f76 authored 7 years ago by Chenbo Feng
--- a/public/netd.te
+++ b/public/netd.te
@@ -37,6 +37,8 @@ allow netd system_file:file lock;
 # TODO: Add proper rules to prevent other process to access qtaguid_proc file after migration
 #       complete
 allow netd qtaguid_proc:file rw_file_perms;
+# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
+allow netd qtaguid_device:chr_file r_file_perms;

 r_dir_file(netd, proc_net)
 # For /proc/sys/net/ipv[46]/route/flush.