From cf6b350a32ea65fa359981bd42ca0324547e2784 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 11 Dec 2013 11:20:20 -0800
Subject: [PATCH] Allow apps to execute ping

Addresses the following denials:

<5>[  170.166218] type=1400 audit(1386789488.029:57): avc:  denied  { getattr } for  pid=4352 comm="sh" path="/system/bin/ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  170.166356] type=1400 audit(1386789488.029:58): avc:  denied  { execute } for  pid=4352 comm="sh" name="ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  170.166841] type=1400 audit(1386789488.029:59): avc:  denied  { read open } for  pid=4389 comm="sh" name="ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  170.166962] type=1400 audit(1386789488.029:60): avc:  denied  { execute_no_trans } for  pid=4389 comm="sh" path="/system/bin/ping" dev="mmcblk0p25" ino=182 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:ping_exec:s0 tclass=file

Change-Id: Ic175ef7392897a3941c36db67dfa59ded35204b5
---
 app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app.te b/app.te
index 090088f08..fe0b25072 100644
--- a/app.te
+++ b/app.te
@@ -59,6 +59,7 @@ allow appdomain system_data_file:file { execute execute_no_trans open };
 # Execute the shell or other system executables.
 allow appdomain shell_exec:file rx_file_perms;
 allow appdomain system_file:file rx_file_perms;
+allow appdomain ping_exec:file rx_file_perms;
 
 # Read/write wallpaper file (opened by system).
 allow appdomain wallpaper_file:file { read write };
-- 
GitLab