racoon: allow setting options on tun interface

Fixes failure in VPN connection avc: denied { ioctl } for pid=2870 comm="ip-up-vpn" ioctlcmd=8914 scontext=u:r:racoon:s0 tcontext=u:r:racoon:s0 tclass=udp_socket avc: denied { ioctl } for pid=2870 comm="ip-up-vpn" ioctlcmd=8916 scontext=u:r:racoon:s0 tcontext=u:r:racoon:s0 tclass=udp_socket Test: VPN works Bug: 32011648 Change-Id: I28c4dc7ffbf7e35ef582176674c4e9764719a2a9

racoon: allow setting options on tun interface
d063d230 · Jeff Vander Stoep · 06cf31eb · d063d230
Commit d063d230 authored 8 years ago by Jeff Vander Stoep
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -5,6 +5,7 @@ type racoon_exec, exec_type, file_type;
 typeattribute racoon mlstrustedsubject;

 net_domain(racoon)
+allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR };

 binder_use(racoon)