Skip to content
Snippets Groups Projects
Commit f6bf7ef7 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

Allow dumpstate to use ping. 

Addreseses the following denials:

<5>[  695.383994] type=1400 audit(1387403898.292:55): avc:  denied  { execute } for  pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.384727] type=1400 audit(1387403898.292:56): avc:  denied  { read open } for  pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.385418] type=1400 audit(1387403898.292:57): avc:  denied  { execute_no_trans } for  pid=5187 comm="dumpstate" path="/system/bin/ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.391978] type=1400 audit(1387403898.302:58): avc:  denied  { create } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.393193] type=1400 audit(1387403898.302:59): avc:  denied  { setopt } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.393753] type=1400 audit(1387403898.302:60): avc:  denied  { getopt } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.394886] type=1400 audit(1387403898.302:61): avc:  denied  { write } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.400693] type=1400 audit(1387403898.312:62): avc:  denied  { read } for  pid=5187 comm="ping" lport=4 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket

Change-Id: If9a790725ec0ba1ca6cb5c9a8ed85288580940e8
parent b63e485b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
ping.te
+ 4
0
View file @ f6bf7ef7
type ping, domain; type ping, domain;
type ping_exec, exec_type, file_type; type ping_exec, exec_type, file_type;
domain_auto_trans(shell, ping_exec, ping) domain_auto_trans(shell, ping_exec, ping)
domain_auto_trans(dumpstate, ping_exec, ping)
allow ping self:capability net_raw; allow ping self:capability net_raw;
allow ping self:rawip_socket create_socket_perms; allow ping self:rawip_socket create_socket_perms;
...@@ -10,3 +11,6 @@ allow ping dnsproxyd_socket:sock_file write; ...@@ -10,3 +11,6 @@ allow ping dnsproxyd_socket:sock_file write;
allow ping netd:unix_stream_socket connectto; allow ping netd:unix_stream_socket connectto;
allow ping devpts:chr_file rw_file_perms; allow ping devpts:chr_file rw_file_perms;
allow ping shell:fd use; allow ping shell:fd use;
allow ping dumpstate:fd use;
allow ping dumpstate:unix_stream_socket { read write };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment