am b32448c9: Merge "Allow clatd to read from packet sockets and write to raw sockets"

* commit 'b32448c9': Allow clatd to read from packet sockets and write to raw sockets

am b32448c9: Merge "Allow clatd to read from packet sockets and write to raw sockets"
fb635166 · Lorenzo Colitti · Android Git Automerger · 65ad8086 · b32448c9 · fb635166
Commit fb635166 authored 10 years ago by Lorenzo Colitti Committed by Android Git Automerger 10 years ago
--- a/clatd.te
+++ b/clatd.te
@@ -15,12 +15,12 @@ allow clatd netd:udp_socket { read write };
 allow clatd netd:unix_stream_socket { read write };
 allow clatd netd:unix_dgram_socket { read write };
-allow clatd self:capability { net_admin setuid setgid };
+allow clatd self:capability { net_admin net_raw setuid setgid };
 # TODO: Run clatd in vpn group to avoid need for this on /dev/tun.
 allow clatd self:capability dac_override;
 allow clatd self:netlink_route_socket nlmsg_write;
-allow clatd self:tun_socket create_socket_perms;
+allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms;
 allow clatd tun_device:chr_file rw_file_perms;
 allow clatd proc_net:file rw_file_perms;;