diff options
author | Nick Kralevich <nnk@google.com> | 2013-11-18 12:03:31 -0800 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2013-11-18 12:03:31 -0800 |
commit | 2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7 (patch) | |
tree | 65e87f371c7be841a5f79b26311d419cc6e735dc | |
parent | 24fb24f7ea1bf74bc1234394b81955e0aab6943f (diff) | |
parent | 2b939e8cabab28db2d7e2015ecab59e1cbdbc442 (diff) | |
download | sepolicy-2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7.tar.gz |
am 2b939e8c: Merge "Confine ping, but leave it permissive for now."
* commit '2b939e8cabab28db2d7e2015ecab59e1cbdbc442':
Confine ping, but leave it permissive for now.
-rw-r--r-- | ping.te | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -1,4 +1,13 @@ type ping, domain; +permissive ping; type ping_exec, exec_type, file_type; domain_auto_trans(shell, ping_exec, ping) -unconfined_domain(ping) + +allow ping self:capability net_raw; +allow ping self:rawip_socket create_socket_perms; +allow ping self:udp_socket create_socket_perms; +allow ping node:rawip_socket node_bind; +allow ping dnsproxyd_socket:sock_file write; +allow ping netd:unix_stream_socket connectto; +allow ping devpts:chr_file rw_file_perms; +allow ping shell:fd use; |