am 2b939e8c: Merge "Confine ping, but leave it permissive for now."

* commit '2b939e8cabab28db2d7e2015ecab59e1cbdbc442': Confine ping, but leave it permissive for now.
author: Nick Kralevich <nnk@google.com> 2013-11-18 12:03:31 -0800
committer: Android Git Automerger <android-git-automerger@android.com> 2013-11-18 12:03:31 -0800
commit: 2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7 (patch)
tree: 65e87f371c7be841a5f79b26311d419cc6e735dc
parent: 24fb24f7ea1bf74bc1234394b81955e0aab6943f (diff)
parent: 2b939e8cabab28db2d7e2015ecab59e1cbdbc442 (diff)
download: sepolicy-2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/ping.te b/ping.te
index 37b9b3c..9adf079 100644
--- a/ping.te
+++ b/ping.te
@@ -1,4 +1,13 @@
 type ping, domain;
+permissive ping;
 type ping_exec, exec_type, file_type;
 domain_auto_trans(shell, ping_exec, ping)
-unconfined_domain(ping)
+
+allow ping self:capability net_raw;
+allow ping self:rawip_socket create_socket_perms;
+allow ping self:udp_socket create_socket_perms;
+allow ping node:rawip_socket node_bind;
+allow ping dnsproxyd_socket:sock_file write;
+allow ping netd:unix_stream_socket connectto;
+allow ping devpts:chr_file rw_file_perms;
+allow ping shell:fd use;
author	Nick Kralevich <nnk@google.com>	2013-11-18 12:03:31 -0800
committer	Android Git Automerger <android-git-automerger@android.com>	2013-11-18 12:03:31 -0800
commit	2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7 (patch)
tree	65e87f371c7be841a5f79b26311d419cc6e735dc
parent	24fb24f7ea1bf74bc1234394b81955e0aab6943f (diff)
parent	2b939e8cabab28db2d7e2015ecab59e1cbdbc442 (diff)
download	sepolicy-2c8eef873e55da42e5c5c2d00412ce80c7f3f0a7.tar.gz