am 48dae29f: Merge "Allow system_server to bind ping sockets." into mnc-dr-dev

* commit '48dae29f9a046b328b49abd2073e134d7c29b274': Allow system_server to bind ping sockets.
author: Lorenzo Colitti <lorenzo@google.com> 2015-09-15 02:46:31 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-09-15 02:46:31 +0000
commit: f5d828d4f901172c4a4477f332330256a48ed70c (patch)
tree: 4c359ae1595c7e90acfe6992732927884d9b3fb0
parent: 887fd5d1d148a84991998c0f7654d108072d6084 (diff)
parent: 48dae29f9a046b328b49abd2073e134d7c29b274 (diff)
download: sepolicy-f5d828d4f901172c4a4477f332330256a48ed70c.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te
index 0b18eb4..c9d8f3b 100644
--- a/system_server.te
+++ b/system_server.te
@@ -101,9 +101,13 @@ allow system_server proc_sysrq:file rw_file_perms;
 # Read /sys/kernel/debug/wakeup_sources.
 allow system_server debugfs:file r_file_perms;
 
-# WifiWatchdog uses a packet_socket
+# The DhcpClient and WifiWatchdog use packet_sockets
 allow system_server self:packet_socket create_socket_perms;
 
+# NetworkDiagnostics requires explicit bind() calls to ping sockets. These aren't actually the same
+# as raw sockets, but the kernel doesn't yet distinguish between the two.
+allow system_server node:rawip_socket node_bind;
+
 # 3rd party VPN clients require a tun_socket to be created
 allow system_server self:tun_socket create_socket_perms;
author	Lorenzo Colitti <lorenzo@google.com>	2015-09-15 02:46:31 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-09-15 02:46:31 +0000
commit	f5d828d4f901172c4a4477f332330256a48ed70c (patch)
tree	4c359ae1595c7e90acfe6992732927884d9b3fb0
parent	887fd5d1d148a84991998c0f7654d108072d6084 (diff)
parent	48dae29f9a046b328b49abd2073e134d7c29b274 (diff)
download	sepolicy-f5d828d4f901172c4a4477f332330256a48ed70c.tar.gz