Allow netd to use NETLINK_SOCK_DIAG.

This is needed to kill sockets using the new SOCK_DESTROY operation instead of using SIOCKILLADDR. Bug: 26976388 Change-Id: I01a63a754726a0e9fb68be48b76df4dc47752edb
author: Lorenzo Colitti <lorenzo@google.com> 2016-02-15 17:16:06 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2016-02-16 10:11:49 +0900
commit: b38e2790944d028a81089ec088ded54f269aa1f2 (patch)
tree: b8d8fa583feeb1811184cec606fa78bed2ff2d40
parent: c1e48835078d60f969f2e0d6c69a8b7e698dbbac (diff)
download: sepolicy-b38e2790944d028a81089ec088ded54f269aa1f2.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/netd.te b/netd.te
index 0f4e891..2c0fb15 100644
--- a/netd.te
+++ b/netd.te
@@ -18,6 +18,7 @@ allow netd self:netlink_kobject_uevent_socket create_socket_perms;
 allow netd self:netlink_route_socket nlmsg_write;
 allow netd self:netlink_nflog_socket create_socket_perms;
 allow netd self:netlink_socket create_socket_perms;
+allow netd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
author	Lorenzo Colitti <lorenzo@google.com>	2016-02-15 17:16:06 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2016-02-16 10:11:49 +0900
commit	b38e2790944d028a81089ec088ded54f269aa1f2 (patch)
tree	b8d8fa583feeb1811184cec606fa78bed2ff2d40
parent	c1e48835078d60f969f2e0d6c69a8b7e698dbbac (diff)
download	sepolicy-b38e2790944d028a81089ec088ded54f269aa1f2.tar.gz