diff options
| author | Matthew Maurer <mmaurer@google.com> | 2019-12-02 16:53:06 -0800 |
|---|---|---|
| committer | Matthew Maurer <mmaurer@google.com> | 2019-12-02 16:53:06 -0800 |
| commit | ffb3b204da73f13b30126c9d5477a93266efa9a6 (patch) | |
| tree | 93e26406f56e6dd58c17c8b69b541eca5f482190 /sepolicy | |
| parent | ab2de8d7c28c53a6c1eaaf3847a78613a2fb7cc9 (diff) | |
| download | trusty-ffb3b204da73f13b30126c9d5477a93266efa9a6.tar.gz | |
Update dhcpclient sepolicy to follow goldfish
Test: Booted with trusty, network came up without setenforce 0
Bug: 145549509
Change-Id: I532d1277b212a5080fc0537cf691bcd431f72b2e
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/dhcpclient.te | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/sepolicy/dhcpclient.te b/sepolicy/dhcpclient.te index 7aeb2f4..f843bee 100644 --- a/sepolicy/dhcpclient.te +++ b/sepolicy/dhcpclient.te @@ -7,12 +7,11 @@ net_domain(dhcpclient) dontaudit dhcpclient kernel:system module_request; allow dhcpclient self:capability { net_admin net_raw }; -allow dhcpclient self:udp_socket create; -allow dhcpclient self:netlink_route_socket { write nlmsg_write }; +allow dhcpclient self:netlink_route_socket { ioctl write nlmsg_write }; allow dhcpclient varrun_file:dir search; allow dhcpclient self:packet_socket { create bind write read }; -allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS - SIOCSIFADDR - SIOCSIFNETMASK - SIOCSIFMTU - SIOCGIFHWADDR }; +allowxperm dhcpclient self:netlink_route_socket ioctl { SIOCGIFFLAGS + SIOCSIFFLAGS + SIOCSIFMTU + SIOCGIFINDEX + SIOCGIFHWADDR }; |