netmgrd: Add policies for iwlan
Add policies for denials seen when running netmgrd iwlan scenarios
when invoking netutils. Fix the following denials -
audit(1496448783.845:131) avc: denied { read write } for pid=1552
comm="tc-wrapper-1.0" path="/data/vendor/netmgr/log.txt" dev="dm-0"
ino=425997 scontext=u:r:netutils_wrapper:s0
tcontext=u:object_r:netmgrd_data_file:s0 tclass=file permissive=1
audit(1496448785.385:139) avc: denied { getattr } for pid=1709
comm="ndc" path="pipe:[31264]" dev="pipefs" ino=31264
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=fifo_file permissive=1
audit(1496448874.298:224) avc: denied { read write } for pid=3976
comm="iptables-wrappe" path="socket:[35109]" dev="sockfs" ino=35109
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=tcp_socket permissive=1
audit(12997.399:121) avc: denied { execute } for pid=1814
comm="ndc-wrapper-1.0" name="ndc" dev="sda6" ino=826
scontext=u:r:netutils_wrapper:s0
tcontext=u:object_r:wcnss_service_exec:s0 tclass=file permissive=1
audit(12997.399:122) avc: denied { read open } for pid=1814
comm="ndc-wrapper-1.0" path="/system/bin/ndc" dev="sda6" ino=826
scontext=u:r:netutils_wrapper:s0
tcontext=u:object_r:wcnss_service_exec:s0 tclass=file permissive=1
audit(12997.399:123) avc: denied { execute_no_trans } for pid=1814
comm="ndc-wrapper-1.0" path="/system/bin/ndc" dev="sda6" ino=826
scontext=u:r:netutils_wrapper:s0
tcontext=u:object_r:wcnss_service_exec:s0 tclass=file permissive=1
audit(12997.399:124) avc: denied { getattr } for pid=1814 comm="ndc"
path="/system/bin/ndc" dev="sda6" ino=826
scontext=u:r:netutils_wrapper:s0
tcontext=u:object_r:wcnss_service_exec:s0 tclass=file permissive=1
audit(1496689773.369:128) avc: denied { read write } for pid=2050
comm="ndc-wrapper-1.0" path="/dev/diag" dev="tmpfs" ino=19597
scontext=u:r:netutils_wrapper:s0 tcontext=u:object_r:diag_device:s0
tclass=chr_file permissive=1
CRs-Fixed: 2056070
Change-Id: I170b1ec02e48f94a0995c4830f8bceea05c013ea
2 files changed