Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / f7bacd8ff05fe77361d12b5bded280e3fe859d2e
commitf7bacd8ff05fe77361d12b5bded280e3fe859d2e[log] [tgz]
authorSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>Tue May 30 17:37:15 2017 -0600
committerGerrit - the friendly Code Review server <code-review@localhost>Tue May 30 19:32:57 2017 -0700
tree45331b2b2cfec091ef950ffaa26efe685c253444
parentd2a4f8c70b131627efab5a58f4f848983ee4049d [diff]
data: Change binary location to netutils

Generic system partition binaries are no accessible on latest
versions of AOSP. As a result, use the netutils wrapper equivalents
of ip[6]tables, ip and tc. Fix the following denials -

type=1400 audit(1495499715.886:76): avc: denied { use } for pid=1370
comm="tc-wrapper-1.0" path="pipe:[28029]" dev="pipefs" ino=28029
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0 tclass=fd
permissive=0

type=1400 audit(159.269:260): avc: denied { write } for pid=1612
comm="ndc-wrapper-1.0" path="pipe:[30233]" dev="pipefs" ino=30233
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=fifo_file permissive=0
type=1400 audit(159.269:267): avc: denied { read } for pid=1612
comm="ndc-wrapper-1.0" path="pipe:[30809]" dev="pipefs" ino=30809
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=fifo_file permissive=0

type=1400 audit(159.269:264): avc: denied { read write } for pid=1612
comm="ndc-wrapper-1.0" path="socket:[20840]" dev="sockfs" ino=20840
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_route_socket permissive=0

type=1400 audit(1495838461.725:623): avc: denied { read write } for
pid=3440 comm="ip6tables-wrapp" path="socket:[30928]" dev="sockfs"
ino=30928 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket permissive=0

type=1400 audit(1495845281.873:156): avc: denied { read write } for
pid=1436 comm="ip6tables-wrapp" path="socket:[30179]" dev="sockfs"
ino=30179 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_generic_socket permissive=0

type=1400 audit(1495845281.873:157): avc: denied { read write } for
pid=1436 comm="ip6tables-wrapp" path="socket:[30180]" dev="sockfs"
ino=30180 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_xfrm_socket permissive=0

type=1400 audit(10632.149:134): avc: denied { read write } for
pid=1523 comm="ndc-wrapper-1.0" path="socket:[28342]" dev="sockfs"
ino=28342 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=udp_socket permissive=0

CRs-Fixed: 2054108
Change-Id: I238f1373777936654844a74a2a3926a11d87a70d
2 files changed
tree: 45331b2b2cfec091ef950ffaa26efe685c253444
  1. apq8084/
  2. common/
  3. msm8226/
  4. msm8909/
  5. msm8916/
  6. msm8937/
  7. msm8952/
  8. msm8953/
  9. msm8960/
  10. msm8974/
  11. msm8976/
  12. msm8992/
  13. msm8994/
  14. msm8996/
  15. msm8998/
  16. msmskunk/
  17. sdm660/
  18. sdm845/
  19. test/
  20. Android.mk