librmnetctl: Fix for avc denial in netmgrd
tcontext=u:r:netmgrd:s0 tclass=netlink_socket permissive=0
netmgr calls librmnetctl init where librmnetctl creates socket.
Need to add SOCK_CLOEXEC flag while creating socket.
SOCK_CLOEXEC sets the close-on-exec (FD_CLOEXEC)
flag on the new file descriptor.
Change-Id: I7497737140ae7b0bd8eca27960fec2af209200c7
diff --git a/rmnetctl/src/librmnetctl.c b/rmnetctl/src/librmnetctl.c
index c9c74a8..731681a 100644
--- a/rmnetctl/src/librmnetctl.c
+++ b/rmnetctl/src/librmnetctl.c
@@ -343,7 +343,7 @@
break;
}
(*hndl)->pid = (uint32_t)pid;
- netlink_fd = socket(PF_NETLINK, SOCK_RAW, RMNET_NETLINK_PROTO);
+ netlink_fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, RMNET_NETLINK_PROTO);
if (netlink_fd < MIN_VALID_SOCKET_FD) {
free(*hndl);
*error_code = RMNETCTL_INIT_ERR_NETLINK_FD;
@@ -1027,7 +1027,7 @@
return RMNETCTL_LIB_ERR;
}
(*hndl)->pid = KERNEL_PROCESS_ID;
- netlink_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ netlink_fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
if (netlink_fd < MIN_VALID_SOCKET_FD) {
free(*hndl);
*error_code = RMNETCTL_INIT_ERR_NETLINK_FD;