netmgrd: allow communication with connectivity framework
Fix the following denials
Allow communication with cnd sockets
[ 22.806091] type=1400 audit(1415054892.584:18): avc: denied { write }
for pid=1317 comm="netmgrd" name="cnd" dev="tmpfs" ino=8381
scontext=u:r:netmgrd:s0 tcontext=u:object_r:cnd_socket:s0 tclass=sock_file
[ 22.316132] type=1400 audit(1415053588.674:56): avc: denied
{ connectto } for pid=1321 comm="netmgrd" path="/dev/socket/cnd"
scontext=u:r:netmgrd:s0 tcontext=u:r:cnd:s0 tclass=unix_stream_socket
Allow operations on netlink xfrm sockets
[ 20.794160] type=1400 audit(1415053541.505:16): avc: denied
{ setopt } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794450] type=1400 audit(1415053541.505:17): avc: denied
{ getattr } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794528] type=1400 audit(1415053541.505:18): avc: denied
{ write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794602] type=1400 audit(1415053541.505:19): avc: denied
{ nlmsg_write } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
[ 20.794688] type=1400 audit(1415053541.505:20): avc: denied
{ read } for pid=1162 comm="ip" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=netlink_xfrm_socket
Allow operations on netd and its resources
[ 20.827567] type=1400 audit(1415053541.545:21): avc: denied { read }
for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268
scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file
[ 20.827802] type=1400 audit(1415053541.545:22): avc: denied { open }
for pid=1166 comm="ip" name="rt_tables" dev="mmcblk0p13" ino=268
scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0 tclass=file
[ 20.827915] type=1400 audit(1415053541.545:23): avc: denied { getattr
}for pid=1166 comm="ip" path="/data/misc/net/rt_tables" dev="mmcblk0p13"
ino=268 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=file
[ 21.480717] type=1400 audit(1415053542.195:24): avc: denied { getattr
} for pid=1259 comm="sh" path="/system/bin/ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.481188] type=1400 audit(1415053542.195:25): avc: denied { execute
} for pid=1259 comm="sh" name="ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.482377] type=1400 audit(1415053542.195:26): avc: denied { read
open } for pid=1260 comm="sh" name="ndc" dev="mmcblk0p12" ino=444
scontext=u:r:netmgrd:s0 tcontext=u:object_r:wpa_exec:s0 tclass=file
[ 21.482614] type=1400 audit(1415053542.195:27): avc: denied
{ execute_no_trans } for pid=1260 comm="sh" path="/system/bin/ndc"
dev="mmcblk0p12" ino=444 scontext=u:r:netmgrd:s0
tcontext=u:object_r:wpa_exec:s0 tclass=file
avc: denied { search } for pid=1168 comm="ip" name="net" dev="mmcblk0p34"
ino=210 scontext=u:r:netmgrd:s0 tcontext=u:object_r:net_data_file:s0
tclass=dir permissive=0
CRs-Fixed: 748457
Change-Id: Ie1044b498002602354b28f3c2e36bf1c9ee64e15
Loading
Please sign in to comment