Skip to content
Commit f7bacd8f authored by Subash Abhinov Kasiviswanathan's avatar Subash Abhinov Kasiviswanathan Committed by Gerrit - the friendly Code Review server
Browse files

data: Change binary location to netutils 

Generic system partition binaries are no accessible on latest
versions of AOSP. As a result, use the netutils wrapper equivalents
of ip[6]tables, ip and tc. Fix the following denials -

type=1400 audit(1495499715.886:76): avc: denied { use } for pid=1370
comm="tc-wrapper-1.0" path="pipe:[28029]" dev="pipefs" ino=28029
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0 tclass=fd
permissive=0

type=1400 audit(159.269:260): avc: denied { write } for pid=1612
comm="ndc-wrapper-1.0" path="pipe:[30233]" dev="pipefs" ino=30233
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=fifo_file permissive=0
type=1400 audit(159.269:267): avc: denied { read } for pid=1612
comm="ndc-wrapper-1.0" path="pipe:[30809]" dev="pipefs" ino=30809
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=fifo_file permissive=0

type=1400 audit(159.269:264): avc: denied { read write } for pid=1612
comm="ndc-wrapper-1.0" path="socket:[20840]" dev="sockfs" ino=20840
scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_route_socket permissive=0

type=1400 audit(1495838461.725:623): avc: denied { read write } for
pid=3440 comm="ip6tables-wrapp" path="socket:[30928]" dev="sockfs"
ino=30928 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket permissive=0

type=1400 audit(1495845281.873:156): avc: denied { read write } for
pid=1436 comm="ip6tables-wrapp" path="socket:[30179]" dev="sockfs"
ino=30179 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_generic_socket permissive=0

type=1400 audit(1495845281.873:157): avc: denied { read write } for
pid=1436 comm="ip6tables-wrapp" path="socket:[30180]" dev="sockfs"
ino=30180 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=netlink_xfrm_socket permissive=0

type=1400 audit(10632.149:134): avc: denied { read write } for
pid=1523 comm="ndc-wrapper-1.0" path="socket:[28342]" dev="sockfs"
ino=28342 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:netmgrd:s0
tclass=udp_socket permissive=0

CRs-Fixed: 2054108
Change-Id: I238f1373777936654844a74a2a3926a11d87a70d
parent d2a4f8c7
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment