From c9f580b083971ac2b2f744522f76c028488ab063 Mon Sep 17 00:00:00 2001 From: Hsiaoan Hsu Date: Mon, 29 Mar 2021 11:58:18 +0800 Subject: [PATCH] Fix netutils_wrapper avc denied avc denied log: 03-25 22:30:40.226 root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2269): avc: denied { read write } for path="/dev/umts_wfc1" dev="tmpfs" ino=748 scontext=u:r:netutils_wrapper:s0 tcontext=u:object_r:pktrouter_device:s0 tclass=chr_file permissive=0 03-25 22:30:40.226 root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2270): avc: denied { read write } for path="socket:[1017]" dev="sockfs" ino=1017 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:pktrouter:s0 tclass=netlink_route_socket permissive=0 03-25 22:30:40.226 root 22962 22962 W iptables-wrappe: type=1400 audit(0.0:2274): avc: denied { read write } for path="socket:[655847]" dev="sockfs" ino=655847 scontext=u:r:netutils_wrapper:s0 tcontext=u:r:pktrouter:s0 tclass=udp_socket permissive=0 Bug: 183713618 Test: WFC/WFC handover Change-Id: I363bf009c3b05ac2ceccb5580e786fcebf0f5631 --- whitechapel/vendor/google/netutils_wrapper.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/netutils_wrapper.te b/whitechapel/vendor/google/netutils_wrapper.te index a8090e37..ff1be58e 100644 --- a/whitechapel/vendor/google/netutils_wrapper.te +++ b/whitechapel/vendor/google/netutils_wrapper.te @@ -1,4 +1,7 @@ allow netutils_wrapper pktrouter:fd use; allow netutils_wrapper pktrouter:fifo_file write; +allow netutils_wrapper pktrouter:netlink_route_socket { read write }; allow netutils_wrapper pktrouter:packet_socket { read write }; allow netutils_wrapper pktrouter:rawip_socket { read write }; +allow netutils_wrapper pktrouter:udp_socket { read write }; +allow netutils_wrapper pktrouter_device:chr_file rw_file_perms;