• Lorenzo Colitti's avatar
    Allow clatd to read from packet sockets and write to raw sockets · 6cd57a43
    Lorenzo Colitti authored
    This addresses the following denials that occur when switching
    clatd from an IPv6 tun interface to packet and raw sockets:
    
    avc: denied { net_raw } for pid=3540 comm="clatd" capability=13 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability
    avc: denied { create } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket
    avc: denied { bind } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket
    avc: denied { setopt } for pid=3540 comm="clatd" scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket
    avc: denied { read } for pid=3540 comm="clatd" path="socket:[19117]" dev="sockfs" ino=19117 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=packet_socket
    
    Bug: 15340961
    Change-Id: I3c06e8e3e0cfc0869a7b73c803bbffe28369ee5e
    6cd57a43
clatd.te 993 Bytes