cf: add netdomain attribute to socket_forward_proxy netdomain is the set of domains with network access. Adding socket_forward_proxy to that set resolves this denial: avc: denied { write } for comm="socket_forward_" laddr=127.0.0.1 lport=38980 faddr=127.0.0.1 fport=5555 scontext=u:r:socket_forward_proxy:s0 tcontext=u:r:socket_forward_proxy:s0 tclass=tcp_socket permissive=1 Bug: 28053261 Test: boot socket_forward_proxy without above denial Change-Id: I469f672f95cc7df800b5f15cbe6c6c242afcf9f7

commit: e4622153e30c511b71f3b0d35524ca82ac6731a3 [log] [tgz]
author: Tri Vo <trong@google.com> Mon Mar 11 17:13:10 2019 -0700
committer: Tri Vo <trong@google.com> Tue Mar 12 02:43:00 2019 +0000
tree: 50b807634beb19a737503b2720c9094376a42312
parent: 27bac3ea9ba1df029a606649266e2d9a6d9ee7fc [diff]
diff --git a/shared/sepolicy/socket_forward_proxy.te b/shared/sepolicy/socket_forward_proxy.te
index e7b9f30..00ffba7 100644
--- a/shared/sepolicy/socket_forward_proxy.te
+++ b/shared/sepolicy/socket_forward_proxy.te

@@ -1,4 +1,4 @@
-type socket_forward_proxy, domain;
+type socket_forward_proxy, domain, netdomain;
 type socket_forward_proxy_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(socket_forward_proxy)
commit	e4622153e30c511b71f3b0d35524ca82ac6731a3	[log] [tgz]
author	Tri Vo <trong@google.com>	Mon Mar 11 17:13:10 2019 -0700
committer	Tri Vo <trong@google.com>	Tue Mar 12 02:43:00 2019 +0000
tree	50b807634beb19a737503b2720c9094376a42312
parent	27bac3ea9ba1df029a606649266e2d9a6d9ee7fc [diff]