Merge "Fix the missing nlmsg_read for netlink_xfrm_socket" am: 1965e156d4 am: fe0f25f3dd
am: 64a01b66b7
Change-Id: I4398775a2acf00183d8967fb144029ec9cc814c7
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index 353a4bd..b534801 100644
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -39,7 +39,7 @@
# netmgrd sockets
allow netmgrd self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
allow netmgrd self:netlink_socket create_socket_perms_no_ioctl;
-allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
+allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
allow netmgrd self:rawip_socket create_socket_perms_no_ioctl;
allow netmgrd self:socket create_socket_perms;
# in addition to ioctl commands granted to domain allow netmgrd to use: