netmgrd: auditallow access to system_file type.
Bug: 111243627
Bug: 117232795
Test: boot walleye, internet over wifi and data, airplane on/off, wifi on/off
with wifi calling enabled. No denials to system_file types observed on walleye.
Change-Id: I7efe57b9f58358771e5d228a314ee432fbe0129b
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
index c245452..5660ce3 100644
--- a/sepolicy/vendor/netmgrd.te
+++ b/sepolicy/vendor/netmgrd.te
@@ -28,6 +28,9 @@
allow netmgrd sysfs_msm_subsys:file r_file_perms;
allow netmgrd system_file:file lock;
+# TODO(b/111243627): Expose required system components via separate types once
+# we have enough information about what is needed by netmgrd.
+auditallow netmgrd system_file:file lock;
r_dir_file(netmgrd, sysfs_msm_subsys)
@@ -52,6 +55,9 @@
allow netmgrd netmgr_data_file:dir rw_dir_perms;
allow netmgrd netmgr_data_file:file create_file_perms;
allow netmgrd system_file:file execute_no_trans;
+# TODO(b/117232795): Figure out what is executed by netmgrd in /system and route
+# that dependency to netutils_wrapper.
+auditallow netmgrd system_file:file execute_no_trans;
allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid };