commit a0433acb4c8f07838f038b696752bea7753ba3a0
author Stephen Smalley <sds@tycho.nsa.gov> Wed Apr 09 08:18:48 2014 -0400
committer Stephen Smalley <sds@tycho.nsa.gov> Wed Apr 09 08:18:48 2014 -0400
tree 571a59ad290faf9dacabb40fdebca4dc1e7b6dc5
parent 2dd914ee943783e96f9e65af2e6e373013dde66c

Allow netmgrd to execute sh.

It invokes helper programs such as /system/bin/ip via sh -c.
In the future, look at reworking netmgrd to directly invoke
the helper programs and/or to transition to a different domain
upon sh invocation to shed unnecessary permissions.

Also rewrite the system_file rule for /system/bin/ip to use
the rx_file_perms macro for consistency.

Change-Id: I407d4503868e928dd876cce932fe6a96fcbd4e0d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>