goldfish_setup: grant ifconfig priv_sock_ioctls The goldfish_setup shell script needs the ability to set the interface address via ifconfig. This requires SIOCSIFADDR plus other ioctl permissions, therefore allow the set of priv_sock_ioctls permissions. Addresses the following denial that stops internet access via browser: avc: denied { ioctl } for pid=712 comm="ifconfig" path="socket:[1825]" dev="sockfs" ino=1825 ioctlcmd=8916 scontext=u:r:goldfish_setup:s0 tcontext=u:r:goldfish_setup:s0 tclass=udp_socket permissive=0 Test: With update can access internet via browser. Change-Id: I77a52c0b72bb0ebe9451f45c346a399c1f61672d Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>

commit: 8a09cc22979490275a34c28f6d2da9407bbcddde [log] [tgz]
author: Richard Haines <richard_c_haines@btinternet.com> Thu Oct 20 15:47:44 2016 +0100
committer: Richard Haines <richard_c_haines@btinternet.com> Thu Oct 20 16:46:22 2016 +0100
tree: 27b0baea795501d033a3922f9c25f6719352f9f6
parent: 92396e17473b13e5f1526d5e1799799e224c20e3 [diff]
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index b8f121c..bc25967 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te

@@ -12,6 +12,7 @@
 allow goldfish_setup toolbox_exec:file rx_file_perms;
 allow goldfish_setup self:capability { net_admin net_raw };
 allow goldfish_setup self:udp_socket create_socket_perms;
+allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
 
 net_domain(goldfish_setup)
commit	8a09cc22979490275a34c28f6d2da9407bbcddde	[log] [tgz]
author	Richard Haines <richard_c_haines@btinternet.com>	Thu Oct 20 15:47:44 2016 +0100
committer	Richard Haines <richard_c_haines@btinternet.com>	Thu Oct 20 16:46:22 2016 +0100
tree	27b0baea795501d033a3922f9c25f6719352f9f6
parent	92396e17473b13e5f1526d5e1799799e224c20e3 [diff]