Merge "sepolicy: Fix 'avc denied' issues for the emulators"
diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te
index c28ca74..201fa86 100644
--- a/target/board/generic/sepolicy/domain.te
+++ b/target/board/generic/sepolicy/domain.te
@@ -1,3 +1,5 @@
# For /sys/qemu_trace files in the emulator.
allow domain sysfs_writable:file rw_file_perms;
allow domain qemu_device:chr_file rw_file_perms;
+
+get_prop(domain, qemu_prop)
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index b472d2a..bce196a 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -13,6 +13,8 @@
allow goldfish_setup self:capability { net_admin net_raw };
allow goldfish_setup self:udp_socket create_socket_perms;
+net_domain(goldfish_setup)
+
# Set net.eth0.dns*, debug.sf.nobootanimation
set_prop(goldfish_setup, system_prop)
set_prop(goldfish_setup, debug_prop)
diff --git a/target/board/generic/sepolicy/netd.te b/target/board/generic/sepolicy/netd.te
new file mode 100644
index 0000000..2b002ec
--- /dev/null
+++ b/target/board/generic/sepolicy/netd.te
@@ -0,0 +1 @@
+dontaudit netd self:capability sys_module;