Update netlink socket classes. am: 01d95c23ab * commit '01d95c23ab8c14d72e4ce98b3dda64ce81ab6306': Update netlink socket classes.

commit: d27df9606344738cd2122ce98fa89a2d79e22f12 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Thu Mar 03 21:44:06 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Thu Mar 03 21:44:06 2016 +0000
tree: 15defb347da3220c65adbe955cab03b48979d039
parent: 1274aa15d415ea317c48b321445583bf25999b6a [diff]
parent: 01d95c23ab8c14d72e4ce98b3dda64ce81ab6306 [diff]
diff --git a/access_vectors b/access_vectors
index ccf7018..c38aa7b 100644
--- a/access_vectors
+++ b/access_vectors

@@ -544,6 +544,30 @@
 	transfer
 }
 
+class netlink_iscsi_socket
+inherits socket
+
+class netlink_fib_lookup_socket
+inherits socket
+
+class netlink_connector_socket
+inherits socket
+
+class netlink_netfilter_socket
+inherits socket
+
+class netlink_generic_socket
+inherits socket
+
+class netlink_scsitransport_socket
+inherits socket
+
+class netlink_rdma_socket
+inherits socket
+
+class netlink_crypto_socket
+inherits socket
+
 class property_service
 {
 	set

diff --git a/global_macros b/global_macros
index 8d72868..e840d56 100644
--- a/global_macros
+++ b/global_macros

@@ -8,7 +8,7 @@
 define(`file_class_set', `{ devfile_class_set notdevfile_class_set }')
 define(`dir_file_class_set', `{ dir file_class_set }')
 
-define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
+define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket }')
 define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
 define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
 define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')

diff --git a/hostapd.te b/hostapd.te
index 858c286..204a0d9 100644
--- a/hostapd.te
+++ b/hostapd.te

@@ -6,6 +6,7 @@
 
 allow hostapd self:capability { net_admin net_raw setuid setgid };
 allow hostapd self:netlink_socket create_socket_perms;
+allow hostapd self:netlink_generic_socket create_socket_perms;
 allow hostapd self:packet_socket create_socket_perms;
 allow hostapd self:netlink_route_socket nlmsg_write;
 

diff --git a/netd.te b/netd.te
index 2c0fb15..d6c715c 100644
--- a/netd.te
+++ b/netd.te

@@ -19,6 +19,8 @@
 allow netd self:netlink_nflog_socket create_socket_perms;
 allow netd self:netlink_socket create_socket_perms;
 allow netd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
+allow netd self:netlink_generic_socket create_socket_perms;
+allow netd self:netlink_netfilter_socket create_socket_perms;
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;

diff --git a/rild.te b/rild.te
index 1183d4c..e2856a3 100644
--- a/rild.te
+++ b/rild.te

@@ -38,6 +38,7 @@
 
 # Allow rild to create and use netlink sockets.
 allow rild self:netlink_socket create_socket_perms;
+allow rild self:netlink_generic_socket create_socket_perms;
 allow rild self:netlink_kobject_uevent_socket create_socket_perms;
 
 # Access to wake locks

diff --git a/security_classes b/security_classes
index 7ea3a38..680d3dd 100644
--- a/security_classes
+++ b/security_classes

@@ -84,6 +84,16 @@
 
 class binder
 
+# Updated netlink classes for more recent netlink protocols.
+class netlink_iscsi_socket
+class netlink_fib_lookup_socket
+class netlink_connector_socket
+class netlink_netfilter_socket
+class netlink_generic_socket
+class netlink_scsitransport_socket
+class netlink_rdma_socket
+class netlink_crypto_socket
+
 # Property service
 class property_service          # userspace
 

diff --git a/system_server.te b/system_server.te
index c6c41dc..8f794e1 100644
--- a/system_server.te
+++ b/system_server.te

@@ -64,6 +64,7 @@
 
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;
+allow system_server self:netlink_generic_socket create_socket_perms;
 
 # Use generic "sockets" where the address family is not known
 # to the kernel.

diff --git a/tee.te b/tee.te
index ab625de..8ea6b95 100644
--- a/tee.te
+++ b/tee.te

@@ -12,3 +12,4 @@
 allow tee tee_data_file:dir rw_dir_perms;
 allow tee tee_data_file:file create_file_perms;
 allow tee self:netlink_socket create_socket_perms;
+allow tee self:netlink_generic_socket create_socket_perms;

diff --git a/wpa.te b/wpa.te
index a562fb7..46d975b 100644
--- a/wpa.te
+++ b/wpa.te

@@ -11,6 +11,7 @@
 allow wpa cgroup:dir create_dir_perms;
 allow wpa self:netlink_route_socket nlmsg_write;
 allow wpa self:netlink_socket create_socket_perms;
+allow wpa self:netlink_generic_socket create_socket_perms;
 allow wpa self:packet_socket create_socket_perms;
 allow wpa wifi_data_file:dir create_dir_perms;
 allow wpa wifi_data_file:file create_file_perms;
commit	d27df9606344738cd2122ce98fa89a2d79e22f12	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Thu Mar 03 21:44:06 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Thu Mar 03 21:44:06 2016 +0000
tree	15defb347da3220c65adbe955cab03b48979d039
parent	1274aa15d415ea317c48b321445583bf25999b6a [diff]
parent	01d95c23ab8c14d72e4ce98b3dda64ce81ab6306 [diff]