Merge "Restore netdomain allow rules."

commit: 109f9e62b4672b941720d3e1a5595f1835be8515 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Oct 03 15:28:13 2013 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Oct 03 15:28:14 2013 +0000
tree: c0b02f9550235ba3fb17d8fea8e11bc507a19421
parent: ede81a8aebfa93e7aa82961e6aed1b0114a36dc6 [diff]
parent: ca0759b1750cdc7f5c47fdde5557d6684e185d17 [diff]
diff --git a/net.te b/net.te
index 7e00ed8..b10cecd 100644
--- a/net.te
+++ b/net.te

@@ -2,3 +2,17 @@
 type node, node_type;
 type netif, netif_type;
 type port, port_type;
+
+# Use network sockets.
+allow netdomain self:{ tcp_socket udp_socket } *;
+# Connect to ports.
+allow netdomain port_type:tcp_socket name_connect;
+# Bind to ports.
+allow netdomain node_type:{ tcp_socket udp_socket } node_bind;
+allow netdomain port_type:udp_socket name_bind;
+allow netdomain port_type:tcp_socket name_bind;
+# Get route information.
+allow netdomain self:netlink_route_socket { create bind read nlmsg_read };
+
+# Talks to netd via dnsproxyd socket.
+unix_socket_connect(netdomain, dnsproxyd, netd)
commit	109f9e62b4672b941720d3e1a5595f1835be8515	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Oct 03 15:28:13 2013 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Oct 03 15:28:14 2013 +0000
tree	c0b02f9550235ba3fb17d8fea8e11bc507a19421
parent	ede81a8aebfa93e7aa82961e6aed1b0114a36dc6 [diff]
parent	ca0759b1750cdc7f5c47fdde5557d6684e185d17 [diff]