Merge "update_engine: Allow to tag sockets." am: 8d48aa7988 am: 255e0ed383
am: e8fdd80562
Change-Id: I1acef5124c5188f947f6e974908223fd13c0103e
diff --git a/public/update_engine.te b/public/update_engine.te
index 3a33407..31ba14f 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -6,6 +6,11 @@
net_domain(update_engine);
+# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid to tag network
+# sockets.
+allow update_engine qtaguid_proc:file rw_file_perms;
+allow update_engine qtaguid_device:chr_file r_file_perms;
+
# Following permissions are needed for update_engine.
allow update_engine self:process { setsched };
allow update_engine self:capability { fowner sys_admin };