sepolicy: allow netutils_wrapper access to fs_bpf_vendor This is needed to allow vendor xt_bpf programs. Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I7ff8a0319bec2f3a57c7ce48939b13b2fca182de

commit: 37ca69e5c834f09b5ff788baf3f08a35889f914f [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Sat Nov 18 03:36:05 2023 +0000
committer: Maciej Żenczykowski <maze@google.com> Sat Jan 20 23:56:37 2024 +0000
tree: ce1b5bf243d7b8a641b1492a745d8af879edd469
parent: 7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff] [blame]
diff --git a/private/bpfloader.te b/private/bpfloader.te
index ccfe440..be6f77c 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te

@@ -68,7 +68,7 @@
 neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -network_stack -system_server -uprobestats } *:bpf { map_read map_write };
 neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
 
-neverallow { coredomain -bpfloader } fs_bpf_vendor:file *;
+neverallow { coredomain -bpfloader -netd -netutils_wrapper } fs_bpf_vendor:file *;
 
 neverallow bpfloader *:{ tcp_socket udp_socket rawip_socket } *;
commit	37ca69e5c834f09b5ff788baf3f08a35889f914f	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Sat Nov 18 03:36:05 2023 +0000
committer	Maciej Żenczykowski <maze@google.com>	Sat Jan 20 23:56:37 2024 +0000
tree	ce1b5bf243d7b8a641b1492a745d8af879edd469
parent	7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff] [blame]