sepolicy: allow netutils_wrapper access to fs_bpf_vendor This is needed to allow vendor xt_bpf programs. Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I7ff8a0319bec2f3a57c7ce48939b13b2fca182de

commit: 37ca69e5c834f09b5ff788baf3f08a35889f914f [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Sat Nov 18 03:36:05 2023 +0000
committer: Maciej Żenczykowski <maze@google.com> Sat Jan 20 23:56:37 2024 +0000
tree: ce1b5bf243d7b8a641b1492a745d8af879edd469
parent: 7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff] [blame]
diff --git a/private/netd.te b/private/netd.te
index 8be8212..6d1c10c 100644
--- a/private/netd.te
+++ b/private/netd.te

@@ -6,9 +6,9 @@
 # Allow netd to spawn dnsmasq in it's own domain
 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
 
-allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared }:dir search;
-allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared }:file { getattr read };
-allow netd { fs_bpf                      fs_bpf_netd_shared }:file write;
+allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_vendor }:dir search;
+allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_vendor }:file { getattr read };
+allow netd { fs_bpf                      fs_bpf_netd_shared               }:file write;
 
 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
 # the map created by bpfloader
commit	37ca69e5c834f09b5ff788baf3f08a35889f914f	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Sat Nov 18 03:36:05 2023 +0000
committer	Maciej Żenczykowski <maze@google.com>	Sat Jan 20 23:56:37 2024 +0000
tree	ce1b5bf243d7b8a641b1492a745d8af879edd469
parent	7a3d15416e4219e8af453a17ad8fe92d11e8bb59 [diff] [blame]