Merge "Rename qtaguid_proc to conform to name conventions"
diff --git a/private/app.te b/private/app.te
index 7dceaaa..f3e1e2a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -3,5 +3,5 @@
allow appdomain zygote_tmpfs:file read;
neverallow appdomain system_server:udp_socket {
- accept append bind create getopt ioctl listen lock name_bind
- relabelfrom relabelto setattr setopt shutdown };
+ accept append bind create ioctl listen lock name_bind
+ relabelfrom relabelto setattr shutdown };
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index e0547b6..75a6317 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -43,7 +43,8 @@
# allow ephemeral apps to use UDP sockets provided by the system server but not
# modify them other than to connect
-allow ephemeral_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow ephemeral_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
###
### neverallow rules
diff --git a/private/platform_app.te b/private/platform_app.te
index 67a9c33..80b20e1 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -71,7 +71,8 @@
# allow platform apps to use UDP sockets provided by the system server but not
# modify them other than to connect
-allow platform_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow platform_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
###
### Neverallow rules
diff --git a/private/priv_app.te b/private/priv_app.te
index 80425dd..887f5be 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -150,7 +150,8 @@
# allow privileged apps to use UDP sockets provided by the system server but not
# modify them other than to connect
-allow priv_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow priv_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
###
### neverallow rules
diff --git a/private/system_app.te b/private/system_app.te
index d6be5a3..b2f8376 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -116,7 +116,8 @@
# allow system apps to use UDP sockets provided by the system server but not
# modify them other than to connect
-allow system_app system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow system_app system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
###
### Neverallow rules
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index feac216..fbf5989 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -123,7 +123,8 @@
# allow untrusted apps to use UDP sockets provided by the system server but not
# modify them other than to connect
-allow untrusted_app_all system_server:udp_socket { connect getattr read recvfrom sendto write };
+allow untrusted_app_all system_server:udp_socket {
+ connect getattr read recvfrom sendto write getopt setopt };
# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions.
dontaudit untrusted_app_all net_dns_prop:file read;