SEPolicy for Netlink Interceptor Make Netlink Interceptor work when SELinux is enforcing Test: Netlink Interceptor HAL comes up and works Bug: 194683902 Change-Id: I3afc7ae04eba82f2f6385b66ddd5f4a8310dff88

commit: 4ac3d74a7001cc4242ccc3b94fd4e8872da6e213 [log] [tgz]
author: Chris Weir <chrisweir@google.com> Tue Oct 05 16:53:52 2021 -0700
committer: Chris Weir <chrisweir@google.com> Tue Oct 26 10:03:14 2021 -0700
tree: a4457bee471e38514bcfc4365847b200bca9bbd0
parent: c0cd63704906116e8d8048c67f50b5888f51fed1 [diff] [blame]
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 3254f11..0d6554b 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te

@@ -9,6 +9,7 @@
   -hal_wifi_supplicant_server
   -hal_telephony_server
   -hal_uwb_vendor_server
+  -hal_nlinterceptor_server
 } self:global_capability_class_set { net_admin net_raw };
 
 # Unless a HAL's job is to communicate over the network, or control network
@@ -27,6 +28,7 @@
   -hal_wifi_supplicant_server
   -hal_telephony_server
   -hal_uwb_vendor_server
+  -hal_nlinterceptor_server
 } domain:{ udp_socket rawip_socket } *;
 
 neverallow {
@@ -38,6 +40,7 @@
   -hal_wifi_hostapd_server
   -hal_wifi_supplicant_server
   -hal_telephony_server
+  -hal_nlinterceptor_server
 } {
   domain
   userdebug_or_eng(`-su')
commit	4ac3d74a7001cc4242ccc3b94fd4e8872da6e213	[log] [tgz]
author	Chris Weir <chrisweir@google.com>	Tue Oct 05 16:53:52 2021 -0700
committer	Chris Weir <chrisweir@google.com>	Tue Oct 26 10:03:14 2021 -0700
tree	a4457bee471e38514bcfc4365847b200bca9bbd0
parent	c0cd63704906116e8d8048c67f50b5888f51fed1 [diff] [blame]