Label /dev/socket/mdns with its own type.
Otherwise it gets left in the general device type, and we get denials such
as:
type=1400 msg=audit(1379617262.940:102): avc: denied { write } for pid=579 comm="mDnsConnector" name="mdns" dev="tmpfs" ino=3213 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=sock_file
This of course only shows up if using a confined system_server.
Change-Id: I2456dd7aa4d72e6fd15b55c251245186eb54a80a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/file.te b/file.te
index a9729cb..bc2b5b4 100644
--- a/file.te
+++ b/file.te
@@ -90,6 +90,7 @@
type gps_socket, file_type;
type installd_socket, file_type;
type keystore_socket, file_type;
+type mdns_socket, file_type;
type netd_socket, file_type;
type property_socket, file_type;
type qemud_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 3fe7d3f..e128420 100644
--- a/file_contexts
+++ b/file_contexts
@@ -85,6 +85,7 @@
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
/dev/socket/installd u:object_r:installd_socket:s0
/dev/socket/keystore u:object_r:keystore_socket:s0
+/dev/socket/mdns u:object_r:mdns_socket:s0
/dev/socket/netd u:object_r:netd_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/qemud u:object_r:qemud_socket:s0