netd/netutils_wrapper/network_stack/system_server - allow getattr on bpf progs/maps This is so that we can potentially verify that things are setup right. Test: TreeHugger Bug: 275209284 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I59a49cbece2710345fff0b2fb98e32f4e5f3af44

commit: 52c8a2ebd5bb2403b86823b12aedebd62c2ab32b [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Mon Mar 27 18:14:40 2023 -0700
committer: Maciej Żenczykowski <maze@google.com> Tue Mar 28 03:11:42 2023 +0000
tree: 6a1511cdb243e20d67193a941d5f023a29abbce0
parent: c9ff8d010bfd3d4bf8bbc3ca204f92e8c398468d [diff] [blame]
diff --git a/private/netd.te b/private/netd.te
index ae43e47..8be8212 100644
--- a/private/netd.te
+++ b/private/netd.te

@@ -7,7 +7,7 @@
 domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
 
 allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared }:dir search;
-allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared }:file read;
+allow netd { fs_bpf fs_bpf_netd_readonly fs_bpf_netd_shared }:file { getattr read };
 allow netd { fs_bpf                      fs_bpf_netd_shared }:file write;
 
 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
commit	52c8a2ebd5bb2403b86823b12aedebd62c2ab32b	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Mon Mar 27 18:14:40 2023 -0700
committer	Maciej Żenczykowski <maze@google.com>	Tue Mar 28 03:11:42 2023 +0000
tree	6a1511cdb243e20d67193a941d5f023a29abbce0
parent	c9ff8d010bfd3d4bf8bbc3ca204f92e8c398468d [diff] [blame]