Introduce fwmarkd: a service to set the fwmark of sockets.
(cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907)
Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
diff --git a/file.te b/file.te
index ac4220f..00f1589 100644
--- a/file.te
+++ b/file.te
@@ -118,6 +118,7 @@
type bluetooth_socket, file_type;
type dnsproxyd_socket, file_type, mlstrustedobject;
type dumpstate_socket, file_type;
+type fwmarkd_socket, file_type, mlstrustedobject;
type gps_socket, file_type;
type installd_socket, file_type;
type lmkd_socket, file_type;
diff --git a/file_contexts b/file_contexts
index 0926d74..74c6db3 100644
--- a/file_contexts
+++ b/file_contexts
@@ -79,6 +79,7 @@
/dev/socket/adbd u:object_r:adbd_socket:s0
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
+/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0
/dev/socket/gps u:object_r:gps_socket:s0
/dev/socket/installd u:object_r:installd_socket:s0
/dev/socket/lmkd u:object_r:lmkd_socket:s0
diff --git a/net.te b/net.te
index 9942efe..6aa12f2 100644
--- a/net.te
+++ b/net.te
@@ -18,5 +18,8 @@
# Talks to netd via dnsproxyd socket.
unix_socket_connect(netdomain, dnsproxyd, netd)
+# Talks to netd via fwmarkd socket.
+unix_socket_connect(netdomain, fwmarkd, netd)
+
# Connect to mdnsd via mdnsd socket.
unix_socket_connect(netdomain, mdnsd, mdnsd)
diff --git a/netd.te b/netd.te
index 46cc436..6fe1ad3 100644
--- a/netd.te
+++ b/netd.te
@@ -58,6 +58,10 @@
allow netd ctl_mdnsd_prop:property_service set;
+# Allow netd to operate on sockets that are passed to it.
+allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
+allow netd netdomain:fd use;
+
###
### Neverallow rules
###