Merge "Thread: allow ot-rcp to bind a specific netif" into main

commit: 60f55289f88da59391e248a4df22f1993aebd4e7 [log] [tgz]
author: Yakun Xu <xyk@google.com> Fri May 17 03:52:14 2024 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri May 17 03:52:14 2024 +0000
tree: 41c9cd10b4e5aea1a72bd53d2b94800dce6ecdd0
parent: 1b85ead32281d21099a8f3a33fd7eccb4bc3cbc8 [diff]
parent: c5f8e959d3ade58d91d2e695db61145da278b3a6 [diff]
diff --git a/vendor/ot_rcp.te b/vendor/ot_rcp.te
index b1f57a7..f630370 100644
--- a/vendor/ot_rcp.te
+++ b/vendor/ot_rcp.te

@@ -8,10 +8,12 @@
 userdebug_or_eng(`
 domain_auto_trans(hal_threadnetwork_default, ot_rcp_exec, ot_rcp)
 allow hal_threadnetwork_default devpts:chr_file {open read write ioctl};
+allow hal_threadnetwork_default ot_rcp:process signal;
 allow ot_rcp hal_threadnetwork_default:fd use;
 allow ot_rcp hal_threadnetwork_default:fifo_file rw_file_perms;
 allow ot_rcp devpts:chr_file {read write ioctl};
-allow ot_rcp self:udp_socket create_socket_perms_no_ioctl;
+allow ot_rcp self:udp_socket { bind create ioctl read setopt write };
 allow ot_rcp node:udp_socket node_bind;
 allow ot_rcp port:udp_socket name_bind;
+allow ot_rcp self:netlink_route_socket { nlmsg_read nlmsg_readpriv create read write };
 ')
commit	60f55289f88da59391e248a4df22f1993aebd4e7	[log] [tgz]
author	Yakun Xu <xyk@google.com>	Fri May 17 03:52:14 2024 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri May 17 03:52:14 2024 +0000
tree	41c9cd10b4e5aea1a72bd53d2b94800dce6ecdd0
parent	1b85ead32281d21099a8f3a33fd7eccb4bc3cbc8 [diff]
parent	c5f8e959d3ade58d91d2e695db61145da278b3a6 [diff]