selinux changes for DNS metrics.
1. Allow the system server to create the dns_listener service.
2. Allow netd to use said service.
Change-Id: Ic6394d7b2bdebf1c4d6cf70a79754a4996e943e2
diff --git a/netd.te b/netd.te
index 51445fc..6864ad6 100644
--- a/netd.te
+++ b/netd.te
@@ -65,6 +65,9 @@
allow netd system_server:binder call;
allow netd permission_service:service_manager find;
+# Allow netd to talk to the framework service which collects DNS query metrics.
+allow netd dns_listener_service:service_manager find;
+
# Allow netd to operate on sockets that are passed to it.
allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
allow netd netdomain:fd use;
diff --git a/service.te b/service.te
index bd6ab38..0005e61 100644
--- a/service.te
+++ b/service.te
@@ -49,6 +49,7 @@
type devicestoragemonitor_service, system_server_service, service_manager_type;
type diskstats_service, system_api_service, system_server_service, service_manager_type;
type display_service, app_api_service, system_server_service, service_manager_type;
+type dns_listener_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, system_server_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index 288ff90..11c0736 100644
--- a/service_contexts
+++ b/service_contexts
@@ -34,6 +34,7 @@
diskstats u:object_r:diskstats_service:s0
display.qservice u:object_r:surfaceflinger_service:s0
display u:object_r:display_service:s0
+dns_listener u:object_r:dns_listener_service:s0
DockObserver u:object_r:DockObserver_service:s0
dreams u:object_r:dreams_service:s0
drm.drmManager u:object_r:drmserver_service:s0