Allow all Apps to Recv UDP Sockets from SystemServer Access to this functionality is gated elsewhere e.g. by allowing/disallowing access to the service. Bug: 237512474 Test: IpSecManagerTest Test: Manual with GMSCore + PPN library Change-Id: Ibb00b7c470a4cb148cfdcfb6b147edde45e49b1a

commit: 7295721417f1d6c262befdce4d1bf4c1b5e81961 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Jul 01 10:08:34 2022 +0200
committer: Pavel Grafov <pgrafov@google.com> Fri Jul 01 12:41:28 2022 +0100
tree: 4e43dc3a13c16c788c84dfca3aeec9c1271e2d26
parent: 038018e113c0080eb48e2b31a8737929ba5d9057 [diff]
diff --git a/private/app.te b/private/app.te
index 7033cb6..269609a 100644
--- a/private/app.te
+++ b/private/app.te

@@ -44,6 +44,11 @@
 # Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
 allow { appdomain -sdk_sandbox } mnt_media_rw_file:dir search;
 
+# allow apps to use UDP sockets provided by the system server but not
+# modify them other than to connect
+allow appdomain system_server:udp_socket {
+        connect getattr read recvfrom sendto write getopt setopt };
+
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
         relabelfrom relabelto setattr shutdown };
commit	7295721417f1d6c262befdce4d1bf4c1b5e81961	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Jul 01 10:08:34 2022 +0200
committer	Pavel Grafov <pgrafov@google.com>	Fri Jul 01 12:41:28 2022 +0100
tree	4e43dc3a13c16c788c84dfca3aeec9c1271e2d26
parent	038018e113c0080eb48e2b31a8737929ba5d9057 [diff]