Merge "Grant access to net_raw and net_admin to dumpstate."

commit: 797f32b2898b93533492d3ac318800693d5f2df8 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Wed Jun 22 16:48:20 2016 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Jun 22 16:48:20 2016 +0000
tree: a9c58e9c05d8c3a759a1061cb7586c76d5a5f053
parent: 108b74a193c8c424ee4579bae7f2f0444840428e [diff]
parent: 51fdddaf19981f9d77aafff228a6b2aedcdb97a1 [diff]
diff --git a/dumpstate.te b/dumpstate.te
index d31d45f..4a475d1 100644
--- a/dumpstate.te
+++ b/dumpstate.te

@@ -13,8 +13,13 @@
 # Allow dumpstate to scan through /proc/pid for all processes
 r_dir_file(dumpstate, domain)
 
-# Send signals to processes
-allow dumpstate self:capability kill;
+allow dumpstate self:capability {
+    # Send signals to processes
+    kill
+    # Run iptables
+    net_raw
+    net_admin
+};
 
 # Allow executing files on system, such as:
 #   /system/bin/toolbox
commit	797f32b2898b93533492d3ac318800693d5f2df8	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Wed Jun 22 16:48:20 2016 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Jun 22 16:48:20 2016 +0000
tree	a9c58e9c05d8c3a759a1061cb7586c76d5a5f053
parent	108b74a193c8c424ee4579bae7f2f0444840428e [diff]
parent	51fdddaf19981f9d77aafff228a6b2aedcdb97a1 [diff]