allow ot_daemon to read/write sockets shared by system_server system_server creates an ICMPv6 socket and send it to ot_daemon via ParcelFileDescriptor. ot_daemon will use that socket to send/receive ICMPv6 messages. Here's how the socket is created in System Server: int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); Bug: 294486086 Security consultation bug: 296809188 Test: Verified on a cuttlefish Change-Id: I9d479c9da01187a0e476591f447f7199ecb3a409

commit: 8612e80d184357d4e5a560770f88504b75f9e464 [log] [tgz]
author: Handa Wang <handaw@google.com> Wed Aug 23 15:40:49 2023 +0800
committer: Handa Wang <handaw@google.com> Fri Sep 22 02:18:46 2023 +0000
tree: 808fc9a4c20e0e06d413dc61d24cdecec49de426
parent: 5e82983ee48d6e5358d5112708e175ab1c893bf0 [diff]
diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index cdf5486..1021fd9 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te

@@ -20,6 +20,9 @@
 # Allow OT daemon to read/write the Thread tunnel interface
 allow ot_daemon tun_device:chr_file {read write};
 
+# Allow OT daemon to read/write on the socket created by System Server
+allow ot_daemon system_server:rawip_socket rw_socket_perms_no_ioctl;
+
 hal_client_domain(ot_daemon, hal_threadnetwork)
 
 # Only ot_daemon can publish the binder service
commit	8612e80d184357d4e5a560770f88504b75f9e464	[log] [tgz]
author	Handa Wang <handaw@google.com>	Wed Aug 23 15:40:49 2023 +0800
committer	Handa Wang <handaw@google.com>	Fri Sep 22 02:18:46 2023 +0000
tree	808fc9a4c20e0e06d413dc61d24cdecec49de426
parent	5e82983ee48d6e5358d5112708e175ab1c893bf0 [diff]