Merge "netd.te: allow netd to bind to ports <1024 (including dns: 53 & 853)" into main

commit: 9506eb4f75fba191ac0ac2e34d1b9f61d5d67723 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Jan 14 04:08:26 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 14 04:08:26 2025 -0800
tree: dc690de12c0be779e2c90bfb3e91ee0ab3cb4d2a
parent: 86643e532be5808d5e992acec6b161d6fe05961c [diff]
parent: 17dc3a1a88740001cc55b16ace012ebbe570933b [diff]
diff --git a/private/netd.te b/private/netd.te
index 8b6ea4c..3b3c697 100644
--- a/private/netd.te
+++ b/private/netd.te

@@ -48,7 +48,7 @@
 
 allow netd system_server:fd use;
 
-allow netd self:global_capability_class_set { net_admin net_raw kill };
+allow netd self:global_capability_class_set { net_admin net_raw net_bind_service kill };
 # Note: fsetid is deliberately not included above. fsetid checks are
 # triggered by chmod on a directory or file owned by a group other
 # than one of the groups assigned to the current process to see if
commit	9506eb4f75fba191ac0ac2e34d1b9f61d5d67723	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Tue Jan 14 04:08:26 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jan 14 04:08:26 2025 -0800
tree	dc690de12c0be779e2c90bfb3e91ee0ab3cb4d2a
parent	86643e532be5808d5e992acec6b161d6fe05961c [diff]
parent	17dc3a1a88740001cc55b16ace012ebbe570933b [diff]