system_server: add policy for getConnectionOwnerUid API Bug: 9496886 Bug: 109758967 Test: atest HostsideVpnTests Change-Id: I1716d9c740b374b861e691b31ab271c681cf6bff

commit: d1b14ab732ddcfc54ef597035a49c67a2a380725 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Mon Jul 23 22:05:38 2018 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Thu Sep 13 21:29:12 2018 -0700
tree: 8fc15b3383e205cce7cdffa91069beb338033ead
parent: 702fd0afacf27c62e2743a72ebeae4021a5b595c [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 7c81c45..7b0ddaa 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -78,6 +78,9 @@
 # Create and share netlink_netfilter_sockets for tetheroffload.
 allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
 
+# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps.
+allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 # Use netlink uevent sockets.
 allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
commit	d1b14ab732ddcfc54ef597035a49c67a2a380725	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Mon Jul 23 22:05:38 2018 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Thu Sep 13 21:29:12 2018 -0700
tree	8fc15b3383e205cce7cdffa91069beb338033ead
parent	702fd0afacf27c62e2743a72ebeae4021a5b595c [diff]