Add permission for NetworkStack updatability NetworkStack will need to use netlink_tcpdiag_socket to get tcp info. In order to support updatability for NetworkStack as it's a mainline module, get the information from kernel directly to reduce the dependecy with framework. Test: Build and test if NetworkStack can get the tcp_info without SEPolicy exception Bug: 136162280 Change-Id: I8f584f27d5ece5e97090fb5fafe8c70c5cbbe123

commit: e063585bbf0892e605b2ca1406eb61490fa8ad76 [log] [tgz]
author: Chiachang Wang <chiachangwang@google.com> Sat Oct 12 20:49:23 2019 +0900
committer: Chiachang Wang <chiachangwang@google.com> Sat Oct 12 21:21:10 2019 +0900
tree: fb753120e65b0ac15b372d486b26840f2481cbfc
parent: 0c8a90693ab273a6c10624d65310fb9c37f0a5f0 [diff] [blame]
diff --git a/private/network_stack.te b/private/network_stack.te
index 4fd31bd..6db7d8f 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te

@@ -67,3 +67,6 @@
 # dumpstate support
 allow network_stack dumpstate:fd use;
 allow network_stack dumpstate:fifo_file write;
+
+# Create/use netlink_tcpdiag_socket to get tcp info
+allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
commit	e063585bbf0892e605b2ca1406eb61490fa8ad76	[log] [tgz]
author	Chiachang Wang <chiachangwang@google.com>	Sat Oct 12 20:49:23 2019 +0900
committer	Chiachang Wang <chiachangwang@google.com>	Sat Oct 12 21:21:10 2019 +0900
tree	fb753120e65b0ac15b372d486b26840f2481cbfc
parent	0c8a90693ab273a6c10624d65310fb9c37f0a5f0 [diff] [blame]