Move microdroid sepolicy to system/sepolicy Bug: 190511750 Test: boot microdroid Change-Id: I4aa4a56e9be5103d70469c3508110a973f3e4f12

commit: e1389977e00124633c1165d778081afe6b185f92 [log] [tgz]
author: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
committer: Inseob Kim <inseob@google.com> Mon Jul 19 07:48:34 2021 +0000
tree: a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent: 951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]
diff --git a/microdroid/system/private/net.te b/microdroid/system/private/net.te
new file mode 100644
index 0000000..1b2fd41
--- /dev/null
+++ b/microdroid/system/private/net.te

@@ -0,0 +1,16 @@
+## Network types
+type node, node_type;
+type netif, netif_type;
+type port, port_type;
+
+###
+### Domain with network access
+###
+
+allow netdomain self:tcp_socket create_stream_socket_perms;
+allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
+
+allow netdomain port_type:tcp_socket name_connect;
+allow netdomain node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
+allow netdomain port_type:udp_socket name_bind;
+allow netdomain port_type:tcp_socket name_bind;
commit	e1389977e00124633c1165d778081afe6b185f92	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
committer	Inseob Kim <inseob@google.com>	Mon Jul 19 07:48:34 2021 +0000
tree	a516e15cb0e7dca45ecd53486ab6f99afa8998e1
parent	951bf93ad8941b7e2848b82dac92b8f75c13b279 [diff] [blame]