Rename SupplementalProcess to SdkSandbox Ignore-AOSP-First: sepolicy is not in aosp, yet Bug: 220320098 Test: presubmit Change-Id: I9fb98e0caee75bdaaa35d11d174004505f236799

commit: e2da633ef7d872527187010267440535abfa5bc6 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Mon Feb 21 17:55:59 2022 +0000
committer: Nikita Ioffe <ioffe@google.com> Wed Feb 23 20:44:20 2022 +0000
tree: 64964241766e57929234f9731876b5cd1d87a55c
parent: e04261ab2eca07292055f4f3c2ad94505b09aa3f [diff] [blame]
diff --git a/private/net.te b/private/net.te
index 3e20274..9e15f41 100644
--- a/private/net.te
+++ b/private/net.te

@@ -1,7 +1,7 @@
 # Bind to ports.
-allow {netdomain -ephemeral_app -supplemental_process} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
-allow {netdomain -ephemeral_app -supplemental_process} port_type:udp_socket name_bind;
-allow {netdomain -ephemeral_app -supplemental_process} port_type:tcp_socket name_bind;
+allow {netdomain -ephemeral_app -sdk_sandbox} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
+allow {netdomain -ephemeral_app -sdk_sandbox} port_type:udp_socket name_bind;
+allow {netdomain -ephemeral_app -sdk_sandbox} port_type:tcp_socket name_bind;
 
 # b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
 # untrusted_apps.
@@ -12,7 +12,7 @@
   netdomain
   -ephemeral_app
   -mediaprovider
-  -supplemental_process
+  -sdk_sandbox
   -untrusted_app_all
 } self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
commit	e2da633ef7d872527187010267440535abfa5bc6	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Mon Feb 21 17:55:59 2022 +0000
committer	Nikita Ioffe <ioffe@google.com>	Wed Feb 23 20:44:20 2022 +0000
tree	64964241766e57929234f9731876b5cd1d87a55c
parent	e04261ab2eca07292055f4f3c2ad94505b09aa3f [diff] [blame]