hal_tetheroffload: Grant permissions
avc: denied { read write } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { setopt } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { getattr } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { create } for scontext=u:r:system_server:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
Bug: 29337859
Bug: 32163131
Test: adb shell getenforce
Enforcing
adb shell dumpsys connectivity tethering
Tethering:
...
Log:
...
06-28 11:46:58.841 - SET master tether settings: ON
06-28 11:46:58.857 - [OffloadController] tethering offload started
And logs show some signs of happiness:
06-28 11:46:58.853 816 947 I IPAHALService: IPACM was provided two FDs (18, 19)
06-28 11:46:58.853 1200 1571 I zygote64: Looking for service android.hardware.tetheroffload.control@1.0::IOffloadControl/default
Change-Id: I0c63bd2de334b4ca40e54efb9df4ed4904667e21
diff --git a/private/system_server.te b/private/system_server.te
index 3c3f82d..f06592a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -79,6 +79,9 @@
# Allow alarmtimers to be set
allow system_server self:capability2 wake_alarm;
+# Create and share netlink_netfilter_sockets for tetheroffload.
+allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+
# Use netlink uevent sockets.
allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;