network_stack - dontaudit getopt on key_socket
W droid.tethering: type=1400 audit(0.0:10): avc: denied { getopt } for scontext=u:r:network_stack:s0 tcontext=u:r:network_stack:s0 tclass=key_socket permissive=0
Test: atest, TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia761911feb875554e5563f44a44dd3702ade41ea
diff --git a/private/network_stack.te b/private/network_stack.te
index 6fa3055..9a22a19 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -32,6 +32,9 @@
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
# TODO: Remove this permission when 4.9 kernel is deprecated.
allow network_stack self:key_socket create;
+# Java's Os.close() in libcore/luni/src/main/java/libcore/io/BlockGuardOs.java;l=100
+# calls if (fd.isSocket$()) if (isLingerSocket(fd)) ...
+dontaudit network_stack self:key_socket getopt;
# Grant read permission of connectivity namespace system property prefix.
get_prop(network_stack, device_config_connectivity_prop)