sepolicy: grant network_stack CAP_WAKE_ALARM It is effectively an oversight that bluetooth has this but network stack does not. This prevents the network stack process from (for example) using timerfd_create with CLOCK_{REAL,BOOT}TIME_ALARM, without trampolining through parts of the mainline module which are shipped as part of the system server. See: https://man7.org/linux/man-pages/man2/timerfd_create.2.html Bug: 316171727 Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Iba95c80f830784a587fa4df6867a99bcb96ace79

commit: fd0efeb043f85dae7befae47769144d785f149da [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Fri Dec 08 09:30:54 2023 +0000
committer: Maciej Żenczykowski <maze@google.com> Wed Dec 13 18:52:51 2023 +0000
tree: 7d807f05faa5c892a7c54972258e316b26f1ab39
parent: 34820408dd86ab8a69f6bbda88c63b79a25d01fc [diff] [blame]
diff --git a/private/network_stack.te b/private/network_stack.te
index 8e09be8..7587c1f 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te

@@ -13,6 +13,8 @@
     net_raw
 };
 
+allow network_stack self:global_capability2_class_set wake_alarm;
+
 # Allow access to net_admin ioctl, DHCP server uses SIOCSARP
 allowxperm network_stack self:udp_socket ioctl priv_sock_ioctls;
commit	fd0efeb043f85dae7befae47769144d785f149da	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Fri Dec 08 09:30:54 2023 +0000
committer	Maciej Żenczykowski <maze@google.com>	Wed Dec 13 18:52:51 2023 +0000
tree	7d807f05faa5c892a7c54972258e316b26f1ab39
parent	34820408dd86ab8a69f6bbda88c63b79a25d01fc [diff] [blame]