commit fd21dc0e1fd3f8605533a840611856eaaa0a0dc8
author Jorge Lucangeli Obes <jorgelo@google.com> Fri Mar 17 13:48:39 2017 -0400
committer Jorge Lucangeli Obes <jorgelo@google.com> Fri Mar 17 17:09:19 2017 -0400
tree abc196affae443dd315bda445337e24d9101c8f1
parent bfb6a6c5e759f849eebab0aec31f1e4dcef74ebb

ppp: Allow specific ioctls on mtp:socket.

The fix for b/35100237 surfaced this error. This SELinux policy
fragment was included only on Marlin, but needs to be included in core
policy.

Bug: 35100237
Test: With https://android-review.googlesource.com/#/c/354292/
Test: Set up PPTP VPN using http://www.vpnbook.com/ on Marlin.
Test: Connect:
03-17 15:41:22.602  3809  3809 I mtpd    : Starting pppd (pppox = 9)
03-17 15:41:22.628  3811  3811 I pppd    : Using PPPoX (socket = 9)
03-17 15:41:22.637  3811  3811 I pppd    : pppd 2.4.7 started by vpn, uid 1016
03-17 15:41:22.639  3811  3811 I pppd    : Using interface ppp0
03-17 15:41:22.639  3811  3811 I pppd    : Connect: ppp0 <-->
03-17 15:41:22.770  3811  3811 I pppd    : CHAP authentication succeeded
03-17 15:41:22.909  3811  3811 I pppd    : MPPE 128-bit stateless compression enabled
03-17 15:41:23.065  3811  3811 I pppd    : local  IP address 172.16.36.113
03-17 15:41:23.065  3811  3811 I pppd    : remote IP address 172.16.36.1
03-17 15:41:23.065  3811  3811 I pppd    : primary   DNS address 8.8.8.8
03-17 15:41:23.065  3811  3811 I pppd    : secondary DNS address 91.239.100.100

Change-Id: I192b4dfc9613d1000f804b9c4ca2727d502a1927

public/ppp.te

diff --git a/public/ppp.te b/public/ppp.te
index 9c1b707..7a5eada 100644
--- a/public/ppp.te
+++ b/public/ppp.te
@@ -7,7 +7,12 @@
 
 r_dir_file(ppp, proc_net)
 
-allow ppp mtp:socket rw_socket_perms_no_ioctl;
+allow ppp mtp:socket rw_socket_perms;
+
+# ioctls needed for VPN.
+allowxperm ppp self:udp_socket ioctl priv_sock_ioctls;
+allowxperm ppp mtp:socket ioctl ppp_ioctls;
+
 allow ppp mtp:unix_dgram_socket rw_socket_perms;
 allow ppp ppp_device:chr_file rw_file_perms;
 allow ppp self:capability net_admin;