Merge "More neverallow rules"

commit: ff77fc8072ab51d690b3f85704126a670cb1ee47 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Dec 09 09:00:17 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Dec 09 09:00:17 2021 +0000
tree: d0bbdfb53ed2900a3e92e26c3119887ec3afac35
parent: b7ed015cd805a6a5541b1b555c20488ffa6fcb3d [diff]
parent: 72c013438443e0ed273a24e9b5126ccf9455c129 [diff]
diff --git a/public/hal_nlinterceptor.te b/public/hal_nlinterceptor.te
index 2076de8..1a738a5 100644
--- a/public/hal_nlinterceptor.te
+++ b/public/hal_nlinterceptor.te

@@ -5,4 +5,4 @@
 
 allow hal_nlinterceptor self:global_capability_class_set net_admin;
 allow hal_nlinterceptor self:netlink_generic_socket create_socket_perms_no_ioctl;
-allow hal_nlinterceptor self:netlink_route_socket { nlmsg_readpriv nlmsg_write };
+allow hal_nlinterceptor self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_readpriv nlmsg_write };
commit	ff77fc8072ab51d690b3f85704126a670cb1ee47	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Dec 09 09:00:17 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Dec 09 09:00:17 2021 +0000
tree	d0bbdfb53ed2900a3e92e26c3119887ec3afac35
parent	b7ed015cd805a6a5541b1b555c20488ffa6fcb3d [diff]
parent	72c013438443e0ed273a24e9b5126ccf9455c129 [diff]