Add SELinux rawip_socket policy for netmgrd.

This is policy that allows certain non UDP or TCP IP sockets to occur. Addresses the following denials. avc: denied { create } for pid=660 comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=rawip_socket avc: denied { setopt } for pid=660 comm="netmgrd" lport=58 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=rawip_socket avc: denied { write } for pid=660 comm="netmgrd" lport=58 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=rawip_socket Change-Id: I5208753e9703f248f3662e73f1f0bfcc9ce2c107 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
author: Robert Craig <rpcraig@tycho.ncsc.mil> 2014-03-02 19:59:06 -0500
committer: Robert Craig <rpcraig@tycho.ncsc.mil> 2014-03-02 20:02:47 -0500
commit: 34ca432b1c596caa45d06e59bc2d0cea14989c04 (patch)
tree: 33c51cb0607c5b1e82aeb3a908b33ad3971405fb /sepolicy
parent: ba6a7e59af9a0e90487299231bbbde9401502d89 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index 2b737d8..3abc484 100644
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -17,6 +17,7 @@ allow netmgrd self:udp_socket { create ioctl };
 allow netmgrd self:netlink_socket create_socket_perms;
 allow netmgrd self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow netmgrd self:packet_socket create_socket_perms;
+allow netmgrd self:rawip_socket create_socket_perms;
 
 # Talk to qmuxd (qmux_radio)
 qmux_socket(netmgrd)
author	Robert Craig <rpcraig@tycho.ncsc.mil>	2014-03-02 19:59:06 -0500
committer	Robert Craig <rpcraig@tycho.ncsc.mil>	2014-03-02 20:02:47 -0500
commit	34ca432b1c596caa45d06e59bc2d0cea14989c04 (patch)
tree	33c51cb0607c5b1e82aeb3a908b33ad3971405fb /sepolicy
parent	ba6a7e59af9a0e90487299231bbbde9401502d89 (diff)