Skip to content
Snippets Groups Projects
Commit 1ecd2d8b authored by Conner Huff's avatar Conner Huff
Browse files

librmnetctl: Fix for avc denial in netmgrd 

tcontext=u:r:netmgrd:s0 tclass=netlink_socket permissive=0
netmgr calls librmnetctl init where librmnetctl creates socket.
Need to add SOCK_CLOEXEC flag while creating socket.
SOCK_CLOEXEC sets the close-on-exec (FD_CLOEXEC)
flag on the new file descriptor.

Change-Id: I7497737140ae7b0bd8eca27960fec2af209200c7
parent 48ccbdb0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
rmnetctl/src/librmnetctl.c
+ 2
2
View file @ 1ecd2d8b
...@@ -343,7 +343,7 @@ int rmnetctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code) ...@@ -343,7 +343,7 @@ int rmnetctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code)
break; break;
} }
(*hndl)->pid = (uint32_t)pid; (*hndl)->pid = (uint32_t)pid;
netlink_fd = socket(PF_NETLINK, SOCK_RAW, RMNET_NETLINK_PROTO); netlink_fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, RMNET_NETLINK_PROTO);
if (netlink_fd < MIN_VALID_SOCKET_FD) { if (netlink_fd < MIN_VALID_SOCKET_FD) {
free(*hndl); free(*hndl);
*error_code = RMNETCTL_INIT_ERR_NETLINK_FD; *error_code = RMNETCTL_INIT_ERR_NETLINK_FD;
...@@ -1027,7 +1027,7 @@ int rtrmnet_ctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code) ...@@ -1027,7 +1027,7 @@ int rtrmnet_ctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code)
return RMNETCTL_LIB_ERR; return RMNETCTL_LIB_ERR;
} }
(*hndl)->pid = KERNEL_PROCESS_ID; (*hndl)->pid = KERNEL_PROCESS_ID;
netlink_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); netlink_fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
if (netlink_fd < MIN_VALID_SOCKET_FD) { if (netlink_fd < MIN_VALID_SOCKET_FD) {
free(*hndl); free(*hndl);
*error_code = RMNETCTL_INIT_ERR_NETLINK_FD; *error_code = RMNETCTL_INIT_ERR_NETLINK_FD;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment