From 47c2dee5c20b6973c6a8e2d52315a4e2c0a94782 Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <reminv@google.com>
Date: Fri, 14 Dec 2018 14:13:52 +0900
Subject: [PATCH] Add selinux policies for network stack service

The policies allow the system server to register a network_stack_service
used to communicate with the network stack process.

Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: Ib9b7d9150fe4afcce03c8b3dbb36b81c67e39366
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/compat/27.0/27.0.ignore.cil | 1 +
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/service_contexts            | 1 +
 public/service.te                   | 1 +
 5 files changed, 5 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 8ddefa1f4..f40ca7768 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -122,6 +122,7 @@
     mnt_vendor_file
     netd_stable_secret_prop
     network_stack
+    network_stack_service
     network_watchlist_data_file
     network_watchlist_service
     overlayfs_file
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 994fb0727..88cf5d621 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -110,6 +110,7 @@
     mnt_product_file
     mnt_vendor_file
     network_stack
+    network_stack_service
     network_watchlist_data_file
     network_watchlist_service
     overlayfs_file
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 1131cbd99..0e1b41484 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -63,6 +63,7 @@
     mediaswcodec_tmpfs
     mnt_product_file
     network_stack
+    network_stack_service
     overlayfs_file
     permissionmgr_service
     recovery_socket
diff --git a/private/service_contexts b/private/service_contexts
index c90f93b11..467a23dba 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -118,6 +118,7 @@ mount                                     u:object_r:mount_service:s0
 netd                                      u:object_r:netd_service:s0
 netpolicy                                 u:object_r:netpolicy_service:s0
 netstats                                  u:object_r:netstats_service:s0
+network_stack                             u:object_r:network_stack_service:s0
 network_management                        u:object_r:network_management_service:s0
 network_score                             u:object_r:network_score_service:s0
 network_time_update_service               u:object_r:network_time_update_service:s0
diff --git a/public/service.te b/public/service.te
index 4a404b38b..a549b2f43 100644
--- a/public/service.te
+++ b/public/service.te
@@ -118,6 +118,7 @@ type netpolicy_service, app_api_service, ephemeral_app_api_service, system_serve
 type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type network_score_service, system_api_service, system_server_service, service_manager_type;
+type network_stack_service, system_server_service, service_manager_type;
 type network_time_update_service, system_server_service, service_manager_type;
 type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type oem_lock_service, system_api_service, system_server_service, service_manager_type;
-- 
GitLab