From 63a93156014e6731b3f9627c6487f9f916b1b4cd Mon Sep 17 00:00:00 2001
From: Nathan Harold <nharold@google.com>
Date: Wed, 1 Mar 2017 20:29:21 -0800
Subject: [PATCH] Update Common NetD SEPolicy to allow Netlink XFRM

In order to perform XFRM operations NetD needs the
ability to both read and write Netlink XFRM messages.

Bug: 34811756
Test: 34812052

Change-Id: I26831c58b24a4c1f344b113f0b5cf47ed2c93fee
(cherry picked from commit 7eb3dd3b02693852d6dee1e8e1135d3d9b201b86)
---
 public/netd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/netd.te b/public/netd.te
index 81f4af42b..35d9b7cee 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -80,6 +80,9 @@ allow netd netdomain:{
 } { read write getattr setattr getopt setopt };
 allow netd netdomain:fd use;
 
+# give netd permission to read and write netlink xfrm
+allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab