From 71a6a3ef5262f0ca45a5cf25a478c564d4219511 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 15 Feb 2016 17:16:06 +0900
Subject: [PATCH] Allow netd to use NETLINK_SOCK_DIAG.

This is needed to kill sockets using the new SOCK_DESTROY
operation instead of using SIOCKILLADDR.

Bug: 26976388

(cherry picked from commit b38e2790944d028a81089ec088ded54f269aa1f2)

Change-Id: Id80c6278f19f9fd20fe8d4fca72f84bff9249ed8
---
 netd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netd.te b/netd.te
index 0f4e89194..2c0fb15ce 100644
--- a/netd.te
+++ b/netd.te
@@ -18,6 +18,7 @@ allow netd self:netlink_kobject_uevent_socket create_socket_perms;
 allow netd self:netlink_route_socket nlmsg_write;
 allow netd self:netlink_nflog_socket create_socket_perms;
 allow netd self:netlink_socket create_socket_perms;
+allow netd self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read nlmsg_write };
 allow netd shell_exec:file rx_file_perms;
 allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
-- 
GitLab