From bbdb25f680600326c94b3f21bfc30b50cc6dfc74 Mon Sep 17 00:00:00 2001
From: Daniel Mentz <danielmentz@google.com>
Date: Wed, 28 Nov 2018 12:14:12 -0800
Subject: [PATCH] Allow hal_usb to call getsockopt on uevent socket

We are making a change to uevent_open_socket() in libcutils related to
setting the receive buffer size of netlink uevent sockets.

After setting SO_RCVBUF, we immediately read it back using getsockopt()
to verify that the setsockopt() call was effective. Only if it was not
effective, we call setsockopt() with SO_RCVBUFFORCE.

getsockopt() previously caused SELinux denials like the following:

 avc: denied { getopt } for comm="usb@1.1-service" scontext=u:r:hal_usb_default:s0 tcontext=u:r:hal_usb_default:s0 tclass=netlink_kobject_uevent_socket permissive=0

Bug: 119933843
Change-Id: I7bbb1eb1fa7ade2c94afc52ab1e28762f86a7d1f
---
 public/hal_usb.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/hal_usb.te b/public/hal_usb.te
index b8034b88e..38bc49a21 100644
--- a/public/hal_usb.te
+++ b/public/hal_usb.te
@@ -6,6 +6,7 @@ hal_attribute_hwservice(hal_usb, hal_usb_hwservice)
 
 allow hal_usb self:netlink_kobject_uevent_socket create;
 allow hal_usb self:netlink_kobject_uevent_socket setopt;
+allow hal_usb self:netlink_kobject_uevent_socket getopt;
 allow hal_usb self:netlink_kobject_uevent_socket bind;
 allow hal_usb self:netlink_kobject_uevent_socket read;
 allow hal_usb sysfs:dir open;
-- 
GitLab