32 lines
1.7 KiB
Diff
32 lines
1.7 KiB
Diff
From a56636e9543054107dfcfc9f77533fc05df053c6 Mon Sep 17 00:00:00 2001
|
|
From: danielzhang130 <37479705+danielzhang130@users.noreply.github.com>
|
|
Date: Fri, 12 Apr 2024 13:01:08 -0400
|
|
Subject: [PATCH] Fix sepolicy for kernel < 5.10 that doesn't support bpf file
|
|
context (#1)
|
|
|
|
Change-Id: I877bd90b1dc74c9d2f7713c70fd9aebd92331085
|
|
|
|
Signed-off-by: Daniel Zhang <danielzhang130@gmail.com>
|
|
---
|
|
private/network_stack.te | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/private/network_stack.te b/private/network_stack.te
|
|
index 7587c1f46..9e6bd4b12 100644
|
|
--- a/private/network_stack.te
|
|
+++ b/private/network_stack.te
|
|
@@ -61,8 +61,8 @@ hal_client_domain(network_stack, hal_tetheroffload)
|
|
allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
|
|
allow network_stack network_stack_service:service_manager find;
|
|
# allow Tethering(network_stack process) to run/update/read the eBPF maps to offload tethering traffic by eBPF.
|
|
-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
|
|
-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
|
|
+allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
|
|
+allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
|
|
allow network_stack bpfloader:bpf { map_read map_write prog_run };
|
|
# allow Tethering(network_stack process) to read flag value in tethering_u_or_later_native namespace
|
|
get_prop(network_stack, device_config_tethering_u_or_later_native_prop)
|
|
--
|
|
2.34.1
|
|
|