xs-android13
/
device
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
device/google/cuttlefish/shared/sepolicy/vendor/socket_vsock_proxy.te

12 lines
541 B
Plaintext
Raw Permalink Blame History

type socket_vsock_proxy, domain, netdomain;
type socket_vsock_proxy_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(socket_vsock_proxy)
allow socket_vsock_proxy self:global_capability_class_set { net_admin net_raw };
allow socket_vsock_proxy self:{ socket vsock_socket } { create getopt read write getattr listen accept bind shutdown };
# TODO: socket returned by accept() has unlabeled context on it. Give it a
# specific label.
allow socket_vsock_proxy unlabeled:{ socket vsock_socket } { getopt read write shutdown };
Reference in New Issue View Git Blame Copy Permalink