From a7dd2aba2aec2af417c719f851c738f54774bfb4 Mon Sep 17 00:00:00 2001 From: Peter Cai Date: Sat, 16 Mar 2024 16:42:51 -0400 Subject: [PATCH] gsi: sepolicy: Allow network_stack to access fs_bpf Commit e00315 [packages/modules/Connectivity] introduced isUidNetworkingBlocked which requires accessing fs_bpf_netd_private. This is not present on devices with R vendor. Let's simply fix it by allowing all bpf access for now. --- sepolicy/private/network_stack.te | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 sepolicy/private/network_stack.te diff --git a/sepolicy/private/network_stack.te b/sepolicy/private/network_stack.te new file mode 100644 index 0000000..ff8f82a --- /dev/null +++ b/sepolicy/private/network_stack.te @@ -0,0 +1,4 @@ +# R vendor devices may not have fs_bpf_netd_private etc. +# Allow network stack to do whatever with fs_bpf +allow network_stack fs_bpf:dir search; +allow network_stack fs_bpf:file { getattr read write };