Allow dhcp rawip_socket permissions.
dhcpcd opens a raw ip socket in ipv6rs_open() to use ICMPv6. This
facility should be available for all devices which have a need to
use it.
Addresses the following denials:
<5>[ 42.699877] type=1400 audit(1392332560.306:8): avc: denied { create } for pid=983 comm="dhcpcd" scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket
<5>[ 42.699993] type=1400 audit(1392332560.306:9): avc: denied { setopt } for pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket
<5>[ 42.732208] type=1400 audit(1392332560.338:10): avc: denied { write } for pid=983 comm="dhcpcd" lport=58 scontext=u:r:dhcp:s0 tcontext=u:r:dhcp:s0 tclass=rawip_socket
Bug: 12473306
Change-Id: Iee57a0cb4c2d2085a24d4b5fb23a5488f0fd3e03
diff --git a/dhcp.te b/dhcp.te
index 785b204..c930b0f 100644
--- a/dhcp.te
+++ b/dhcp.te
@@ -10,6 +10,7 @@
allow dhcp self:capability { setgid setuid net_admin net_raw net_bind_service };
allow dhcp self:packet_socket create_socket_perms;
allow dhcp self:netlink_route_socket { create_socket_perms nlmsg_write };
+allow dhcp self:rawip_socket create_socket_perms;
allow dhcp shell_exec:file rx_file_perms;
allow dhcp system_file:file rx_file_perms;
# For /proc/sys/net/ipv4/conf/*/promote_secondaries