From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Thu, 17 Aug 2017 08:23:53 +0200
Subject: [refpolicy] [PATCH 1/1] Allow dhcpcd to use generic netlink and raw
	IP sockets
Message-ID: <20170817062353.22637-1-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

dhcpcd uses a raw IPv6 socket to receive router advertisement and
neighbor advertisement packets in
https://roy.marples.name/git/dhcpcd.git/tree/ipv6nd.c?h=dhcpcd-6.11.5
and uses NETLINK_GENERIC in
https://roy.marples.name/git/dhcpcd.git/tree/if-linux.c?h=dhcpcd-6.11.5
for some NetLink sockets.
---
 policy/modules/system/sysnetwork.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 1acf13d5ed5e..892f96445c3a 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -57,7 +57,9 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
 allow dhcpc_t self:tcp_socket create_stream_socket_perms;
 allow dhcpc_t self:udp_socket create_socket_perms;
 allow dhcpc_t self:packet_socket create_socket_perms;
+allow dhcpc_t self:netlink_generic_socket create_socket_perms;
 allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
+allow dhcpc_t self:rawip_socket create_socket_perms;
 
 allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
 read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)
-- 
2.14.1