From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 19 Aug 2017 12:03:28 -0400
Subject: [refpolicy] [PATCH 1/1] Allow dhcpcd to use generic netlink and
 raw IP sockets
In-Reply-To: <20170817062353.22637-1-nicolas.iooss@m4x.org>
References: <20170817062353.22637-1-nicolas.iooss@m4x.org>
Message-ID: <c6d6ae53-66c1-7f30-4c51-a7aeb502594b@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/17/2017 02:23 AM, Nicolas Iooss via refpolicy wrote:
> dhcpcd uses a raw IPv6 socket to receive router advertisement and
> neighbor advertisement packets in
> https://roy.marples.name/git/dhcpcd.git/tree/ipv6nd.c?h=dhcpcd-6.11.5
> and uses NETLINK_GENERIC in
> https://roy.marples.name/git/dhcpcd.git/tree/if-linux.c?h=dhcpcd-6.11.5
> for some NetLink sockets.
> ---
>   policy/modules/system/sysnetwork.te | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index 1acf13d5ed5e..892f96445c3a 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -57,7 +57,9 @@ allow dhcpc_t self:fifo_file rw_fifo_file_perms;
>   allow dhcpc_t self:tcp_socket create_stream_socket_perms;
>   allow dhcpc_t self:udp_socket create_socket_perms;
>   allow dhcpc_t self:packet_socket create_socket_perms;
> +allow dhcpc_t self:netlink_generic_socket create_socket_perms;
>   allow dhcpc_t self:netlink_route_socket create_netlink_socket_perms;
> +allow dhcpc_t self:rawip_socket create_socket_perms;
>   
>   allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
>   read_lnk_files_pattern(dhcpc_t, dhcp_etc_t, dhcp_etc_t)

Merged.

-- 
Chris PeBenito