librmnetctl: Fix for avc denial in netmgrd

tcontext=u:r:netmgrd:s0 tclass=netlink_socket permissive=0 netmgr calls librmnetctl init where librmnetctl creates socket. Need to add SOCK_CLOEXEC flag while creating socket. SOCK_CLOEXEC sets the close-on-exec (FD_CLOEXEC) flag on the new file descriptor. Change-Id: I7497737140ae7b0bd8eca27960fec2af209200c7
author: Conner Huff <chuff@codeaurora.org> 2018-04-20 11:12:35 -0700
committer: Conner Huff <chuff@codeaurora.org> 2018-04-26 11:25:41 -0700
commit: 1ecd2d8bdee56c0e99550b0f644937d71b7fef01 (patch)
tree: 172a64b1a2367d99d57954d5f615d15e6400b7ca
parent: 48ccbdb018f773e9c9074fe6d6514eeffa740d70 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/rmnetctl/src/librmnetctl.c b/rmnetctl/src/librmnetctl.c
index c9c74a8..731681a 100644
--- a/rmnetctl/src/librmnetctl.c
+++ b/rmnetctl/src/librmnetctl.c
@@ -343,7 +343,7 @@ int rmnetctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code)
 		break;
 	}
 	(*hndl)->pid = (uint32_t)pid;
-	netlink_fd = socket(PF_NETLINK, SOCK_RAW, RMNET_NETLINK_PROTO);
+	netlink_fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, RMNET_NETLINK_PROTO);
 	if (netlink_fd < MIN_VALID_SOCKET_FD) {
 		free(*hndl);
 		*error_code = RMNETCTL_INIT_ERR_NETLINK_FD;
@@ -1027,7 +1027,7 @@ int rtrmnet_ctl_init(rmnetctl_hndl_t **hndl, uint16_t *error_code)
 		return RMNETCTL_LIB_ERR;
 	}
 	(*hndl)->pid = KERNEL_PROCESS_ID;
-	netlink_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+	netlink_fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE);
 	if (netlink_fd < MIN_VALID_SOCKET_FD) {
 		free(*hndl);
 		*error_code = RMNETCTL_INIT_ERR_NETLINK_FD;
author	Conner Huff <chuff@codeaurora.org>	2018-04-20 11:12:35 -0700
committer	Conner Huff <chuff@codeaurora.org>	2018-04-26 11:25:41 -0700
commit	1ecd2d8bdee56c0e99550b0f644937d71b7fef01 (patch)
tree	172a64b1a2367d99d57954d5f615d15e6400b7ca
parent	48ccbdb018f773e9c9074fe6d6514eeffa740d70 (diff)