From cf898abc4f2d58dd0584e68646b400461d5c508e Mon Sep 17 00:00:00 2001
From: zhanghaifeng <zhanghaifeng@huawei.com>
Date: Mon, 27 Feb 2023 15:54:19 +0800
Subject: [PATCH] =?UTF-8?q?Description:=20=E9=85=8D=E5=90=88dhcp=E4=B8=8B?=
 =?UTF-8?q?=E6=B2=89=E4=BF=AE=E6=94=B9selinux=E9=85=8D=E7=BD=AE=20Signed-o?=
 =?UTF-8?q?ff-by:=20zhanghaifeng=20<zhanghaifeng11@huawei.com>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../communication/netmanager/system/foundation.te          | 1 +
 .../communication/netmanager/system/netsysnative.te        | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/foundation.te b/sepolicy/ohos_policy/communication/netmanager/system/foundation.te
index 77438289d..11c05223d 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/foundation.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/foundation.te
@@ -12,4 +12,5 @@
 # limitations under the License.
 
 allow foundation netmanager:binder { call };
+allow foundation netsysnative:binder { call };
 
diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index b563bc43b..d757b3c5e 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -35,11 +35,14 @@ allow netsysnative netsysnative:netlink_kobject_uevent_socket { listen };
 allow netsysnative system_bin_file:lnk_file { read };
 allow netsysnative accessibility_param:file { read open map };
 allow netsysnative data_service_file:dir { search };
-allow netsysnative data_service_el1_file:dir { search write add_name };
-allow netsysnative data_service_el1_file:file { create write open ioctl read };
+allow netsysnative data_service_el1_file:dir { search write add_name create remove_name };
+allow netsysnative data_service_el1_file:file { create write open ioctl read getattr setattr unlink lock };
 allow netsysnative fwmark_service:sock_file { create unlink setattr write };
 allow netsysnative dnsproxy_service:sock_file { create unlink setattr };
 allow netsysnative netsysnative:process { setfscreate };
+allow netsysnative netsysnative:packet_socket { create bind write read };
+allow netsysnative sa_foundation_cesfwk_service:samgr_class { get };
+allow netsysnative foundation:binder { call transfer };
 allow netsysnative normal_hap_attr:fd { use };
 allow netsysnative normal_hap_attr:tcp_socket { read write getopt setopt };
 allow netsysnative normal_hap_attr:unix_dgram_socket { read write getopt setopt };
-- 
Gitee