netd: ignore non-directories/symlinks when getting interfaces from /sys/class/net
This prevents /sys/class/net/bonding_masters file (which is present
if kernel is bonding device capable) from being detected as a network
interface and triggering attempts to load netdev-bonding_masters module.
This should eliminate selinux policy violations:
type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system
type=1400 audit(:3): avc: denied { module_request } for comm="netd" kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system
type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
type=1400 audit(:4): avc: denied { sys_module } for comm="netd" capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
type=1400 audit(:3): avc: denied { module_request } for kmod="netdev-bonding_masters" scontext=u:r:netd:s0 tcontext=u:r:kernel:s0 tclass=system
type=1400 audit(:4): avc: denied { sys_module } for capability=16 scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=capability
ie.
netd kernel:system module_request;
netd self:capability sys_module;
Test: build and a_test libbpf_android_test libnetdbpf_test netd_integration_test netd_unit_test netdutils_test resolv_integration_test resolv_unit_test
Bug: 129670638
Signed-off-by: 
Maciej Żenczykowski <maze@google.com>
Change-Id: Ibe10c33b2c6ebe5661d5665f3fde89e540248f72
Loading
Please register or sign in to comment