From 28fec2a2867a8a0fea386038bc366e630ac1ed4e Mon Sep 17 00:00:00 2001
From: Martin Brabham <optedoblivion@cyngn.com>
Date: Thu, 7 May 2015 11:22:13 -0700
Subject: [PATCH] DNSCrypt - Add sepolicy for dnscrypt proxy to run - Add
 service entry to init.local.rc

Change-Id: Id2ee42738c10a7a024fcf25edc3a6cbe2fe0bbc8
---
 prebuilt/common/etc/init.local.rc | 6 ++++++
 sepolicy/dnscryptproxy.te         | 8 ++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 sepolicy/dnscryptproxy.te

diff --git a/prebuilt/common/etc/init.local.rc b/prebuilt/common/etc/init.local.rc
index 1f66b77..8042c29 100644
--- a/prebuilt/common/etc/init.local.rc
+++ b/prebuilt/common/etc/init.local.rc
@@ -128,6 +128,12 @@ on boot
     # Persistent properties (only created if persist exists)
     mkdir /persist/properties 0770 system system
 
+# For now default this to opendns until we modify the code to read a system propery
+# dnscrypt proxy
+service dnscrypt-proxy /system/xbin/dnscrypt-proxy
+    class main
+    disabled
+
 # sysinit (/system/etc/init.d)
 service sysinit /system/bin/sysinit
     user root
diff --git a/sepolicy/dnscryptproxy.te b/sepolicy/dnscryptproxy.te
new file mode 100644
index 0000000..3f143c9
--- /dev/null
+++ b/sepolicy/dnscryptproxy.te
@@ -0,0 +1,8 @@
+allow init self:udp_socket { bind setopt write read };
+allow init port:udp_socket name_bind;
+allow init node:udp_socket node_bind;
+
+allow init self:tcp_socket { create ioctl setopt bind listen };
+allow init port:tcp_socket name_bind;
+allow init node:tcp_socket node_bind;
+
-- 
2.7.4