diff --git a/data/etc/platform.xml b/data/etc/platform.xml
index a16d5a72e19d4..233f82640a203 100644
--- a/data/etc/platform.xml
+++ b/data/etc/platform.xml
@@ -147,6 +147,9 @@
+
+
+
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index d05369e9cfa14..fbe2589bea2a6 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -199,15 +199,13 @@ public class PermissionMonitor {
ArraySet perms = systemPermission.valueAt(i);
int uid = systemPermission.keyAt(i);
int netdPermission = 0;
- // Get the uids of native services that have UPDATE_DEVICE_STATS permission.
+ // Get the uids of native services that have UPDATE_DEVICE_STATS or INTERNET permission.
if (perms != null) {
netdPermission |= perms.contains(UPDATE_DEVICE_STATS)
? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0;
+ netdPermission |= perms.contains(INTERNET)
+ ? INetd.PERMISSION_INTERNET : 0;
}
- // For internet permission, the native services have their own selinux domains and
- // sepolicy will control the socket creation during run time. netd cannot block the
- // socket creation based on the permission information here.
- netdPermission |= INetd.PERMISSION_INTERNET;
netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
}
log("Users: " + mUsers.size() + ", Apps: " + mApps.size());