commit | 556bb0f55324e8839d7b735a0de9bc31028e839e | [log] [tgz] |
---|---|---|
author | Jeff Vander Stoep <jeffv@google.com> | Tue Apr 26 11:29:14 2016 -0700 |
committer | The Android Automerger <android-build@google.com> | Fri May 27 11:30:05 2016 -0700 |
tree | a754574a8f3a79e925cbf14673e314ba9f32f3e0 | |
parent | 489e0b567f902f36e38a1b888105da043677b621 [diff] |
Further restrict socket ioctls available to apps Restrict unix_dgram_socket and unix_stream_socket to a whitelist for all domains. Remove ioctl permission for netlink_selinux_socket and netlink_route_socket for netdomain. Bug: 28171804 Bug: 27424603 Change-Id: I650639115b8179964ae690a39e4766ead0032d2e