1812247ef8380b50857945a43135ba009455faaa - device/generic/brillo

commit	1812247ef8380b50857945a43135ba009455faaa	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Sep 09 22:42:10 2016 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Fri Sep 09 22:42:10 2016 -0700
tree	a3e785a2c4220689dfd55f240a2d95e4a71494ae
parent	5786014521fbf90144ad4c1151bc83bc54366146 [diff]

Enforce ioctl command whitelisting on all sockets

Remove the ioctl permission for most socket types. For others, such as
tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist
that individual domains may extend (except where neverallowed like
untrusted_app). Enforce via a neverallowxperm rule.

Change-Id: I076c22d68887572ea255e221695594ad8cfa6101

sepolicy/apmanager.te[diff]
sepolicy/avahi.te[diff]
sepolicy/bluetoothtbd.te[diff]
sepolicy/firewalld.te[diff]
sepolicy/shill.te[diff]
sepolicy/wifi_setup.te[diff]

6 files changed