commit | 1812247ef8380b50857945a43135ba009455faaa | [log] [tgz] |
---|---|---|
author | Jeff Vander Stoep <jeffv@google.com> | Fri Sep 09 22:42:10 2016 -0700 |
committer | Jeff Vander Stoep <jeffv@google.com> | Fri Sep 09 22:42:10 2016 -0700 |
tree | a3e785a2c4220689dfd55f240a2d95e4a71494ae | |
parent | 5786014521fbf90144ad4c1151bc83bc54366146 [diff] |
Enforce ioctl command whitelisting on all sockets Remove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I076c22d68887572ea255e221695594ad8cfa6101