commit | fc37444836e15610ba72140b1d22f569b06556f7 | [log] [tgz] |
---|---|---|
author | Jeff Vander Stoep <jeffv@google.com> | Mon May 23 15:30:51 2016 -0700 |
committer | Jeff Vander Stoep <jeffv@google.com> | Fri Sep 09 16:52:25 2016 -0700 |
tree | cae2a259776f5e01de297e243dbc45460f72aa40 | |
parent | 0ba54125ef117c4310fb14441d551a3741bf8193 [diff] |
Enforce ioctl command whitelisting on all sockets Remove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I7573fdb24f9c53ad169bce2aeab1baac8b2a11ea