merge in lmp-mr1-release history after reset to lmp-mr1-dev
diff --git a/app.te b/app.te
index 4abf594..423be14 100644
--- a/app.te
+++ b/app.te
@@ -229,8 +229,7 @@
# Privileged netlink socket interfaces.
neverallow appdomain
- self:{
- netlink_socket
+ domain:{
netlink_firewall_socket
netlink_tcpdiag_socket
netlink_nflog_socket
@@ -243,7 +242,7 @@
# These messages are broadcast messages from the kernel to userspace.
# Do not allow the writing of netlink messages, which has been a source
# of rooting vulns in the past.
-neverallow appdomain self:netlink_kobject_uevent_socket { write append };
+neverallow appdomain domain:netlink_kobject_uevent_socket { write append };
# Sockets under /dev/socket that are not specifically typed.
neverallow appdomain socket_device:sock_file write;
diff --git a/untrusted_app.te b/untrusted_app.te
index 8242237..c5c887f 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -76,7 +76,10 @@
###
# Receive or send uevent messages.
-neverallow untrusted_app self:netlink_kobject_uevent_socket *;
+neverallow untrusted_app domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow untrusted_app domain:netlink_socket *;
# Too much leaky information in debugfs. It's a security
# best practice to ensure these files aren't readable.