commit b2d5e0cd8fe40e76d7efe09c047d334db68ec84d
author The Android Automerger <android-build@google.com> Mon Feb 02 06:09:30 2015 -0800
committer The Android Automerger <android-build@google.com> Mon Feb 02 06:09:30 2015 -0800
tree 2506f6c2f35004be4f5f0bf039e580caa2ef9dfe
parent bf626ce94452813e44433c40fb3d80f8b4b00ff5
parent 3e4ea5b3f9dba62ab165fe9fdfeb1cf524cc96b4

merge in lmp-mr1-release history after reset to lmp-mr1-dev

app.te

diff --git a/app.te b/app.te
index 4abf594..423be14 100644
--- a/app.te
+++ b/app.te
@@ -229,8 +229,7 @@
 
 # Privileged netlink socket interfaces.
 neverallow appdomain
-    self:{
-        netlink_socket
+    domain:{
         netlink_firewall_socket
         netlink_tcpdiag_socket
         netlink_nflog_socket
@@ -243,7 +242,7 @@
 # These messages are broadcast messages from the kernel to userspace.
 # Do not allow the writing of netlink messages, which has been a source
 # of rooting vulns in the past.
-neverallow appdomain self:netlink_kobject_uevent_socket { write append };
+neverallow appdomain domain:netlink_kobject_uevent_socket { write append };
 
 # Sockets under /dev/socket that are not specifically typed.
 neverallow appdomain socket_device:sock_file write;

untrusted_app.te

diff --git a/untrusted_app.te b/untrusted_app.te
index 8242237..c5c887f 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -76,7 +76,10 @@
 ###
 
 # Receive or send uevent messages.
-neverallow untrusted_app self:netlink_kobject_uevent_socket *;
+neverallow untrusted_app domain:netlink_kobject_uevent_socket *;
+
+# Receive or send generic netlink messages
+neverallow untrusted_app domain:netlink_socket *;
 
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.