commit | 39818ba9cd10a4b366deb52ea41da0280b98fdf2 | [log] [tgz] |
---|---|---|
author | Jeff Vander Stoep <jeffv@google.com> | Tue Apr 26 11:29:14 2016 -0700 |
committer | The Android Automerger <android-build@google.com> | Wed Jun 01 16:09:54 2016 -0700 |
tree | 1c916a06d8bc90f2372f8419b7c3dd49cee8cf0e | |
parent | 211ed2ddc34d3318179ec1e427a58c5db80474a9 [diff] |
Further restrict socket ioctls available to apps Restrict unix_dgram_socket and unix_stream_socket to a whitelist for all domains. Remove ioctl permission for netlink_selinux_socket and netlink_route_socket for netdomain. Bug: 28171804 Bug: 27424603 Change-Id: I650639115b8179964ae690a39e4766ead0032d2e (cherry picked from commit ce6d5e008aae91a793aaa471c20cd8d347f68faf)