Google Git
Sign in
android / platform / external / sepolicy / 39818ba9cd10a4b366deb52ea41da0280b98fdf2
commit39818ba9cd10a4b366deb52ea41da0280b98fdf2[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Tue Apr 26 11:29:14 2016 -0700
committerThe Android Automerger <android-build@google.com>Wed Jun 01 16:09:54 2016 -0700
tree1c916a06d8bc90f2372f8419b7c3dd49cee8cf0e
parent211ed2ddc34d3318179ec1e427a58c5db80474a9 [diff]
Further restrict socket ioctls available to apps

Restrict unix_dgram_socket and unix_stream_socket to a whitelist
for all domains. Remove ioctl permission for netlink_selinux_socket and
netlink_route_socket for netdomain.

Bug: 28171804
Bug: 27424603
Change-Id: I650639115b8179964ae690a39e4766ead0032d2e
(cherry picked from commit ce6d5e008aae91a793aaa471c20cd8d347f68faf)
6 files changed
tree: 1c916a06d8bc90f2372f8419b7c3dd49cee8cf0e
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. blkid.te
  9. blkid_untrusted.te
  10. bluetooth.te
  11. bootanim.te
  12. clatd.te
  13. debuggerd.te
  14. device.te
  15. dex2oat.te
  16. dhcp.te
  17. dnsmasq.te
  18. domain.te
  19. drmserver.te
  20. dumpstate.te
  21. file.te
  22. file_contexts
  23. fingerprintd.te
  24. fs_use
  25. fsck.te
  26. fsck_untrusted.te
  27. gatekeeperd.te
  28. genfs_contexts
  29. global_macros
  30. gpsd.te
  31. hci_attach.te
  32. healthd.te
  33. hostapd.te
  34. init.te
  35. initial_sid_contexts
  36. initial_sids
  37. inputflinger.te
  38. install_recovery.te
  39. installd.te
  40. ioctl_macros
  41. isolated_app.te
  42. kernel.te
  43. keys.conf
  44. keystore.te
  45. lmkd.te
  46. logd.te
  47. mac_permissions.xml
  48. mdnsd.te
  49. mediaserver.te
  50. mls
  51. mls_macros
  52. mtp.te
  53. net.te
  54. netd.te
  55. neverallow_macros
  56. nfc.te
  57. NOTICE
  58. perfprofd.te
  59. platform_app.te
  60. policy_capabilities
  61. port_contexts
  62. ppp.te
  63. procrank.te
  64. property.te
  65. property_contexts
  66. racoon.te
  67. radio.te
  68. README
  69. recovery.te
  70. rild.te
  71. roles
  72. runas.te
  73. sdcardd.te
  74. seapp_contexts
  75. security_classes
  76. service.te
  77. service_contexts
  78. servicemanager.te
  79. sgdisk.te
  80. shared_relro.te
  81. shell.te
  82. slideshow.te
  83. su.te
  84. surfaceflinger.te
  85. system_app.te
  86. system_server.te
  87. te_macros
  88. tee.te
  89. toolbox.te
  90. tzdatacheck.te
  91. ueventd.te
  92. uncrypt.te
  93. untrusted_app.te
  94. users
  95. vdc.te
  96. vold.te
  97. watchdogd.te
  98. wpa.te
  99. zygote.te