)]}' { "commit": "7fb9fa17195bc1f232056185fec713c7cdbb008b", "tree": "56604e1888ecc1b1e32d812a6299d7d5113a80b1", "parents": [ "7c138b7ad6bb22a141613cd86c1170fa60833879" ], "author": { "name": "Jeff Vander Stoep", "email": "jeffv@google.com", "time": "Sun Sep 11 09:50:24 2016 -0700" }, "committer": { "name": "Lee Campbell", "email": "leecam@google.com", "time": "Sun Sep 11 16:13:30 2016 -0700" }, "message": "Enforce ioctl command whitelisting on all sockets\n\nRemove the ioctl permission for most socket types. For others, such as\ntcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist\nthat individual domains may extend (except where neverallowed like\nuntrusted_app). Enforce via a neverallowxperm rule.\n\nChange-Id: I7cc2021596c8452a518b8213eea8b41141f2f14d\n", "tree_diff": [ { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "93a833d86656d4d7b328da7e986ad10a91994610", "new_mode": 33188, "new_path": "soc/msm8916/prebuilts/sepolicy/ioctl_defines" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "dd9a2e86ed921b9c4f4b0466d8e515afa6306588", "new_mode": 33188, "new_path": "soc/msm8916/prebuilts/sepolicy/ioctl_macros" }, { "type": "modify", "old_id": "3e483f1de1c54a230620050655a14f3c092c62b9", "old_mode": 33188, "old_path": "soc/msm8916/prebuilts/sepolicy/qseecomd.te", "new_id": "fdb1614c82718e1d41a089e30e22083847c60b6c", "new_mode": 33188, "new_path": "soc/msm8916/prebuilts/sepolicy/qseecomd.te" }, { "type": "modify", "old_id": "305c4b269758678c6bbd216ecfd8482687d0ccd1", "old_mode": 33188, "old_path": "soc/msm8916/prebuilts/sepolicy/rmt.te", "new_id": "db462c9b4b3214b990d527d6b641115118a8e8f5", "new_mode": 33188, "new_path": "soc/msm8916/prebuilts/sepolicy/rmt.te" } ] }