Revert "libsepol: trigger new RTM_GETNEIGH{TBL} behavior"

Revert "untrusted_app_30: add new targetSdk domain" Revert "Ignore SELinux denials for all untrusted_app domains" Revert "Update tests to check RTM_GETNEIGH{TBL} restrictions" Revert submission 1748045-getneigh-enable-restrictions Reason for revert: Breaks android.net.netlink.NetlinkSocketTest#testBasicWorkingGetNeighborsQuery with permissions error. Bug: 192406650 Reverted Changes: Iea29a1b36:Ignore SELinux denials for all untrusted_app domai... I14b755020:Update tests to check RTM_GETNEIGH{TBL} restrictio... I32ebb407b:untrusted_app_30: add new targetSdk domain I8598662b7:libsepol: trigger new RTM_GETNEIGH{TBL} behavior Change-Id: Idfa638949a7ea47a2c33cb19514b44bfe7c267a2
2021-06-30 07:41:39 +00:00 · 2021-06-30 07:41:39 +00:00 · f96dedf199
commit f96dedf199
parent d3f2ab97e2
2 changed files with 1 additions and 3 deletions
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@ -791,8 +791,7 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);

 #define POLICYDB_CONFIG_UNKNOWN_MASK	(DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)

-#define POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE  (1 << 31)
-#define POLICYDB_CONFIG_ANDROID_NETLINK_GETNEIGH (1 << 30)
+#define POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE  1 << 31;

 #define OBJECT_R "object_r"
 #define OBJECT_R_VAL 1
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@ -2138,7 +2138,6 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
 	config |= (POLICYDB_CONFIG_UNKNOWN_MASK & p->handle_unknown);

 	config |= POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE;
-	config |= POLICYDB_CONFIG_ANDROID_NETLINK_GETNEIGH;

 	/* Write the magic number and string identifiers. */
 	items = 0;