tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/ioctl_macros

21 lines
530 B
Text
Raw Normal View History

restrict app access to socket ioctls Create a macro of unprivileged ioctls including - All common socket ioctls except MAC address - All wireless extensions ioctls except get/set ESSID - Some commonly used tty ioctls Bug: 21657002 Change-Id: Ib08be9cb70d08c1fa2c8bddbae519e7c2df5293c
2015-06-06 00:28:55 +02:00
# socket ioctls allowed to unprivileged apps
define(`unpriv_sock_ioctls', `
{
# all socket ioctls except the Mac address SIOCGIFHWADDR 0x8927
0x8900-0x8926 0x8928-0x89ff
# all wireless extensions ioctls except get/set essid
# IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
Migrate to upstream policy version 30 Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow priv_sock_perms to disallow access to MAC address and ESSID. Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
2015-12-07 17:30:43 +01:00
0x8B00-0x8B19 0x8B1C-0x8BFF
restrict app access to socket ioctls Create a macro of unprivileged ioctls including - All common socket ioctls except MAC address - All wireless extensions ioctls except get/set ESSID - Some commonly used tty ioctls Bug: 21657002 Change-Id: Ib08be9cb70d08c1fa2c8bddbae519e7c2df5293c
2015-06-06 00:28:55 +02:00
# commonly used TTY ioctls
0x5411 0x5451
}')
Migrate to upstream policy version 30 Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow priv_sock_perms to disallow access to MAC address and ESSID. Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
2015-12-07 17:30:43 +01:00
# socket ioctls never allowed to unprivileged appss
define(`priv_sock_ioctls', `
{
# Mac address SIOCGIFHWADDR
0x8927
# get/set essid IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
0x8B1A-0x8B1B
}')
Reference in a new issue Copy permalink