Do not allow untrusted apps to read sysfs_net files am: 804d99ac76 am: 8f5e8e5b82 am: 9da4097fd6 am: d74e873fc1

am: d660ddedb0 Change-Id: Ib8c4e3b17cc01bf771cb0cc6b88f83bdc3b66290
2019-08-21 00:05:42 -07:00 · 2019-08-21 00:05:42 -07:00 · 1abe83ca51
commit 1abe83ca51
parent 6e2ad3ff34 d660ddedb0
1 changed files with 1 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -87,6 +87,7 @@ neverallow all_untrusted_apps file_type:file link;

 # Do not allow untrusted apps to access network MAC address file
 neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;

 # Do not allow any write access to files in /sys
 neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };