Merge "Enforce MAC address restrictions for priv apps."

2022-05-18 12:33:53 +00:00 · 2022-05-18 12:33:53 +00:00 · 6b2fefbf46
commit 6b2fefbf46
parent fd4b4f8c8e af609b2f3c
2 changed files with 2 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -127,6 +127,7 @@ neverallow all_untrusted_apps *:vsock_socket ~{ getattr read write };
 # Disallow sending RTM_GETLINK messages on netlink sockets.
 neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
 neverallow priv_app domain:netlink_route_socket { bind nlmsg_readpriv };
 # Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
 neverallow {
--- a/private/net.te
+++ b/private/net.te
@ -12,6 +12,7 @@ allow {
  netdomain
  -ephemeral_app
  -mediaprovider
  -priv_app
  -sdk_sandbox
  -untrusted_app_all
 } self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };