tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Enforce MAC address restrictions for priv apps." am: 6b2fefbf46

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2098955

Change-Id: Iacfda9ec11581006e25edeb3bf96b6e7796ca8fa
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Bram Bonné 2022-05-18 13:31:20 +00:00 committed by Automerger Merge Worker
commit a9723095c7
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/app_neverallows.te
View file

@ -127,6 +127,7 @@ neverallow all_untrusted_apps *:vsock_socket ~{ getattr read write };
# Disallow sending RTM_GETLINK messages on netlink sockets.
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
neverallow priv_app domain:netlink_route_socket { bind nlmsg_readpriv };
# Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
neverallow {

1
private/net.te
View file

@ -12,6 +12,7 @@ allow {
netdomain
-ephemeral_app
-mediaprovider
-priv_app
-sdk_sandbox
-untrusted_app_all
} self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };