Restore system_server ioctl socket access. am: ec3285cde0
am: 84992ead69
Change-Id: I4c09a1a0ca1473bf469216172b7768c3e074cfe0
This commit is contained in:
dcashman
android-build-merger
commit
b91eadd767
2 changed files with 2 additions and 2 deletions
|
|
@ -175,7 +175,7 @@ allowxperm domain domain:{ unix_dgram_socket unix_stream_socket }
|
|||
###
|
||||
|
||||
# All socket ioctls must be restricted to a whitelist.
|
||||
neverallowxperm domain domain:socket_class_set ioctl { 0 };
|
||||
neverallowxperm { domain -system_server } domain:socket_class_set ioctl { 0 };
|
||||
|
||||
# Do not allow any domain other than init or recovery to create unlabeled files.
|
||||
neverallow { domain -init -recovery } unlabeled:dir_file_class_set create;
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ allow system_server self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|||
# to the kernel. The ioctl permission is specifically omitted here, but may
|
||||
# be added to device specific policy along with the ioctl commands to be
|
||||
# whitelisted.
|
||||
allow system_server self:socket create_socket_perms_no_ioctl;
|
||||
allow system_server self:socket create_socket_perms;
|
||||
|
||||
# Set and get routes directly via netlink.
|
||||
allow system_server self:netlink_route_socket nlmsg_write;
|
||||
|
|
|
|||
Loading…
Reference in a new issue