Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.
Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2
Reduce the socket ioctl commands available to untrusted/isolated apps.
Neverallow accessing sensitive information or setting of network parameters.
Neverallow access to device private ioctls i.e. device specific
customizations as these are a common source of driver bugs.
Define common ioctl commands in ioctl_defines.
Bug: 26267358
Change-Id: Ic5c0af066e26d4cb2867568f53a3e65c5e3b5a5d
Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow
priv_sock_perms to disallow access to MAC address and ESSID.
Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow
priv_sock_perms to disallow access to MAC address and ESSID.
Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
Create a macro of unprivileged ioctls including
- All common socket ioctls except MAC address
- All wireless extensions ioctls except get/set ESSID
- Some commonly used tty ioctls
Bug: 21657002
Change-Id: Ib08be9cb70d08c1fa2c8bddbae519e7c2df5293c
