tequilaOS/platform_system_sepolicy

Fork 0

Commit graph

Author	SHA1	Message	Date
Jeff Vander Stoep	84a61cc535	disallow unprivileged access to rmnet Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro. Bug: 26324307 Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2	2016-01-05 16:45:55 +00:00
Jeff Vander Stoep	cbaa2b7d37	Reduce socket ioctl perms Reduce the socket ioctl commands available to untrusted/isolated apps. Neverallow accessing sensitive information or setting of network parameters. Neverallow access to device private ioctls i.e. device specific customizations as these are a common source of driver bugs. Define common ioctl commands in ioctl_defines. Bug: 26267358 Change-Id: Ic5c0af066e26d4cb2867568f53a3e65c5e3b5a5d	2016-01-04 12:15:19 -08:00

Author

SHA1

Message

Date

Jeff Vander Stoep

84a61cc535

disallow unprivileged access to rmnet

Enforce via neverallow rule by adding WAN_IOC_ADD_FLT_RULE
and WAN_IOC_ADD_FLT_RULE_INDEX to neverallow macro.

Bug: 26324307
Change-Id: I5350d9339e45ddeefd5423c3fe9a0ea14fe877b2

2016-01-05 16:45:55 +00:00

Jeff Vander Stoep

cbaa2b7d37

Reduce socket ioctl perms

Reduce the socket ioctl commands available to untrusted/isolated apps.
Neverallow accessing sensitive information or setting of network parameters.
Neverallow access to device private ioctls i.e. device specific
customizations as these are a common source of driver bugs.

Define common ioctl commands in ioctl_defines.

Bug: 26267358
Change-Id: Ic5c0af066e26d4cb2867568f53a3e65c5e3b5a5d

2016-01-04 12:15:19 -08:00

2 commits