platform_system_sepolicy/prebuilts/api/33.0/private/bpfdomain.te
Yurii Zubrytskyi 04a85a1ba0 platform/system/sepolicy - SEPolicy Prebuilts for Tiramisu
Ignore-AOSP-First: T finalization
Bug: 225745567
Test: Build
Change-Id: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7
Merged-In: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7
2022-05-04 09:46:16 -07:00

14 lines
345 B
Text

# platform should have ownership of network attachpoints for BPF
neverallow {
bpfdomain
-bpfloader
-netd
-netutils_wrapper
-network_stack
-system_server
} self:global_capability_class_set { net_admin net_raw };
# any domain which uses bpf is a bpfdomain
neverallow { domain -bpfdomain } *:bpf *;
allow bpfdomain fs_bpf:dir search;