2ea23a6e1a
Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow priv_sock_perms to disallow access to MAC address and ESSID. Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3
20 lines
530 B
Text
20 lines
530 B
Text
# socket ioctls allowed to unprivileged apps
|
|
define(`unpriv_sock_ioctls', `
|
|
{
|
|
# all socket ioctls except the Mac address SIOCGIFHWADDR 0x8927
|
|
0x8900-0x8926 0x8928-0x89ff
|
|
# all wireless extensions ioctls except get/set essid
|
|
# IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
|
|
0x8B00-0x8B19 0x8B1C-0x8BFF
|
|
# commonly used TTY ioctls
|
|
0x5411 0x5451
|
|
}')
|
|
|
|
# socket ioctls never allowed to unprivileged appss
|
|
define(`priv_sock_ioctls', `
|
|
{
|
|
# Mac address SIOCGIFHWADDR
|
|
0x8927
|
|
# get/set essid IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
|
|
0x8B1A-0x8B1B
|
|
}')
|