04a85a1ba0
Ignore-AOSP-First: T finalization Bug: 225745567 Test: Build Change-Id: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7 Merged-In: I49fb91c7a60fb1e871bdf3553d978bb16c476fd7
14 lines
345 B
Text
14 lines
345 B
Text
# platform should have ownership of network attachpoints for BPF
|
|
neverallow {
|
|
bpfdomain
|
|
-bpfloader
|
|
-netd
|
|
-netutils_wrapper
|
|
-network_stack
|
|
-system_server
|
|
} self:global_capability_class_set { net_admin net_raw };
|
|
|
|
# any domain which uses bpf is a bpfdomain
|
|
neverallow { domain -bpfdomain } *:bpf *;
|
|
|
|
allow bpfdomain fs_bpf:dir search;
|