Skip to content

GitLab

Switch branch/tag
Find file BlameHistoryPermalink
  • Jeff Vander Stoep's avatar
    Further restrict socket ioctls available to apps · 556bb0f5
    Jeff Vander Stoep authored 
    Restrict unix_dgram_socket and unix_stream_socket to a whitelist
for all domains. Remove ioctl permission for netlink_selinux_socket and
netlink_route_socket for netdomain.

Bug: 28171804
Bug: 27424603
Change-Id: I650639115b8179964ae690a39e4766ead0032d2e
    556bb0f5
domain.te 17 KB