Select Git revision
Jeff Vander Stoep
authored and
Jeffrey Vander Stoep
committed
Grant access to icmp_socket to netdomain. This was previously labeled as rawip_socket which apps are allowed to use. Neverallow all other new socket types for apps. Kernels versions > 4.9 redefine ICMP sockets from rawip_socket to icmp_socket. To pass neverallow tests, we need to define which IOCTLs are allowed (and disallowed). Note that this does not change behavior on devices with kernel versions <=4.9. However, it is necessary (although not sufficient) to pass CTS on kernel version 4.14. Bug: 110520616 Test: Grant icmp_socket in net.te and build. Change-Id: I5c7cb6867d1a4cd1554a8da0d55daa8e06daf803
net.te 933 B