Further restrict socket ioctls available to apps (6ba383c5) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit 6ba383c5 authored 8 years ago by Jeff Vander Stoep

Further restrict socket ioctls available to apps

Restrict unix_dgram_socket and unix_stream_socket to a whitelist.
Disallow all ioctls for netlink_selinux_socket and netlink_route_socket.

Neverallow third party app use of all ioctls other than
unix_dgram_socket, unix_stream_socket, netlink_selinux_socket,
netlink_route_socket, tcp_socket, udp_socket and rawip_socket.

Bug: 28171804
Change-Id: Icfe3486a62fc2fc2d2abd8d4030a5fbdd0ab30ab

parent bce921c6

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 30 additions and 5 deletions

Please register or to comment