Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61...

Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61 am: 1376638d am: 0a10b00e am: d0ed9d0a Change-Id: I439bd7cf7cd1e3b8d6f64357db66c44b53cca1c0

Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61...
Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket. am: a8239c61 am: 1376638d am: 0a10b00e am: d0ed9d0a Change-Id: I439bd7cf7cd1e3b8d6f64357db66c44b53cca1c0
9a6fb6b0 · Lorenzo Colitti · android-build-merger · ef086b6f · d0ed9d0a · 9a6fb6b0
Commit 9a6fb6b0 authored 8 years ago by Lorenzo Colitti Committed by android-build-merger 8 years ago
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -142,7 +142,7 @@ allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;

 # List sockets via ss.
-allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };

 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;