| commit | bff9801521abb36a243131114e70f905fb1238ef | [log] [tgz] |
|---|---|---|
| author | Jeff Vander Stoep <jeffv@google.com> | Mon May 16 21:12:17 2016 -0700 |
| committer | Jeffrey Vander Stoep <jeffv@google.com> | Sun Sep 11 01:25:25 2016 +0000 |
| tree | e7ce881cae22251144e16a2380ec60580b4d3db0 | |
| parent | 7ef80731f20bdafc23eb5bedeb063247933fc8aa [diff] |
Enforce ioctl command whitelisting on all sockets Remove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I15548d830f8eff1fd4d64005c5769ca2be8d4ffe