93615b144dbbf56df7f76c1e743e47aea72be7c3 - android_system_sepolicy

commit	93615b144dbbf56df7f76c1e743e47aea72be7c3	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Oct 19 19:51:46 2017 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Oct 19 19:53:39 2017 -0700
tree	cf54673b8478ef539411ae90e14eff2650914bd5
parent	9f78854458c0bd6892c9d177b11e26bbc3067665 [diff]

disallow SIOCATMARK

The use of SIOCATMARK is not recommended per rfc6093.

This ioctl is not currently allowed on Android. Add a neverallowxperm
statement (compile time assertion + CTS test) to ensure this never
regresses.

Bug: 68014825
Test: policy compiles.
Change-Id: I41272a0cb157ac9aa38c8e67aabb8385403815f9

public/domain.te[diff]

1 file changed

tree: cf54673b8478ef539411ae90e14eff2650914bd5

prebuilts/
private/
public/
reqd_mask/
tests/
tools/
vendor/
Android.bp
Android.mk
CleanSpec.mk
definitions.mk
MODULE_LICENSE_PUBLIC_DOMAIN
NOTICE
OWNERS
PREUPLOAD.cfg
README