Remove access to /proc/net/{tcp,udp} Remove these files from proc_net_type. Domains that need access must have permission explicitly granted. Neverallow app access except the shell domain. Bug: 114475727 Test: atest CtsLibcoreOjTestCases Test: netstat, lsof Test: adb bugreport Change-Id: I2304e3e98c0d637af78a361569466aa2fbe79fa0

commit: 424517721cb71bc842cc37d82e8b61a6a4a6e00a [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Fri Sep 28 10:55:14 2018 -0700
committer: Nick Kralevich <nnk@google.com> Sun Sep 30 21:33:47 2018 -0700
tree: b689d025c9e33cce04cd19587c821c0488de469b
parent: c62bdd0ec1698372abc4d01ed777c267bb37e38b [diff] [blame]
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 410e7c6..f87c086 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -17,8 +17,8 @@
 genfscon proc /modules u:object_r:proc_modules:s0
 genfscon proc /mounts u:object_r:proc_mounts:s0
 genfscon proc /net u:object_r:proc_net:s0
-genfscon proc /net/tcp u:object_r:proc_net_vpn:s0
-genfscon proc /net/udp u:object_r:proc_net_vpn:s0
+genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0
+genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0
 genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0
 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
commit	424517721cb71bc842cc37d82e8b61a6a4a6e00a	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Fri Sep 28 10:55:14 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Sun Sep 30 21:33:47 2018 -0700
tree	b689d025c9e33cce04cd19587c821c0488de469b
parent	c62bdd0ec1698372abc4d01ed777c267bb37e38b [diff] [blame]