Permit apps to bind TCP/UDP sockets to a hostname Change-Id: Ided2cf793e94bb58529789c3075f8480c0d0cf4e

commit: 7cda86eb46021cff20a08dcde56c1a15291fa582 [log] [tgz]
author: Alex Klyubin <klyubin@google.com> Tue Jul 16 09:45:39 2013 -0700
committer: Alex Klyubin <klyubin@google.com> Tue Jul 16 13:45:53 2013 -0700
tree: 8951acfce31cc399ec090e3d52f957e475c25dc8
parent: 24617fc3b8de501d3e6197e21d058496f400db07 [diff]
diff --git a/untrusted_app.te b/untrusted_app.te
index 9894094..c91543e 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -32,6 +32,9 @@
 # Create tcp/udp sockets
 allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind;
 allow untrusted_app self:{ tcp_socket udp_socket } { create_socket_perms accept listen };
+# Bind to a particular hostname/address/interface (e.g., localhost) instead of
+# ANY. Normally, apps should not be listening on all interfaces.
+allow untrusted_app port:{ tcp_socket udp_socket } name_bind;
 
 # Allow the allocation and use of ptys
 # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
commit	7cda86eb46021cff20a08dcde56c1a15291fa582	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Tue Jul 16 09:45:39 2013 -0700
committer	Alex Klyubin <klyubin@google.com>	Tue Jul 16 13:45:53 2013 -0700
tree	8951acfce31cc399ec090e3d52f957e475c25dc8
parent	24617fc3b8de501d3e6197e21d058496f400db07 [diff]