Do not allow untrusted apps to read sysfs_net files (this includes /sys/class/net/*/address device mac addresses) Test: builds Bug: 137816564 Change-Id: I84268b2e0207559ed00baafb8a3f231c676f8df1 Signed-off-by: Maciej Żenczykowski <maze@google.com>

commit: 804d99ac76541521336b9dff38514f3e887ea963 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Jul 18 00:04:54 2019 -0700
committer: Maciej Żenczykowski <maze@google.com> Tue Aug 20 16:09:46 2019 -0700
tree: d66164f3274e7d8b9d8908a304bc51e0ad1205f5
parent: 6b2eaade8201e49a746173ff13f9bd89f024eb81 [diff]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index d496e90..ae9f172 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -87,6 +87,7 @@
 
 # Do not allow untrusted apps to access network MAC address file
 neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
 
 # Do not allow any write access to files in /sys
 neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };
commit	804d99ac76541521336b9dff38514f3e887ea963	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Jul 18 00:04:54 2019 -0700
committer	Maciej Żenczykowski <maze@google.com>	Tue Aug 20 16:09:46 2019 -0700
tree	d66164f3274e7d8b9d8908a304bc51e0ad1205f5
parent	6b2eaade8201e49a746173ff13f9bd89f024eb81 [diff]