Enforce MAC address restrictions for priv apps. Bug: 230733237 Test: atest NetlinkSocketTest NetworkInterfaceTest bionic-unit-tests-static CtsSelinuxTargetSdkCurrentTestCases CtsSelinuxTargetSdk29TestCases CtsSelinuxTargetSdk27TestCases Change-Id: I1d66ae7849e950612f3b6693216ec8c84e942640

commit: af609b2f3ced2e468ee97e5eccd87c8bb5d27c0d [log] [tgz]
author: Bram Bonne <brambonne@google.com> Tue May 17 14:22:02 2022 +0200
committer: Bram Bonne <brambonne@google.com> Tue May 17 14:36:15 2022 +0200
tree: 45eae4df5e695081a94698f41d294513041f252f
parent: e14ad82c982bde97cdcd7008dd86d0363e8c012a [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 304f5a2..f716367 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -127,6 +127,7 @@
 
 # Disallow sending RTM_GETLINK messages on netlink sockets.
 neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
+neverallow priv_app domain:netlink_route_socket { bind nlmsg_readpriv };
 
 # Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
 neverallow {
commit	af609b2f3ced2e468ee97e5eccd87c8bb5d27c0d	[log] [tgz]
author	Bram Bonne <brambonne@google.com>	Tue May 17 14:22:02 2022 +0200
committer	Bram Bonne <brambonne@google.com>	Tue May 17 14:36:15 2022 +0200
tree	45eae4df5e695081a94698f41d294513041f252f
parent	e14ad82c982bde97cdcd7008dd86d0363e8c012a [diff] [blame]