untrusted_app: disallow bind RTM_ROUTE socket
Bug: 141455849
Change-Id: I27a8735626a5c3c8aad49e8a68de166f3a10cfde
Test: CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: atest NetworkInterfaceTest
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 5c8ad88..677b9e2 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -118,7 +118,7 @@
-untrusted_app_25
-untrusted_app_27
-untrusted_app_29
-} domain:netlink_route_socket { nlmsg_readpriv };
+} domain:netlink_route_socket { bind nlmsg_readpriv };
# Do not allow untrusted apps access to /cache
neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms };
diff --git a/public/net.te b/public/net.te
index 100363a..e90715e 100644
--- a/public/net.te
+++ b/public/net.te
@@ -18,7 +18,7 @@
allow {netdomain -ephemeral_app} port_type:udp_socket name_bind;
allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind;
# See changes to the routing table.
-allow netdomain self:netlink_route_socket { create read getattr write setattr lock append bind connect getopt setopt shutdown nlmsg_read };
+allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read };
# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere
# to avoid app-compat breakage.
@@ -27,7 +27,7 @@
-ephemeral_app
-mediaprovider
-untrusted_app_all
-} self:netlink_route_socket { nlmsg_readpriv };
+} self:netlink_route_socket { bind nlmsg_readpriv };
# Talks to netd via dnsproxyd socket.
unix_socket_connect(netdomain, dnsproxyd, netd)