Blocks untrusted apps to access /dev/socket/mdnsd from U The untrusted apps should not directly access /dev/socket/mdnsd since API level 34 (U). Only adbd and netd should remain to have access to /dev/socket/mdnsd. For untrusted apps running with API level 33-, they still have access to /dev/socket/mdnsd for backward compatibility. Bug: 265364111 Test: Manual test Change-Id: Id37998fcb9379fda6917782b0eaee29cd3c51525

commit: cfdea5f4f3574385d739c1269e6c25783c109857 [log] [tgz]
author: Yuyang Huang <yuyanghuang@google.com> Wed Jan 18 16:52:43 2023 +0900
committer: Yuyang Huang <yuyanghuang@google.com> Fri Jan 20 15:25:46 2023 +0900
tree: 4ab672207b02c6f596efc4695971e4b255875703
parent: e6945d00463ba1c55b4cfd560757b28536f6fba1 [diff] [blame]
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 56e44db..d0f9b24 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te

@@ -2,7 +2,7 @@
 ### Untrusted apps.
 ###
 ### This file defines the rules for untrusted apps running with
-### targetSdkVersion >= 32.
+### targetSdkVersion >= 34.
 ###
 ### See public/untrusted_app.te for more information about which apps are
 ### placed in this selinux domain.
@@ -20,4 +20,4 @@
 allow untrusted_app sdk_sandbox_data_file:fd use;
 allow untrusted_app sdk_sandbox_data_file:file write;
 
-neverallow untrusted_app sdk_sandbox_data_file:file { open create };
\ No newline at end of file
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };
commit	cfdea5f4f3574385d739c1269e6c25783c109857	[log] [tgz]
author	Yuyang Huang <yuyanghuang@google.com>	Wed Jan 18 16:52:43 2023 +0900
committer	Yuyang Huang <yuyanghuang@google.com>	Fri Jan 20 15:25:46 2023 +0900
tree	4ab672207b02c6f596efc4695971e4b255875703
parent	e6945d00463ba1c55b4cfd560757b28536f6fba1 [diff] [blame]