Blame - private/net.te - android_system_sepolicy

blob: 25bd538b9b4c211721de2d2d092caa6abd60ec2f [file] [log] [blame]

Bram Bonne	b93f26f	2022-03-15 18:28:02 +0100	[diff] [blame]	1	# Bind to ports.
				2	allow {netdomain -ephemeral_app -sdk_sandbox} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
				3	allow {netdomain -ephemeral_app -sdk_sandbox} port_type:udp_socket name_bind;
				4	allow {netdomain -ephemeral_app -sdk_sandbox} port_type:tcp_socket name_bind;
				5
				6	# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from
				7	# untrusted_apps.
				8	# b/171572148 gate RTM_GETNEIGH{TBL} with a new permission nlmsg_getneigh and block access from
				9	# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-30) are granted access elsewhere
				10	# to avoid app-compat breakage.
				11	allow {
				12	netdomain
				13	-ephemeral_app
				14	-mediaprovider
				15	-sdk_sandbox
				16	-untrusted_app_all
				17	} self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };