diff options
| author | Jeff Vander Stoep <jeffv@google.com> | 2015-05-15 15:47:48 -0700 |
|---|---|---|
| committer | Jeffrey Vander Stoep <jeffv@google.com> | 2015-05-15 22:59:34 +0000 |
| commit | a0fbeb97c0476891e177fb04953367aae90fc8a9 (patch) | |
| tree | aac6b3b3bcebad8882031ff4fd73d6da9445b62a /untrusted_app.te | |
| parent | 415f0ba73c645c9b53ba701931d9ba041b967f75 (diff) | |
| download | android_external_sepolicy-a0fbeb97c0476891e177fb04953367aae90fc8a9.tar.gz android_external_sepolicy-a0fbeb97c0476891e177fb04953367aae90fc8a9.tar.bz2 android_external_sepolicy-a0fbeb97c0476891e177fb04953367aae90fc8a9.zip | |
Allow tty and wireless extensions ioctls
Allow tty ioctls TIOCOUTQ 0x5411 and FIOCLEX 0x5451.
Allow/audit all wireless extension ioctls.
Bug: 21120188
Change-Id: Icd447ee40351c615c236f041931d210751e0f0c3
Diffstat (limited to 'untrusted_app.te')
| -rw-r--r-- | untrusted_app.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 7a9e2dd..b0adf10 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -102,7 +102,8 @@ allow untrusted_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; # determine if wifi is present # from include/uapi/linux/wireless.h: # #define SIOCSIWCOMMIT 0x8B00 /* Commit pending changes to driver */ -allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x8900-0x8926 0x8928-0x89ff 0x8b00 }; +allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x5411 0x5451 0x8900-0x8926 0x8928-0x89ff 0x8b00-0x8bff }; +auditallow untrusted_app self:{ rawip_socket tcp_socket udp_socket } { 0x8b00-0x8bff }; # Allow GMS core to access perfprofd output, which is stored # in /data/misc/perfprofd/. GMS core will need to list all |