aboutsummaryrefslogtreecommitdiffstats
path: root/isolated_app.te
diff options
context:
space:
mode:
Diffstat (limited to 'isolated_app.te')
-rw-r--r--isolated_app.te3
1 files changed, 2 insertions, 1 deletions
diff --git a/isolated_app.te b/isolated_app.te
index 1cede96..330f0af 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -18,7 +18,8 @@ allow isolated_app app_data_file:file { read write getattr lock };
allow isolated_app activity_service:service_manager find;
allow isolated_app display_service:service_manager find;
-service_manager_local_audit_domain(isolated_app)
+# only allow unprivileged socket ioctl commands
+allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
#####
##### Neverallow
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 21:03:49 +0000