diff options
Diffstat (limited to 'isolated_app.te')
-rw-r--r-- | isolated_app.te | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/isolated_app.te b/isolated_app.te index 1cede96..330f0af 100644 --- a/isolated_app.te +++ b/isolated_app.te @@ -18,7 +18,8 @@ allow isolated_app app_data_file:file { read write getattr lock }; allow isolated_app activity_service:service_manager find; allow isolated_app display_service:service_manager find; -service_manager_local_audit_domain(isolated_app) +# only allow unprivileged socket ioctl commands +allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls; ##### ##### Neverallow |