diff options
Diffstat (limited to 'shell.te')
| -rw-r--r-- | shell.te | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -77,6 +77,9 @@ allow shell domain:process getattr; allow shell bootchart_data_file:dir rw_dir_perms; allow shell bootchart_data_file:file create_file_perms; +# only allow unprivileged socket ioctl commands +allow shell self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls; + # Do not allow shell to hard link to any files. # In particular, if shell hard links to app data # files, installd will not be able to guarantee the deletion |