refs/heads/main - platform/hardware/bsp/qcom

commit	7fb9fa17195bc1f232056185fec713c7cdbb008b	[log] [tgz]
author	Jeff Vander Stoep <[email protected]>	Sun Sep 11 09:50:24 2016 -0700
committer	Lee Campbell <[email protected]>	Sun Sep 11 16:13:30 2016 -0700
tree	56604e1888ecc1b1e32d812a6299d7d5113a80b1
parent	7c138b7ad6bb22a141613cd86c1170fa60833879 [diff]

Enforce ioctl command whitelisting on all sockets

Remove the ioctl permission for most socket types. For others, such as
tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist
that individual domains may extend (except where neverallowed like
untrusted_app). Enforce via a neverallowxperm rule.

Change-Id: I7cc2021596c8452a518b8213eea8b41141f2f14d

soc/msm8916/prebuilts/sepolicy/ioctl_defines[Added - diff]
soc/msm8916/prebuilts/sepolicy/ioctl_macros[Added - diff]
soc/msm8916/prebuilts/sepolicy/qseecomd.te[diff]
soc/msm8916/prebuilts/sepolicy/rmt.te[diff]

4 files changed

tree: 56604e1888ecc1b1e32d812a6299d7d5113a80b1

audio/
boot_control/
lights/
peripheral/
soc/