Something went wrong on our end
-
Jeff Vander Stoep authoredRemove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I15548d830f8eff1fd4d64005c5769ca2be8d4ffe
Jeff Vander Stoep authoredRemove the ioctl permission for most socket types. For others, such as tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist that individual domains may extend (except where neverallowed like untrusted_app). Enforce via a neverallowxperm rule. Change-Id: I15548d830f8eff1fd4d64005c5769ca2be8d4ffe
mtp.te 316 B
# vpn tunneling protocol manager
type mtp, domain, domain_deprecated;
type mtp_exec, exec_type, file_type;
init_daemon_domain(mtp)
net_domain(mtp)
# pptp policy
allow mtp self:socket create_socket_perms_no_ioctl;
allow mtp self:capability net_raw;
allow mtp ppp:process signal;
allow mtp vpn_data_file:dir search;