Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket.

am: a8239c61 Change-Id: I8f7e2d3719b3ecea40eb9db92849d827c47e0567

Don't allow dumpstate to call ioctl on netlink_tcpdiag_socket.
1376638d · Lorenzo Colitti · android-build-merger · 1971b13e · a8239c61 · 1376638d
Commit 1376638d authored 8 years ago by Lorenzo Colitti Committed by android-build-merger 8 years ago
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -142,7 +142,7 @@ allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;

 # List sockets via ss.
-allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };

 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;