Skip to content
Snippets Groups Projects
Commit 1eb94035 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove redundant socket rules. 


These same permissions are already allowed via net_domain() and
the rules in net.te.

Change-Id: I4681fb9993258b4ad668333ad7d7102e983b5c2b
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 2a36dff6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 7 deletions
untrusted_app.te
+ 0
7
View file @ 1eb94035
...@@ -46,13 +46,6 @@ allow untrusted_app asec_apk_file:file r_file_perms; ...@@ -46,13 +46,6 @@ allow untrusted_app asec_apk_file:file r_file_perms;
# Execute libs in asec containers. # Execute libs in asec containers.
allow untrusted_app asec_public_file:file execute; allow untrusted_app asec_public_file:file execute;
# Create tcp/udp sockets
allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind;
allow untrusted_app self:{ tcp_socket udp_socket } { create_socket_perms accept listen };
# Bind to a particular hostname/address/interface (e.g., localhost) instead of
# ANY. Normally, apps should not be listening on all interfaces.
allow untrusted_app port:{ tcp_socket udp_socket } name_bind;
# Allow the allocation and use of ptys # Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
create_pty(untrusted_app) create_pty(untrusted_app)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment