Skip to content
Snippets Groups Projects
Commit 5002eb06 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by android-build-merger
Browse files

Merge "Restrict HAL network access to HALS that manage network hardware" am: b9b63706 

am: 3b896623

Change-Id: Ieb3e865a15ecb790b9abb4095d16934615ff411d
parents a023a9e5 3b896623
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
public/hal_neverallows.te 0 → 100644
+ 19
0
View file @ 5002eb06
# only HALs responsible for network hardware should have privileged
# network capabilities
neverallow {
halserverdomain
-hal_bluetooth_server
-hal_wifi_server
-hal_wifi_supplicant_server
-rild
} self:capability { net_admin net_raw };
# Unless a HAL's job is to manage network hardware, it should not be
# using network sockets.
neverallow {
halserverdomain
-hal_gnss # TODO b/36085168 b/35757613
-hal_wifi_server
-hal_wifi_supplicant_server
-rild
} domain:{ tcp_socket udp_socket rawip_socket } *;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment