DO NOT MERGE: Further restrict access to socket ioctl commands

Remove untrusted/isolated app access to device private commands. Only allow shell user to access unprivileged socket ioctl commands. Bug: 26324307 Bug: 26267358 Change-Id: Iddf1171bc05c7600e0292f925d18d748f13a98f2

DO NOT MERGE: Further restrict access to socket ioctl commands
57531cac · Jeff Vander Stoep · Jeffrey Vander Stoep · a8bbe96d · 57531cac · 57531cac
Commit 57531cac authored 9 years ago by Jeff Vander Stoep Committed by Jeffrey Vander Stoep 9 years ago
--- a/ioctl_macros
+++ b/ioctl_macros
 # socket ioctls allowed to unprivileged apps
 define(`unpriv_sock_ioctls', `
 {
-# all socket ioctls except the Mac address SIOCGIFHWADDR 0x8927
+# all socket ioctls except:
-0x8900-0x8926 0x8928-0x89ff
+# 1) the Mac address SIOCGIFHWADDR 0x8927
-# all wireless extensions ioctls except get/set essid
+# 2) device private SIOCDEVPRIVATE-SIOCDEVPRIVLAST 0x89F0-0x89FF
-# IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
+# 3) protocol private SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST 0x89E0-0x89EF
-0x8B00-0x8B09 0x8B1C-0x8BFF
+0x8900-0x8926 0x8928-0x89DF
+# all wireless extensions ioctls except:
+# 1) get/set essid IOCSIWESSID 0x8B1A SIOCGIWESSID 0x8B1B
+# 2) device private ioctls SIOCIWFIRSTPRIV-SIOCIWLASTPRIV 0x8BE0-0x8BFF
+0x8B00-0x8B09 0x8B1C-0x8BDF
 # commonly used TTY ioctls
 0x5411 0x5451
 }')
--- a/shell.te
+++ b/shell.te
@@ -77,6 +77,9 @@ allow shell domain:process getattr;
 allow shell bootchart_data_file:dir rw_dir_perms;
 allow shell bootchart_data_file:file create_file_perms;
+# only allow unprivileged socket ioctl commands
+allow shell self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
 # Do not allow shell to hard link to any files.
 # In particular, if shell hard links to app data
 # files, installd will not be able to guarantee the deletion