expand scope of priv_sock_ioctls neverallows

From self to domain Change-Id: I97aeea67a6b66bc307715a050cf7699e5be9715e

expand scope of priv_sock_ioctls neverallows
a8d89c31 · Jeff Vander Stoep · ca76be74 · a8d89c31 · a8d89c31 · a8d89c31
Commit a8d89c31 authored 9 years ago by Jeff Vander Stoep
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -52,5 +52,5 @@ neverallow isolated_app cache_file:dir ~{ r_dir_perms };
 neverallow isolated_app cache_file:file ~{ read getattr };
 # do not allow privileged socket ioctl commands
-neverallowxperm isolated_app self:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm isolated_app domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
--- a/shell.te
+++ b/shell.te
@@ -138,4 +138,4 @@ allowxperm shell self:{ rawip_socket tcp_socket udp_socket } ioctl unpriv_sock_i
 neverallow shell file_type:file link;
 # Do not allow privileged socket ioctl commands
-neverallowxperm shell self:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -152,7 +152,7 @@ neverallow untrusted_app file_type:file link;
 neverallow untrusted_app sysfs_mac_address:file no_rw_file_perms;
 # do not allow privileged socket ioctl commands
-neverallowxperm untrusted_app self:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+neverallowxperm untrusted_app domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
 # Do not allow untrusted_app access to /cache
 neverallow untrusted_app { cache_file cache_recovery_file }:dir ~{ r_dir_perms };