diff options
| author | Bram Bonné <brambonne@google.com> | 2020-12-03 19:03:55 +0100 |
|---|---|---|
| committer | Bram Bonné <brambonne@google.com> | 2020-12-10 11:55:45 +0100 |
| commit | 0ba499896a6f1c86f48f2a0b2e596df6ecbb2b2e (patch) | |
| tree | 7a2283a6a128751c1bca32ff32a40acdeced22ae /libc/stdio/stdio.cpp | |
| parent | d911c669ae6fb1bbb52e6197d18cfdd5d184cfcb (diff) | |
Soft-enable MAC address restrictions with allowlist.
Soft-limits apps from calling bind() on NETLINK_ROUTE sockets, and
getting link info through getifaddrs(), while still allowing apps on the
allowlist to temporarily perform these actions.
This is different from existing behavior, where apps targeting an API
level < 30 were exempted from this restriction.
Actual enforcement will happen through SELinux (as is currently the
case for apps targeting API >= 30). This temporary change will then be
reverted.
If you arrived at this change due to an app showing unexpected behavior,
please file a bug at go/netlink-bug.
Bug: 170188668
Bug: 170214442
Test: Call bind() on NETLINK_ROUTE for an app on the allowlist.
Test: Call bind() on NETLINK_ROUTE for an app not on the allowlist.
Test: Call getifaddrs() for an app on the allowlist.
Test: Call getifaddrs() for an app not on the allowlist.
Change-Id: I0488932deea2a7211e55a24bc33bfa3cfb16fba2
Diffstat (limited to 'libc/stdio/stdio.cpp')
0 files changed, 0 insertions, 0 deletions