diff options
author | Alex Klyubin <klyubin@google.com> | 2013-07-16 09:45:39 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2013-07-16 13:45:53 -0700 |
commit | 7cda86eb46021cff20a08dcde56c1a15291fa582 (patch) | |
tree | 8951acfce31cc399ec090e3d52f957e475c25dc8 | |
parent | 24617fc3b8de501d3e6197e21d058496f400db07 (diff) | |
download | sepolicy-7cda86eb46021cff20a08dcde56c1a15291fa582.tar.gz |
Permit apps to bind TCP/UDP sockets to a hostname
Change-Id: Ided2cf793e94bb58529789c3075f8480c0d0cf4e
-rw-r--r-- | untrusted_app.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/untrusted_app.te b/untrusted_app.te index 9894094..c91543e 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -32,6 +32,9 @@ allow untrusted_app asec_apk_file:file r_file_perms; # Create tcp/udp sockets allow untrusted_app node_type:{ tcp_socket udp_socket } node_bind; allow untrusted_app self:{ tcp_socket udp_socket } { create_socket_perms accept listen }; +# Bind to a particular hostname/address/interface (e.g., localhost) instead of +# ANY. Normally, apps should not be listening on all interfaces. +allow untrusted_app port:{ tcp_socket udp_socket } name_bind; # Allow the allocation and use of ptys # Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm |