Do not allow untrusted apps to read sysfs_net files

(this includes /sys/class/net/*/address device mac addresses) Test: builds Bug: 137816564 Change-Id: I84268b2e0207559ed00baafb8a3f231c676f8df1 Signed-off-by: Maciej Żenczykowski <maze@google.com>
2019-07-18 00:04:54 -07:00 · 2019-07-18 00:04:54 -07:00 · 804d99ac76
commit 804d99ac76
parent 6b2eaade82
1 changed files with 1 additions and 0 deletions
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@ -87,6 +87,7 @@ neverallow all_untrusted_apps file_type:file link;

 # Do not allow untrusted apps to access network MAC address file
 neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
+neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;

 # Do not allow any write access to files in /sys
 neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms };