I was looking again at ioctl whitelisting, and excuse me if I overlooked some documentation, but I am having a hard time implementing this. what I did was I just wanted to basically test blacklisting a single ioctl (no particular one) So i looked into androids sepolicy and just picked a semi-random ioctl from their "https://android.googlesource.com/platform/system/sepolicy/+/master/public/ioctl_defines"; for example: PHONE_CAPABILITIES_CHECK 0x40087182 However the xpermissions statement only allows 0x0000 to 0xFFFF when i tried: (xpermission alg_socket_ioctl (ioctl alg_socket (not (0x40087182)))) My question is how do i convert these to something i can use with the xpermission statement in CIL, and why can seandroid sepolicy get away with using 0x12345678 where i have to use 0x1234? I could not find any scripts that converts these in the android tree. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
