1*e4a36f41SAndroid Build Coastguard Worker# Enable new networking controls. 2*e4a36f41SAndroid Build Coastguard Workerpolicycap network_peer_controls; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Worker# Enable open permission check. 5*e4a36f41SAndroid Build Coastguard Workerpolicycap open_perms; 6*e4a36f41SAndroid Build Coastguard Worker 7*e4a36f41SAndroid Build Coastguard Worker# Enable separate security classes for 8*e4a36f41SAndroid Build Coastguard Worker# all network address families previously 9*e4a36f41SAndroid Build Coastguard Worker# mapped to the socket class and for 10*e4a36f41SAndroid Build Coastguard Worker# ICMP and SCTP sockets previously mapped 11*e4a36f41SAndroid Build Coastguard Worker# to the rawip_socket class. 12*e4a36f41SAndroid Build Coastguard Workerpolicycap extended_socket_class; 13*e4a36f41SAndroid Build Coastguard Worker 14*e4a36f41SAndroid Build Coastguard Worker# Enable NoNewPrivileges support. Requires libsepol 2.7+ 15*e4a36f41SAndroid Build Coastguard Worker# and kernel 4.14 (estimated). 16*e4a36f41SAndroid Build Coastguard Worker# 17*e4a36f41SAndroid Build Coastguard Worker# Checks enabled; 18*e4a36f41SAndroid Build Coastguard Worker# process2: nnp_transition, nosuid_transition 19*e4a36f41SAndroid Build Coastguard Worker# 20*e4a36f41SAndroid Build Coastguard Workerpolicycap nnp_nosuid_transition; 21