SELinux ioctl whitelisting is an awesome feature. It's way lighter than using seccomp and it provides *per-device-type* ioctl whitelists.
-
-
The fact that Android SELinux policy is specialized per device is a big deal. It allows for more precise SELinux policies, especially ioctl.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.