Define new kernel security classes
Define new classes and access vectors recognised by the kernel. Bug: 340491179 Test: boot and check logs for undefined class or permission Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
This commit is contained in:
Thiébaud Weksteen
parent
4b79c66714
commit
6772c50574
4 changed files with 34 additions and 10 deletions
|
|
@ -139,6 +139,8 @@ common cap2
|
|||
block_suspend
|
||||
audit_read
|
||||
perfmon
|
||||
checkpoint_restore
|
||||
bpf
|
||||
}
|
||||
|
||||
#
|
||||
|
|
@ -664,6 +666,12 @@ inherits socket
|
|||
class smc_socket
|
||||
inherits socket
|
||||
|
||||
class xdp_socket
|
||||
inherits socket
|
||||
|
||||
class mctp_socket
|
||||
inherits socket
|
||||
|
||||
class bpf
|
||||
{
|
||||
map_create
|
||||
|
|
@ -703,9 +711,6 @@ class drmservice {
|
|||
pread
|
||||
}
|
||||
|
||||
class xdp_socket
|
||||
inherits socket
|
||||
|
||||
class perf_event
|
||||
{
|
||||
open
|
||||
|
|
@ -728,3 +733,8 @@ class io_uring
|
|||
sqpoll
|
||||
cmd
|
||||
}
|
||||
|
||||
class user_namespace
|
||||
{
|
||||
create
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,13 +133,13 @@ class vsock_socket
|
|||
class kcm_socket
|
||||
class qipcrtr_socket
|
||||
class smc_socket
|
||||
class xdp_socket
|
||||
class mctp_socket
|
||||
|
||||
class process2
|
||||
|
||||
class bpf
|
||||
|
||||
class xdp_socket
|
||||
|
||||
class perf_event
|
||||
|
||||
class io_uring
|
||||
|
|
@ -147,6 +147,8 @@ class io_uring
|
|||
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
|
||||
class lockdown
|
||||
|
||||
class user_namespace
|
||||
|
||||
# Property service
|
||||
class property_service # userspace
|
||||
|
||||
|
|
|
|||
|
|
@ -139,6 +139,8 @@ common cap2
|
|||
block_suspend
|
||||
audit_read
|
||||
perfmon
|
||||
checkpoint_restore
|
||||
bpf
|
||||
}
|
||||
|
||||
#
|
||||
|
|
@ -664,6 +666,12 @@ inherits socket
|
|||
class smc_socket
|
||||
inherits socket
|
||||
|
||||
class xdp_socket
|
||||
inherits socket
|
||||
|
||||
class mctp_socket
|
||||
inherits socket
|
||||
|
||||
class bpf
|
||||
{
|
||||
map_create
|
||||
|
|
@ -772,9 +780,6 @@ class drmservice {
|
|||
pread
|
||||
}
|
||||
|
||||
class xdp_socket
|
||||
inherits socket
|
||||
|
||||
class perf_event
|
||||
{
|
||||
open
|
||||
|
|
@ -797,3 +802,8 @@ class io_uring
|
|||
sqpoll
|
||||
cmd
|
||||
}
|
||||
|
||||
class user_namespace
|
||||
{
|
||||
create
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,13 +133,13 @@ class vsock_socket
|
|||
class kcm_socket
|
||||
class qipcrtr_socket
|
||||
class smc_socket
|
||||
class xdp_socket
|
||||
class mctp_socket
|
||||
|
||||
class process2
|
||||
|
||||
class bpf
|
||||
|
||||
class xdp_socket
|
||||
|
||||
class perf_event
|
||||
|
||||
class io_uring
|
||||
|
|
@ -147,6 +147,8 @@ class io_uring
|
|||
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
|
||||
class lockdown
|
||||
|
||||
class user_namespace
|
||||
|
||||
# Property service
|
||||
class property_service # userspace
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue