tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Define new kernel security classes

Browse source 
Define new classes and access vectors recognised by the kernel.

Bug: 340491179
Test: boot and check logs for undefined class or permission
Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
This commit is contained in:
Thiébaud Weksteen 2024-05-15 13:12:40 +10:00
parent 4b79c66714
commit 6772c50574
4 changed files with 34 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
microdroid/system/private/access_vectors
View file

@ -139,6 +139,8 @@ common cap2
block_suspend block_suspend
audit_read audit_read
perfmon perfmon
checkpoint_restore
bpf
} }
# #
@ -664,6 +666,12 @@ inherits socket
class smc_socket class smc_socket
inherits socket inherits socket
class xdp_socket
inherits socket
class mctp_socket
inherits socket
class bpf class bpf
{ {
map_create map_create
@ -703,9 +711,6 @@ class drmservice {
pread pread
} }
class xdp_socket
inherits socket
class perf_event class perf_event
{ {
open open
@ -728,3 +733,8 @@ class io_uring
sqpoll sqpoll
cmd cmd
} }
class user_namespace
{
create
}

6
microdroid/system/private/security_classes
View file

@ -133,13 +133,13 @@ class vsock_socket
class kcm_socket class kcm_socket
class qipcrtr_socket class qipcrtr_socket
class smc_socket class smc_socket
class xdp_socket
class mctp_socket
class process2 class process2
class bpf class bpf
class xdp_socket
class perf_event class perf_event
class io_uring class io_uring
@ -147,6 +147,8 @@ class io_uring
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 # Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
class lockdown class lockdown
class user_namespace
# Property service # Property service
class property_service # userspace class property_service # userspace

16
private/access_vectors
View file

@ -139,6 +139,8 @@ common cap2
block_suspend block_suspend
audit_read audit_read
perfmon perfmon
checkpoint_restore
bpf
} }
# #
@ -664,6 +666,12 @@ inherits socket
class smc_socket class smc_socket
inherits socket inherits socket
class xdp_socket
inherits socket
class mctp_socket
inherits socket
class bpf class bpf
{ {
map_create map_create
@ -772,9 +780,6 @@ class drmservice {
pread pread
} }
class xdp_socket
inherits socket
class perf_event class perf_event
{ {
open open
@ -797,3 +802,8 @@ class io_uring
sqpoll sqpoll
cmd cmd
} }
class user_namespace
{
create
}

6
private/security_classes
View file

@ -133,13 +133,13 @@ class vsock_socket
class kcm_socket class kcm_socket
class qipcrtr_socket class qipcrtr_socket
class smc_socket class smc_socket
class xdp_socket
class mctp_socket
class process2 class process2
class bpf class bpf
class xdp_socket
class perf_event class perf_event
class io_uring class io_uring
@ -147,6 +147,8 @@ class io_uring
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 # Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
class lockdown class lockdown
class user_namespace
# Property service # Property service
class property_service # userspace class property_service # userspace