Diff - 1b1d133be5350989cbd6c09e4f000e146f9ab7ae^! - android_system_sepolicy

commit	1b1d133be5350989cbd6c09e4f000e146f9ab7ae	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Sep 07 10:48:55 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Sep 07 10:52:31 2018 -0700
tree	9cd65b45032e25feaf15b819a484c56b63ded77d
parent	8d7d5b42b5e3f5974a468940019d392f9b818a9e [diff] [blame]

Add nnp_nosuid_transition policycap and related class/perm definitions.

https://github.com/torvalds/linux/commit/af63f4193f9fbbbac50fc766417d74735afd87ef
allows a security policy writer to determine whether transitions under
nosuid / NO_NEW_PRIVS should be allowed or not.

Define these permissions, so that they're usable to policy writers.

This change is modeled after refpolicy
https://github.com/TresysTechnology/refpolicy/commit/1637a8b407c85f67f0b2ca5c6d852cef3c999087

Test: policy compiles and device boots
Test Note: Because this requires a newer kernel, full testing on such
   kernels could not be done.
Change-Id: I9866724b3b97adfc0cdef5aaba6de0ebbfbda72f

diff --git a/private/security_classes b/private/security_classes
index 251b721..e0007d1 100644
--- a/private/security_classes
+++ b/private/security_classes

@@ -130,6 +130,8 @@
 class qipcrtr_socket
 class smc_socket
 
+class process2
+
 # Property service
 class property_service          # userspace