sepolicy: Define validate_trans permission
Kernel commit f9df6458218f4fe ("selinux: export validatetrans
decisions") introduced a /sys/fs/selinux/validatetrans pseudo file
for use by userspace file system servers and defined a new validatetrans
permission to control its use.
Define the new permission in the Android SELinux policy.
This change only defines the new permission; it does not allow it
to any domains by default.
This avoids a kernel message warning about the undefined permission on
the policy load, ala:
SELinux: Permission validate_trans in class security not defined in policy.
Test: Policy builds
Change-Id: Ib922a83b7d8f94905207663a72f7a1bc3db8d2c2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/private/access_vectors b/private/access_vectors
index e45d0b2..12ad15f 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -369,6 +369,7 @@
setsecparam
setcheckreqprot
read_policy
+ validate_trans
}