Define new kernel security classes
Define new classes and access vectors recognised by the kernel.
Bug: 340491179
Test: boot and check logs for undefined class or permission
Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
diff --git a/private/access_vectors b/private/access_vectors
index 60ec0ae..7a280c5 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -139,6 +139,8 @@
block_suspend
audit_read
perfmon
+ checkpoint_restore
+ bpf
}
#
@@ -664,6 +666,12 @@
class smc_socket
inherits socket
+class xdp_socket
+inherits socket
+
+class mctp_socket
+inherits socket
+
class bpf
{
map_create
@@ -772,9 +780,6 @@
pread
}
-class xdp_socket
-inherits socket
-
class perf_event
{
open
@@ -797,3 +802,8 @@
sqpoll
cmd
}
+
+class user_namespace
+{
+ create
+}
diff --git a/private/security_classes b/private/security_classes
index 99f947f..1d13d9f 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -133,13 +133,13 @@
class kcm_socket
class qipcrtr_socket
class smc_socket
+class xdp_socket
+class mctp_socket
class process2
class bpf
-class xdp_socket
-
class perf_event
class io_uring
@@ -147,6 +147,8 @@
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
class lockdown
+class user_namespace
+
# Property service
class property_service # userspace