Define new kernel security classes
Define new classes and access vectors recognised by the kernel.
Bug: 340491179
Test: boot and check logs for undefined class or permission
Change-Id: I9b32916ea231cf396aa326ed7e08cb14e4eb2c9b
diff --git a/private/access_vectors b/private/access_vectors
index 60ec0ae..7a280c5 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -139,6 +139,8 @@
block_suspend
audit_read
perfmon
+ checkpoint_restore
+ bpf
}
#
@@ -664,6 +666,12 @@
class smc_socket
inherits socket
+class xdp_socket
+inherits socket
+
+class mctp_socket
+inherits socket
+
class bpf
{
map_create
@@ -772,9 +780,6 @@
pread
}
-class xdp_socket
-inherits socket
-
class perf_event
{
open
@@ -797,3 +802,8 @@
sqpoll
cmd
}
+
+class user_namespace
+{
+ create
+}