Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 51ed2f918d29fb0337e1b5ac71beb08b385cd682
commit51ed2f918d29fb0337e1b5ac71beb08b385cd682[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Thu Jan 16 10:17:12 2020 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Thu Jan 16 10:17:12 2020 -0500
treef910e05fef6d760c977db794afcad4e81a5f5bb1
parent8943f24f02582a9ec0e05d450f672c997174c271 [diff]
access_vectors: remove flow_in and flow_out permissions from packet class

These permissions were never checked upstream; they were only added to the
kernel definitions when the peer class was added for consistency with
Fedora SELinux policies by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f67f4f315f31e7907779adb3296fb6682e755342
and were removed from the kernel's classmap in:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=47ac19ea429aee561f66e9cd05b908e8ffbc498a
circa v2.6.39.

NB These permissions do not appear to have ever been used in any Android
policy, but the declarations do exist in the
prebuilts/api/*/private/access_vectors files.
This change does not update those files.

The corresponding change was made to refpolicy in:
https://github.com/SELinuxProject/refpolicy/commit/f4459adf3242ed2dbc35e2125f55ec299378c04c

Test: policy still builds

Change-Id: Ic76c54b10fef2d5a688e5065e9f058f74f646820
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
tree: f910e05fef6d760c977db794afcad4e81a5f5bb1
  1. apex/
  2. build/
  3. prebuilts/
  4. private/
  5. public/
  6. reqd_mask/
  7. tests/
  8. tools/
  9. vendor/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. compat.mk
  15. contexts_tests.mk
  16. definitions.mk
  17. mac_permissions.mk
  18. MODULE_LICENSE_PUBLIC_DOMAIN
  19. NOTICE
  20. OWNERS
  21. policy_version.mk
  22. PREUPLOAD.cfg
  23. README
  24. seapp_contexts.mk
  25. treble_sepolicy_tests_for_release.mk