08f92f9c01fc5b86d620024573c46ff9e6ec173b - android_system_sepolicy

commit	08f92f9c01fc5b86d620024573c46ff9e6ec173b	[log] [tgz]
author	Chenbo Feng <fengc@google.com>	Tue Aug 22 18:33:46 2017 -0700
committer	Chenbo Feng <fengc@google.com>	Tue Jan 02 11:52:33 2018 -0800
tree	157d64c44cf6a3cf535e70220b065db6af3ca51f
parent	254ad0da3ac3709cbce81af2a6faeb23317afea3 [diff]

sepolicy: New sepolicy classes and rules about bpf object

Add the new classes for eBPF map and program to limit the access to eBPF
object. Add corresponding rules to allow netd module initialize bpf
programs and maps, use the program and read/wirte to eBPF maps.

Test: no bpf sepolicy violations when device boot
Change-Id: I63c35cd60f1972d4fb36ef2408da8d5f2246f7fd

private/access_vectors[diff]
private/security_classes[diff]
public/netd.te[diff]

3 files changed

tree: 157d64c44cf6a3cf535e70220b065db6af3ca51f

prebuilts/
private/
public/
reqd_mask/
tests/
tools/
vendor/
Android.bp
Android.mk
CleanSpec.mk
definitions.mk
MODULE_LICENSE_PUBLIC_DOMAIN
NOTICE
OWNERS
PREUPLOAD.cfg
README