add fs_bpf_loader selinux type To be used for things that only the bpfloader should be access. Expected use case is for programs that the bpfloader should load, pin into the filesystem, *and* attach. [ie. no need for anything else to attach the programs] Test: TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I035d3fcbf6cee523e41cdde23b8edc13311a45e8

commit: e14e69a947a473ce81f220bae3caea122f5bca97 [log] [tgz]
author: Maciej Żenczykowski <maze@google.com> Thu Dec 01 14:45:35 2022 +0000
committer: Maciej Żenczykowski <maze@google.com> Fri Dec 02 12:26:49 2022 +0000
tree: 35563857c068a876a1d852dbaaeb0b4fd12c8be1
parent: ebb45f9deab3a8ae3ecfac06204797b28a6856cd [diff] [blame]
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 29d8561..d0af186 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts

@@ -395,7 +395,9 @@
 genfscon functionfs / u:object_r:functionfs:s0
 genfscon usbfs / u:object_r:usbfs:s0
 genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
+
 genfscon bpf / u:object_r:fs_bpf:s0
+genfscon bpf /loader u:object_r:fs_bpf_loader:s0
 genfscon bpf /net_private u:object_r:fs_bpf_net_private:s0
 genfscon bpf /net_shared u:object_r:fs_bpf_net_shared:s0
 genfscon bpf /netd_readonly u:object_r:fs_bpf_netd_readonly:s0
commit	e14e69a947a473ce81f220bae3caea122f5bca97	[log] [tgz]
author	Maciej Żenczykowski <maze@google.com>	Thu Dec 01 14:45:35 2022 +0000
committer	Maciej Żenczykowski <maze@google.com>	Fri Dec 02 12:26:49 2022 +0000
tree	35563857c068a876a1d852dbaaeb0b4fd12c8be1
parent	ebb45f9deab3a8ae3ecfac06204797b28a6856cd [diff] [blame]