Update access_vectors Update access_vectors to support newer kernel functionality. This change does not grant any new access. Inspired by the following refpolicy commits: * https://github.com/SELinuxProject/refpolicy/commit/25a5b2427447eb14edb07ce302217d37528813bc * https://github.com/SELinuxProject/refpolicy/commit/109ab3296bce27281c453617d3629a238f5e4dbf * https://github.com/SELinuxProject/refpolicy/commit/437e48ac53307e1e2e13e49d349c0a09b12eb187 Bug: 118843234 Test: policy compiles Change-Id: I7c5a8dcf288dc2321adcf368bd0c0573c5257202

commit: ea1775dcb5eac51fc8ded9623a009570ce59ef48 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Nov 01 19:39:44 2018 -0700
committer: Nick Kralevich <nnk@google.com> Thu Nov 01 19:53:50 2018 -0700
tree: 4d5ee15ac0063c4e3be253a00ec42723d1bdd0f3
parent: 5152fc884f8437040f3c5f4b112dc7b36af8cad8 [diff] [blame]
diff --git a/private/access_vectors b/private/access_vectors
index 59e6d32..b77dcc1 100644
--- a/private/access_vectors
+++ b/private/access_vectors

@@ -547,6 +547,16 @@
 class netlink_crypto_socket
 inherits socket
 
+class infiniband_pkey
+{
+	access
+}
+
+class infiniband_endport
+{
+	manage_subnet
+}
+
 #
 # Define the access vector interpretation for controlling capabilities
 # in user namespaces
@@ -573,6 +583,8 @@
 inherits socket
 {
 	node_bind
+	name_connect
+	association
 }
 
 class icmp_socket
@@ -729,3 +741,6 @@
 	finalizeDecryptUnit
 	pread
 }
+
+class xdp_socket
+inherits socket
commit	ea1775dcb5eac51fc8ded9623a009570ce59ef48	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Nov 01 19:39:44 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Nov 01 19:53:50 2018 -0700
tree	4d5ee15ac0063c4e3be253a00ec42723d1bdd0f3
parent	5152fc884f8437040f3c5f4b112dc7b36af8cad8 [diff] [blame]