Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ea1775dcb5eac51fc8ded9623a009570ce59ef48^! / . / private / security_classes
commitea1775dcb5eac51fc8ded9623a009570ce59ef48[log] [tgz]
authorNick Kralevich <nnk@google.com>Thu Nov 01 19:39:44 2018 -0700
committerNick Kralevich <nnk@google.com>Thu Nov 01 19:53:50 2018 -0700
tree4d5ee15ac0063c4e3be253a00ec42723d1bdd0f3
parent5152fc884f8437040f3c5f4b112dc7b36af8cad8 [diff] [blame]
Update access_vectors

Update access_vectors to support newer kernel functionality.
This change does not grant any new access.

Inspired by the following refpolicy commits:
* https://github.com/SELinuxProject/refpolicy/commit/25a5b2427447eb14edb07ce302217d37528813bc
* https://github.com/SELinuxProject/refpolicy/commit/109ab3296bce27281c453617d3629a238f5e4dbf
* https://github.com/SELinuxProject/refpolicy/commit/437e48ac53307e1e2e13e49d349c0a09b12eb187

Bug: 118843234
Test: policy compiles
Change-Id: I7c5a8dcf288dc2321adcf368bd0c0573c5257202

diff --git a/private/security_classes b/private/security_classes
index e0007d1..25b4cba 100644
--- a/private/security_classes
+++ b/private/security_classes

@@ -35,7 +35,6 @@
 class key_socket
 class unix_stream_socket
 class unix_dgram_socket
-class bpf
 
 # sysv-ipc-related classes
 class sem
@@ -93,6 +92,10 @@
 class netlink_rdma_socket
 class netlink_crypto_socket
 
+# Infiniband
+class infiniband_pkey
+class infiniband_endport
+
 # Capability checks when on a non-init user namespace
 class cap_userns
 class cap2_userns
@@ -132,6 +135,10 @@
 
 class process2
 
+class bpf
+
+class xdp_socket
+
 # Property service
 class property_service          # userspace