Enable netlink_xperm capability The new netlink_xperm capability is enabled for kernel >= 6.13. This ensures that the new extended permission (nlmsg) is used in place of the previous permissions (i.e., nlmsg_read, nlmsg_write, nlmsg_readpriv and nlmsg_getneigh). On older kernels, this unknown capability is simply ignored. Bug: 353255679 Test: presubmit Change-Id: I2521cdaa50bc2a2abbc633085f30eb92c567c6d0

commit: fa4957fbb25a4b248a04c08c669da3829850ca3e [log] [tgz]
author: Thiébaud Weksteen <tweek@google.com> Fri Sep 20 16:45:29 2024 +1000
committer: Thiébaud Weksteen <tweek@google.com> Thu Nov 28 01:59:21 2024 +0000
tree: cefaa1509d9985afe20171c9d3863db1afbe598e
parent: dd25127cc939a280a70091701691141a9aab584d [diff]
diff --git a/private/policy_capabilities b/private/policy_capabilities
index 9290e3a..e0f27c2 100644
--- a/private/policy_capabilities
+++ b/private/policy_capabilities

@@ -18,3 +18,7 @@
 # process2: nnp_transition, nosuid_transition
 #
 policycap nnp_nosuid_transition;
+
+# Support extended permissions for netlink sockets.
+# Available in kernel >= 6.13.
+policycap netlink_xperm;
commit	fa4957fbb25a4b248a04c08c669da3829850ca3e	[log] [tgz]
author	Thiébaud Weksteen <tweek@google.com>	Fri Sep 20 16:45:29 2024 +1000
committer	Thiébaud Weksteen <tweek@google.com>	Thu Nov 28 01:59:21 2024 +0000
tree	cefaa1509d9985afe20171c9d3863db1afbe598e
parent	dd25127cc939a280a70091701691141a9aab584d [diff]