Merge "Update access_vectors"

5c484443 · Treehugger Robot · Gerrit Code Review · ced51ddd · ea1775dc · 5c484443
Commit 5c484443 authored 6 years ago by Treehugger Robot Committed by Gerrit Code Review 6 years ago
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -547,6 +547,16 @@ inherits socket
 class netlink_crypto_socket
 inherits socket
+class infiniband_pkey
+{
+	access
+}
+class infiniband_endport
+{
+	manage_subnet
+}
 #
 # Define the access vector interpretation for controlling capabilities
 # in user namespaces
@@ -573,6 +583,8 @@ class sctp_socket
 inherits socket
 {
 	node_bind
+	name_connect
+	association
 }
 class icmp_socket
@@ -729,3 +741,6 @@ class drmservice {
 	finalizeDecryptUnit
 	pread
 }
+class xdp_socket
+inherits socket
--- a/private/security_classes
+++ b/private/security_classes
@@ -35,7 +35,6 @@ class packet_socket
 class key_socket
 class unix_stream_socket
 class unix_dgram_socket
-class bpf
 # sysv-ipc-related classes
 class sem
@@ -93,6 +92,10 @@ class netlink_scsitransport_socket
 class netlink_rdma_socket
 class netlink_crypto_socket
+# Infiniband
+class infiniband_pkey
+class infiniband_endport
 # Capability checks when on a non-init user namespace
 class cap_userns
 class cap2_userns
@@ -132,6 +135,10 @@ class smc_socket
 class process2
+class bpf
+class xdp_socket
 # Property service
 class property_service          # userspace

--- a/public/global_macros
+++ b/public/global_macros
@@ -12,8 +12,8 @@ define(`dir_file_class_set', `{ dir file_class_set }')
 define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket }')
 define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
-define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket }')
+define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
-define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket }')
+define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
 define(`ipc_class_set', `{ sem msgq shm ipc }')