Tighten up handling of new classes (a194d375) · Commits · CodeLinaro / public-release-test / platform / system / sepolicy

Commit a194d375 authored 6 years ago by Nick Kralevich

Tighten up handling of new classes

1b1d133b added the process2 class but
forgot to suppress SELinux denials associated with these permissions
for the su domain. Suppress them.

Ensure xdp_socket is in socket_class_set, so the existing dontaudit rule
in su.te is relevant. Inspired by
https://github.com/SELinuxProject/refpolicy/commit/66a337eec6d7244e44e51936835b4e904f275a02

Add xdp_socket to various other neverallow rules.

Test: policy compiles.
Change-Id: If5422ecfa0cc864a51dd69559a51d759e078c8e7

parent e00ca14c

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 5 additions and 4 deletions

Please register or to comment