1 |
commit: d98a4ace89b3fd18005dbb01775294adcf07aa14 |
2 |
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com> |
3 |
AuthorDate: Tue Mar 22 16:53:16 2022 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 31 02:40:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d98a4ace |
7 |
|
8 |
flask: add new kernel security classes |
9 |
|
10 |
Add new kernel security classes mctp_socket, anon_inode and io_uring. |
11 |
|
12 |
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com> |
13 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
14 |
|
15 |
policy/flask/access_vectors | 16 ++++++++++++++-- |
16 |
policy/flask/security_classes | 5 +++++ |
17 |
2 files changed, 19 insertions(+), 2 deletions(-) |
18 |
|
19 |
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors |
20 |
index d464a3de..2219fb19 100644 |
21 |
--- a/policy/flask/access_vectors |
22 |
+++ b/policy/flask/access_vectors |
23 |
@@ -1045,6 +1045,9 @@ class bpf |
24 |
class xdp_socket |
25 |
inherits socket |
26 |
|
27 |
+class mctp_socket |
28 |
+inherits socket |
29 |
+ |
30 |
class perf_event |
31 |
{ |
32 |
open |
33 |
@@ -1057,6 +1060,15 @@ class perf_event |
34 |
|
35 |
class lockdown |
36 |
{ |
37 |
- integrity |
38 |
- confidentiality |
39 |
+ integrity |
40 |
+ confidentiality |
41 |
+} |
42 |
+ |
43 |
+class anon_inode |
44 |
+inherits file |
45 |
+ |
46 |
+class io_uring |
47 |
+{ |
48 |
+ override_creds |
49 |
+ sqpoll |
50 |
} |
51 |
|
52 |
diff --git a/policy/flask/security_classes b/policy/flask/security_classes |
53 |
index e62e4c95..63635789 100644 |
54 |
--- a/policy/flask/security_classes |
55 |
+++ b/policy/flask/security_classes |
56 |
@@ -193,9 +193,14 @@ class process2 |
57 |
class bpf |
58 |
|
59 |
class xdp_socket |
60 |
+class mctp_socket |
61 |
|
62 |
class perf_event |
63 |
|
64 |
class lockdown |
65 |
|
66 |
+class anon_inode |
67 |
+ |
68 |
+class io_uring |
69 |
+ |
70 |
# FLASK |