Gentoo Archives: gentoo-commits

From: Jason Zaman <perfinion@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/flask/
Date: Thu, 31 Mar 2022 03:31:34
Message-Id: 1648694453.d98a4ace89b3fd18005dbb01775294adcf07aa14.perfinion@gentoo
1 commit: d98a4ace89b3fd18005dbb01775294adcf07aa14
2 Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
3 AuthorDate: Tue Mar 22 16:53:16 2022 +0000
4 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5 CommitDate: Thu Mar 31 02:40:53 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d98a4ace
7
8 flask: add new kernel security classes
9
10 Add new kernel security classes mctp_socket, anon_inode and io_uring.
11
12 Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
13 Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
14
15 policy/flask/access_vectors | 16 ++++++++++++++--
16 policy/flask/security_classes | 5 +++++
17 2 files changed, 19 insertions(+), 2 deletions(-)
18
19 diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
20 index d464a3de..2219fb19 100644
21 --- a/policy/flask/access_vectors
22 +++ b/policy/flask/access_vectors
23 @@ -1045,6 +1045,9 @@ class bpf
24 class xdp_socket
25 inherits socket
26
27 +class mctp_socket
28 +inherits socket
29 +
30 class perf_event
31 {
32 open
33 @@ -1057,6 +1060,15 @@ class perf_event
34
35 class lockdown
36 {
37 - integrity
38 - confidentiality
39 + integrity
40 + confidentiality
41 +}
42 +
43 +class anon_inode
44 +inherits file
45 +
46 +class io_uring
47 +{
48 + override_creds
49 + sqpoll
50 }
51
52 diff --git a/policy/flask/security_classes b/policy/flask/security_classes
53 index e62e4c95..63635789 100644
54 --- a/policy/flask/security_classes
55 +++ b/policy/flask/security_classes
56 @@ -193,9 +193,14 @@ class process2
57 class bpf
58
59 class xdp_socket
60 +class mctp_socket
61
62 class perf_event
63
64 class lockdown
65
66 +class anon_inode
67 +
68 +class io_uring
69 +
70 # FLASK