57bdcbe6ca
Map the permission gating RTM_GETLINK messages to a new permission so that it can be distinguished from the other netlink route permissions in selinux policy. This is a temporary Android-only patch that will be deprecated in newer kernels once the long-term solution lands as discusssed on the mailing list [1]. The maintainer's recommended solution is more general, much more complex, and likely not suitable for backporting. This patch provides the minimal change needed for Android including the userspace settable trigger which ensures that the permission change is only applied to the newest version of Android which contains the changes needed for userpace compatibility. [1]: https://lore.kernel.org/selinux/20200116142653.61738-1-jeffv@google.com/ Bug: 141455849 Bug: 148218425 Test: CtsSelinuxTargetSdkCurrentTestCases Test: atest bionic-unit-tests-static Test: atest NetworkInterfaceTest Test: Connect to Wi-Fi network Test: Set up hotspot Test: Cast from device Test: Pair Bluetooth device Test: Call getifaddrs() directly from within an app. Test: Call NetworkInterface#getNetworkInterfaces() from within an app. Change-Id: I7b44ce60ad98f858c412722d41b9842f8577151f Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Git-repo: https://android.googlesource.com/kernel/common Git-commit: ba835f8db4a3005e34542a3af7f19fce30ade6fd Signed-off-by: Alam Md Danish <amddan@codeaurora.org> |
||
|---|---|---|
| .. | ||
| apparmor | ||
| integrity | ||
| keys | ||
| loadpin | ||
| pfe | ||
| selinux | ||
| smack | ||
| tomoyo | ||
| yama | ||
| commoncap.c | ||
| device_cgroup.c | ||
| inode.c | ||
| Kconfig | ||
| Kconfig.hardening | ||
| lsm_audit.c | ||
| Makefile | ||
| min_addr.c | ||
| security.c | ||