evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security: Extend SELinux to support CAN sockets

Browse source 
CAN socket SELinux support is required to be able
to distinguish between generic socket and can_socket

Change-Id: I9ec2099fc4c08ab6406e33ff9ad821ef18261763
Signed-off-by: Alex Yakavenka <ayakav@codeaurora.org>
This commit is contained in:
Alex Yakavenka 2016-04-08 15:29:45 -07:00 committed by Gerrit - the friendly Code Review server
parent 9551e129dd
commit f5ada1fa7a
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
security/selinux/hooks.c
View file

@ -1246,6 +1246,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_KEY_SOCKET;
case PF_APPLETALK:
return SECCLASS_APPLETALK_SOCKET;
case PF_CAN:
return SECCLASS_CAN_SOCKET;
}
return SECCLASS_SOCKET;

2
security/selinux/include/classmap.h
View file

@ -157,5 +157,7 @@ struct security_class_mapping secclass_map[] = {
{ COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
NULL } },
{ "can_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ NULL }
};