commit: f160686cb9df39cb59dda8c3178fd70f9c4a1b48
Author: Laurent Bigonville <bigon <AT> bigon <DOT> be>
AuthorDate: Wed May 6 16:31:28 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 22 19:16:43 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f160686c
Add "binder" security class and access vectors
policy/flask/access_vectors | 8 ++++++++
policy/flask/security_classes | 2 ++
2 files changed, 10 insertions(+)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index da539c8..2b20aa0 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -844,6 +844,14 @@ inherits socket
attach_queue
}
+class binder
+{
+ impersonate
+ call
+ set_context_mgr
+ transfer
+}
+
class x_pointer
inherits x_device
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index caed61a..653d347 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -123,6 +123,8 @@ class kernel_service
class tun_socket
+class binder
+
# Still More SE-X Windows stuff
class x_pointer # userspace
class x_keyboard # userspace
