commit: d98a4ace89b3fd18005dbb01775294adcf07aa14
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Tue Mar 22 16:53:16 2022 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Mar 31 02:40:53 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=d98a4ace
flask: add new kernel security classes
Add new kernel security classes mctp_socket, anon_inode and io_uring.
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/flask/access_vectors | 16 ++++++++++++++--
policy/flask/security_classes | 5 +++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index d464a3de..2219fb19 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -1045,6 +1045,9 @@ class bpf
class xdp_socket
inherits socket
+class mctp_socket
+inherits socket
+
class perf_event
{
open
@@ -1057,6 +1060,15 @@ class perf_event
class lockdown
{
- integrity
- confidentiality
+ integrity
+ confidentiality
+}
+
+class anon_inode
+inherits file
+
+class io_uring
+{
+ override_creds
+ sqpoll
}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index e62e4c95..63635789 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -193,9 +193,14 @@ class process2
class bpf
class xdp_socket
+class mctp_socket
class perf_event
class lockdown
+class anon_inode
+
+class io_uring
+
# FLASK
