Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 9b629132 authored by Chenbo Feng's avatar Chenbo Feng
Browse files

UPSTREAM: selinux: bpf: Add selinux check for eBPF syscall operations 



Implement the actual checks introduced to eBPF related syscalls. This
implementation use the security field inside bpf object to store a sid that
identify the bpf object. And when processes try to access the object,
selinux will check if processes have the right privileges. The creation
of eBPF object are also checked at the general bpf check hook and new
cmd introduced to eBPF domain can also be checked there.

Signed-off-by: default avatarChenbo Feng <fengc@google.com>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>

(cherry-pick from net-next: ec27c3568a34c7fe5fcf4ac0a354eda77687f7eb)
Bug: 30950746
Change-Id: Ifb0cdd4b7d470223b143646b339ba511ac77c156
parent f3ad3766
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment