Merge android11-5.4.86+ (fe9e863) into msm-5.4 (1154cfab) · Commits · e / devices / android_kernel_fairphone_FP5

android/GKI_VERSION

+1 −1

Original line number	Diff line number	Diff line
		LTS_5.4.86_e399f16519fa
		LTS_5.4.86_fe9e8630bfaf

+0 −4

Original line number	Diff line number	Diff line
		@@ -2861,8 +2861,6 @@ static int bpf_skb_proto_4_to_6(struct sk_buff *skb)
		shinfo->gso_type \|= SKB_GSO_TCPV6;
		}

		/* Due to IPv6 header, MSS needs to be downgraded. */
		skb_decrease_gso_size(shinfo, len_diff);
		/* Header must be checked, and gso_segs recomputed. */
		shinfo->gso_type \|= SKB_GSO_DODGY;
		shinfo->gso_segs = 0;
		@@ -2902,8 +2900,6 @@ static int bpf_skb_proto_6_to_4(struct sk_buff *skb)
		shinfo->gso_type \|= SKB_GSO_TCPV4;
		}

		/* Due to IPv4 header, MSS can be upgraded. */
		skb_increase_gso_size(shinfo, len_diff);
		/* Header must be checked, and gso_segs recomputed. */
		shinfo->gso_type \|= SKB_GSO_DODGY;
		shinfo->gso_segs = 0;

+2 −1

Original line number	Diff line number	Diff line
		@@ -116,7 +116,8 @@ struct security_class_mapping secclass_map[] = {
		{ COMMON_IPC_PERMS, NULL } },
		{ "netlink_route_socket",
		{ COMMON_SOCK_PERMS,
		"nlmsg_read", "nlmsg_write", "nlmsg_readpriv", NULL } },
		"nlmsg_read", "nlmsg_write", "nlmsg_readpriv", "nlmsg_getneigh",
		NULL } },
		{ "netlink_tcpdiag_socket",
		{ COMMON_SOCK_PERMS,
		"nlmsg_read", "nlmsg_write", NULL } },

+9 −0

Original line number	Diff line number	Diff line
		@@ -106,6 +106,8 @@ struct selinux_state {
		bool initialized;
		bool policycap[__POLICYDB_CAPABILITY_MAX];
		bool android_netlink_route;
		bool android_netlink_getneigh;

		struct selinux_avc *avc;
		struct selinux_ss *ss;
		};
		@@ -185,6 +187,13 @@ static inline bool selinux_android_nlroute_getlink(void)
		return state->android_netlink_route;
		}

		static inline bool selinux_android_nlroute_getneigh(void)
		{
		struct selinux_state *state = &selinux_state;

		return state->android_netlink_getneigh;
		}

		int security_mls_enabled(struct selinux_state *state);
		int security_load_policy(struct selinux_state *state,
		void *data, size_t len);

+20 −4

Original line number	Diff line number	Diff line
		@@ -207,12 +207,12 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
		return err;
		}

		static void nlmsg_set_getlink_perm(u32 perm)
		static void nlmsg_set_perm_for_type(u32 perm, u16 type)
		{
		int i;

		for (i = 0; i < ARRAY_SIZE(nlmsg_route_perms); i++) {
		if (nlmsg_route_perms[i].nlmsg_type == RTM_GETLINK) {
		if (nlmsg_route_perms[i].nlmsg_type == type) {
		nlmsg_route_perms[i].perm = perm;
		break;
		}
		@@ -222,11 +222,27 @@ static void nlmsg_set_getlink_perm(u32 perm)
		/**
		* Use nlmsg_readpriv as the permission for RTM_GETLINK messages if the
		* netlink_route_getlink policy capability is set. Otherwise use nlmsg_read.
		* Similarly, use nlmsg_getneigh for RTM_GETNEIGH and RTM_GETNEIGHTBL if the
		* netlink_route_getneigh policy capability is set. Otherwise use nlmsg_read.
		*/
		void selinux_nlmsg_init(void)
		{
		if (selinux_android_nlroute_getlink())
		nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READPRIV);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READPRIV,
		RTM_GETLINK);
		else
		nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READ);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
		RTM_GETLINK);

		if (selinux_android_nlroute_getneigh()) {
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_GETNEIGH,
		RTM_GETNEIGH);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_GETNEIGH,
		RTM_GETNEIGHTBL);
		} else {
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
		RTM_GETNEIGH);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
		RTM_GETNEIGHTBL);
		}
		}