Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit f5ada1fa authored Apr 08, 2016 by Alex Yakavenka Committed by Gerrit - the friendly Code Review server Oct 24, 2017

security: Extend SELinux to support CAN sockets



CAN socket SELinux support is required to be able
to distinguish between generic socket and can_socket

Change-Id: I9ec2099fc4c08ab6406e33ff9ad821ef18261763
Signed-off-by: Alex Yakavenka <ayakav@codeaurora.org>

parent 9551e129

security/selinux/hooks.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1246,6 +1246,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
		return SECCLASS_KEY_SOCKET;
		case PF_APPLETALK:
		return SECCLASS_APPLETALK_SOCKET;
		case PF_CAN:
		return SECCLASS_CAN_SOCKET;
		}

		return SECCLASS_SOCKET;

security/selinux/include/classmap.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -157,5 +157,7 @@ struct security_class_mapping secclass_map[] = {
		{ COMMON_SOCK_PERMS, "attach_queue", NULL } },
		{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
		NULL } },
		{ "can_socket",
		{ COMMON_SOCK_PERMS, NULL } },
		{ NULL }
		};