diff options
| author | Connor O'Brien <connoro@google.com> | 2020-02-07 10:01:49 -0800 |
|---|---|---|
| committer | Hongguang Chen <hgchen@google.com> | 2022-12-07 05:04:42 -0800 |
| commit | a536af66caa649891323a958349fad739353666d (patch) | |
| tree | 6a69bf91ea435b5d27c0fb641fc1faa7d3cbef3c | |
| parent | 83a601c0d9ffad0049a354c2c1bb2e9ca0ab6953 (diff) | |
| download | arm64-android-arm64-deadpool-4.9-android13-tv.tar.gz | |
UPSTREAM: security: selinux: allow per-file labeling for bpffsandroid-tv-13.0.0_r0.6android-arm64-deadpool-4.9-android13-tv
Add support for genfscon per-file labeling of bpffs files. This allows
for separate permissions for different pinned bpf objects, which may
be completely unrelated to each other.
Signed-off-by: Connor O'Brien <connoro@google.com>
Signed-off-by: Steven Moreland <smoreland@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
(cherry picked from commit 4ca54d3d3022ce27170b50e4bdecc3a42f05dbdc)
[which is v5.6-rc1-10-g4ca54d3d3022 and thus already included in 5.10]
Bug: 200440527
Change-Id: I8234b9047f29981b8140bd81bb2ff070b3b0b843
(cherry picked from commit d52ac987ad2ae16ff313d7fb6185bc412cb221a4)
| -rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e231b9fd78e2..7344f9c5f7ce 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -823,7 +823,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (!strcmp(sb->s_type->name, "debugfs") || !strcmp(sb->s_type->name, "tracefs") || !strcmp(sb->s_type->name, "sysfs") || - !strcmp(sb->s_type->name, "pstore")) + !strcmp(sb->s_type->name, "pstore") || + !strcmp(sb->s_type->name, "bpf")) sbsec->flags |= SE_SBGENFS; if (!sbsec->behavior) { |