-
Stephen Smalley authoredLinux kernel commit da69a5306ab9 ("selinux: support distinctions among all network address families") triggers a build error if a new address family is added without defining a corresponding SELinux security class. As a result, the smc_socket class was added to the kernel to resolve a build failure as part of merge commit 3051bf36c25d that introduced AF_SMC circa Linux 4.11. Define this security class and its access vector, add it to the socket_class_set macro, and exclude it from webview_zygote like other socket classes. Test: Policy builds Change-Id: Idbb8139bb09c6d1c47f1a76bd10f4ce1e9d939cb Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredLinux kernel commit da69a5306ab9 ("selinux: support distinctions among all network address families") triggers a build error if a new address family is added without defining a corresponding SELinux security class. As a result, the smc_socket class was added to the kernel to resolve a build failure as part of merge commit 3051bf36c25d that introduced AF_SMC circa Linux 4.11. Define this security class and its access vector, add it to the socket_class_set macro, and exclude it from webview_zygote like other socket classes. Test: Policy builds Change-Id: Idbb8139bb09c6d1c47f1a76bd10f4ce1e9d939cb Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>