Something went wrong on our end
Select Git revision
access_vectors
-
Nick Kralevich authoredDescription stolen from https://github.com/torvalds/linux/commit/42a9699a9fa179c0054ea3cf5ad3cc67104a6162 Remove unused permission definitions from SELinux. Many of these were only ever used in pre-mainline versions of SELinux, prior to Linux 2.6.0. Some of them were used in the legacy network or compat_net=1 checks that were disabled by default in Linux 2.6.18 and fully removed in Linux 2.6.30. Permissions never used in mainline Linux: file swapon filesystem transition tcp_socket { connectto newconn acceptfrom } node enforce_dest unix_stream_socket { newconn acceptfrom } Legacy network checks, removed in 2.6.30: socket { recv_msg send_msg } node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } Test: policy compiles and no boot errors (marlin) Change-Id: Idaef2567666f80db39c3e3cee70e760e1dac73ec
Nick Kralevich authoredDescription stolen from https://github.com/torvalds/linux/commit/42a9699a9fa179c0054ea3cf5ad3cc67104a6162 Remove unused permission definitions from SELinux. Many of these were only ever used in pre-mainline versions of SELinux, prior to Linux 2.6.0. Some of them were used in the legacy network or compat_net=1 checks that were disabled by default in Linux 2.6.18 and fully removed in Linux 2.6.30. Permissions never used in mainline Linux: file swapon filesystem transition tcp_socket { connectto newconn acceptfrom } node enforce_dest unix_stream_socket { newconn acceptfrom } Legacy network checks, removed in 2.6.30: socket { recv_msg send_msg } node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send } Test: policy compiles and no boot errors (marlin) Change-Id: Idaef2567666f80db39c3e3cee70e760e1dac73ec