Skip to content
Snippets Groups Projects
Commit 50992311 authored by Stephen Smalley's avatar Stephen Smalley Committed by Nick Kralevich
Browse files

sepolicy: Define validate_trans permission 


Kernel commit f9df6458218f4fe ("selinux: export validatetrans
decisions") introduced a /sys/fs/selinux/validatetrans pseudo file
for use by userspace file system servers and defined a new validatetrans
permission to control its use.

Define the new permission in the Android SELinux policy.
This change only defines the new permission; it does not allow it
to any domains by default.

This avoids a kernel message warning about the undefined permission on
the policy load, ala:
SELinux:  Permission validate_trans in class security not defined in policy.

Test: Policy builds

Change-Id: Ib922a83b7d8f94905207663a72f7a1bc3db8d2c2
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 770214ab
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
private/access_vectors
+ 1
0
View file @ 50992311
...@@ -369,6 +369,7 @@ class security ...@@ -369,6 +369,7 @@ class security
setsecparam setsecparam
setcheckreqprot setcheckreqprot
read_policy read_policy
validate_trans
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment