sepolicy: Define validate_trans permission
Kernel commit f9df6458218f4fe ("selinux: export validatetrans
decisions") introduced a /sys/fs/selinux/validatetrans pseudo file
for use by userspace file system servers and defined a new validatetrans
permission to control its use.
Define the new permission in the Android SELinux policy.
This change only defines the new permission; it does not allow it
to any domains by default.
This avoids a kernel message warning about the undefined permission on
the policy load, ala:
SELinux: Permission validate_trans in class security not defined in policy.
Test: Policy builds
Change-Id: Ib922a83b7d8f94905207663a72f7a1bc3db8d2c2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
Nick Kralevich
parent
770214abda
commit
509923116f
@ -369,6 +369,7 @@ class security
|
||||
setsecparam
|
||||
setcheckreqprot
|
||||
read_policy
|
||||
validate_trans
|
||||
}
|
||||
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user