android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1a8360450f
android_kernel_xiaomi_sm8450/security
History
Bram Bonné 9d55580966 ANDROID: selinux: modify RTM_GETNEIGH{TBL} 
Map the permission gating RTM_GETNEIGH/RTM_GETNEIGHTBL messages to a
new permission so that it can be distinguished from the other netlink
route permissions in selinux policy. The new permission is triggered by
a flag set in system images T and up.

This change is intended to be backported to all kernels that a T system
image can run on top of.

Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: On Cuttlefish, run combinations of:
    - Policy bit set or omitted (see https://r.android.com/1701847)
    - This patch applied or omitted
    - App having nlmsg_readneigh permission or not
  Verify that only the combination of this patch + the policy bit being
  set + the app not having the nlmsg_readneigh permission prevents the
  app from sending RTM_GETNEIGH messages.

Change-Id: I4bcfce4decb34ea9388eeedfc4be67403de8a980
Signed-off-by: Bram Bonné <brambonne@google.com>
(cherry picked from commit fac07550bdac9adea0dbe3edbdbec7a9a690a178)
2021-06-23 14:06:26 +00:00
..
apparmor treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bpf bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
integrity Merge 5.10.37 into android12-5.10 2021-05-15 09:28:55 +02:00
keys KEYS: trusted: Fix memory leak on object td 2021-05-19 10:12:50 +02:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge 039aeb9deb ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm") into android-mainline 2020-06-20 09:49:29 +02:00
safesetid LSM: SafeSetID: Fix warnings reported by test bot 2020-10-13 09:17:36 -07:00
selinux ANDROID: selinux: modify RTM_GETNEIGH{TBL} 2021-06-23 14:06:26 +00:00
smack This is the 5.10.21 stable release 2021-03-07 12:53:30 +01:00
tomoyo tomoyo: recognize kernel threads correctly 2021-03-09 11:11:15 +01:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c Merge 5.10.36 into android12-5.10 2021-05-13 14:22:11 +02:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Revert "ANDROID: vfs: Add permission2 for filesystems with per mount permissions" 2020-05-29 08:49:28 +02:00
Kconfig Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
Kconfig.hardening BACKPORT: kasan: remove redundant config option 2021-03-24 15:09:15 -07:00
lsm_audit.c This is the 5.10.9 stable release 2021-01-19 18:49:54 +01:00
Makefile device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c UPSTREAM: security: add inode_init_security_anon() LSM hook 2021-02-05 11:03:49 +00:00