ANDROID: selinux: modify RTM_GETNEIGH [1/1]
PD#SWPL-71742
Bug:
171572148
Problem:
Map the permission gating RTM_GETNEIGH/RTM_GETNEIGHTBL messages to a
new permission so that it can be distinguished from the other netlink
route permissions in selinux policy. The new permission is triggered by
a flag set in system images T and up.
Solution:
This change is intended to be backported to all kernels that a T system
image can run on top of.
Verify:
on adt3-t kernel
Test: ateddst NetworkInterfaceTest
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted (see https://r.android.com/
1701847)
- This patch applied or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of this patch + the policy bit being
set + the app not having the nlmsg_readneigh permission prevents the
app from sending RTM_GETNEIGH messages.
Change-Id: I4bcfce4decb34ea9388eeedfc4be67403de8a980
Signed-off-by: Bram Bonné <brambonne@google.com>
Signed-off-by: pengzhao.liu <pengzhao.liu@amlogic.com>
Change-Id: Ic9d51cebab8c195537d54a28a23a7e93f09ba0b3
projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commit