2022-04-04 21:48:14 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
|
|
Date: Thu, 18 Jul 2019 21:21:40 -0400
|
|
|
|
Subject: [PATCH] label protected_{fifos,regular} as proc_security
|
|
|
|
|
|
|
|
This is needed for init to override the default values.
|
|
|
|
|
|
|
|
Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
|
2022-05-14 21:05:54 -04:00
|
|
|
[tad@spotco.us]: added to older targets to match
|
|
|
|
|
|
|
|
Change-Id: I19be49956510d3e74f96b837ce7e8d33cff650c1
|
2022-04-04 21:48:14 -04:00
|
|
|
---
|
2022-05-14 21:05:54 -04:00
|
|
|
prebuilts/api/26.0/private/genfs_contexts | 2 ++
|
|
|
|
prebuilts/api/27.0/private/genfs_contexts | 2 ++
|
|
|
|
prebuilts/api/28.0/private/genfs_contexts | 2 ++
|
|
|
|
prebuilts/api/29.0/private/genfs_contexts | 2 ++
|
|
|
|
prebuilts/api/30.0/private/genfs_contexts | 2 ++
|
|
|
|
prebuilts/api/31.0/private/genfs_contexts | 2 ++
|
2022-04-04 21:48:14 -04:00
|
|
|
prebuilts/api/32.0/private/genfs_contexts | 2 ++
|
|
|
|
private/genfs_contexts | 2 ++
|
2022-05-14 21:05:54 -04:00
|
|
|
8 files changed, 16 insertions(+)
|
2022-04-04 21:48:14 -04:00
|
|
|
|
2022-05-14 21:05:54 -04:00
|
|
|
diff --git a/prebuilts/api/26.0/private/genfs_contexts b/prebuilts/api/26.0/private/genfs_contexts
|
|
|
|
index a2d9b892f..65e05f77a 100644
|
|
|
|
--- a/prebuilts/api/26.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/26.0/private/genfs_contexts
|
|
|
|
@@ -14,8 +14,10 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
|
|
|
genfscon proc /softirqs u:object_r:proc_timer:s0
|
|
|
|
genfscon proc /stat u:object_r:proc_stat:s0
|
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
|
|
|
diff --git a/prebuilts/api/27.0/private/genfs_contexts b/prebuilts/api/27.0/private/genfs_contexts
|
|
|
|
index e77a39b92..bcd1b1b1e 100644
|
|
|
|
--- a/prebuilts/api/27.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/27.0/private/genfs_contexts
|
|
|
|
@@ -14,8 +14,10 @@ genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
|
|
|
genfscon proc /softirqs u:object_r:proc_timer:s0
|
|
|
|
genfscon proc /stat u:object_r:proc_stat:s0
|
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
|
|
|
|
diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
|
|
|
|
index 7e2ea5092..6696dfe0e 100644
|
|
|
|
--- a/prebuilts/api/28.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/28.0/private/genfs_contexts
|
|
|
|
@@ -27,8 +27,10 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
|
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
|
|
|
|
diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts
|
|
|
|
index 380d4a050..7601aa01c 100644
|
|
|
|
--- a/prebuilts/api/29.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/29.0/private/genfs_contexts
|
|
|
|
@@ -34,8 +34,10 @@ genfscon proc /swaps u:object_r:proc_swaps:s0
|
|
|
|
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts
|
|
|
|
index 89232bc01..6a206bb64 100644
|
|
|
|
--- a/prebuilts/api/30.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/30.0/private/genfs_contexts
|
|
|
|
@@ -36,8 +36,10 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
|
|
|
diff --git a/prebuilts/api/31.0/private/genfs_contexts b/prebuilts/api/31.0/private/genfs_contexts
|
|
|
|
index 13bfb46e1..72c9a94aa 100644
|
|
|
|
--- a/prebuilts/api/31.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/31.0/private/genfs_contexts
|
|
|
|
@@ -39,8 +39,10 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|
|
|
|
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
|
2022-04-04 21:48:14 -04:00
|
|
|
diff --git a/prebuilts/api/32.0/private/genfs_contexts b/prebuilts/api/32.0/private/genfs_contexts
|
|
|
|
index 13bfb46e1..30f3496e6 100644
|
|
|
|
--- a/prebuilts/api/32.0/private/genfs_contexts
|
|
|
|
+++ b/prebuilts/api/32.0/private/genfs_contexts
|
|
|
|
@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|
|
|
|
diff --git a/private/genfs_contexts b/private/genfs_contexts
|
|
|
|
index 13bfb46e1..30f3496e6 100644
|
|
|
|
--- a/private/genfs_contexts
|
|
|
|
+++ b/private/genfs_contexts
|
|
|
|
@@ -39,7 +39,9 @@ genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
|
|
|
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
|
|
|
genfscon proc /sys/abi/swp u:object_r:proc_abi:s0
|
|
|
|
genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0
|
|
|
|
+genfscon proc /sys/fs/protected_fifos u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
|
|
|
|
+genfscon proc /sys/fs/protected_regular u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
|
|
|
|
genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
|