flask: add new kernel security classes

Add new kernel security classes mctp_socket, anon_inode and io_uring. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-03-22 17:53:16 +01:00 · 2022-03-22 17:53:16 +01:00 · 9193208a43
commit 9193208a43
parent 60accdffd9
2 changed files with 19 additions and 2 deletions
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@ -1045,6 +1045,9 @@ class bpf
 class xdp_socket
 inherits socket
 class mctp_socket
 inherits socket
 class perf_event
 {
 	open
@ -1057,6 +1060,15 @@ class perf_event
 class lockdown
 {
-    integrity
+	integrity
-    confidentiality
+	confidentiality
 }
 class anon_inode
 inherits file
 class io_uring
 {
 	override_creds
 	sqpoll
 }
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@ -193,9 +193,14 @@ class process2
 class bpf
 class xdp_socket
 class mctp_socket
 class perf_event
 class lockdown
 class anon_inode
 class io_uring
 # FLASK