diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-05 08:15:34 -0500 |
|---|---|---|
| committer | Arve Hjønnevåg <arve@android.com> | 2013-07-01 14:16:21 -0700 |
| commit | 6e6d8f546c36b161067efa5e0518f56be0200e77 (patch) | |
| tree | 57f04a1e6d75c366e10e69df18e2dae091ca7954 /security/selinux/include | |
| parent | 3c7eb15c1ce0f0e22de5034bafc104e362fc33ef (diff) | |
Add security hooks to binder and implement the hooks for SELinux.
Add security hooks to the binder and implement the hooks for SELinux.
The security hooks enable security modules such as SELinux to implement
controls over binder IPC. The security hooks include support for
controlling what process can become the binder context manager
(binder_set_context_mgr), controlling the ability of a process
to invoke a binder transaction/IPC to another process (binder_transaction),
controlling the ability a process to transfer a binder reference to
another process (binder_transfer_binder), and controlling the ability
of a process to transfer an open file to another process (binder_transfer_file).
This support is used by SE Android, http://selinuxproject.org/page/SEAndroid.
Change-Id: I9a64a87825df2e60b9c51400377af4a9cd1c4049
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/classmap.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 14d04e63b1f..c32ff7bde81 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -151,5 +151,6 @@ struct security_class_mapping secclass_map[] = { { "kernel_service", { "use_as_override", "create_files_as", NULL } }, { "tun_socket", { COMMON_SOCK_PERMS, "attach_queue", NULL } }, + { "binder", { "impersonate", "call", "set_context_mgr", "transfer", NULL } }, { NULL } }; |