kernel: selinux support add new type and add builtin unconstrained file type

2023-01-24 19:48:41 +07:00
parent fbd7d0f90d
commit e5044b4b6f
2 changed files with 155 additions and 44 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -11,6 +11,7 @@
 #endif

 #define KERNEL_SU_DOMAIN "su"
+#define KERNEL_SU_FILE "ksu_file"
 #define ALL NULL

 void apply_kernelsu_rules()
@@ -36,6 +37,11 @@ void apply_kernelsu_rules()
 	ksu_typeattribute(db, KERNEL_SU_DOMAIN, "netdomain");
 	ksu_typeattribute(db, KERNEL_SU_DOMAIN, "bluetoothdomain");

+    // Create unconstrained file type
+    ksu_type(db, KERNEL_SU_FILE, "file_type");
+    ksu_typeattribute(db, KERNEL_SU_FILE, "mlstrustedobject");
+    ksu_allow(db, ALL, KERNEL_SU_FILE, ALL, ALL);
+
 	// allow all!
 	ksu_allow(db, KERNEL_SU_DOMAIN, ALL, ALL, ALL);