Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21739662ybl; Mon, 6 Jan 2020 10:14:31 -0800 (PST) X-Google-Smtp-Source: APXvYqxDC0u0rrU/cVp/MVSLJgA9TrUUjVHtZHJakoSmEIUEcf8oJYs3Kry+PWD78KzuMOIue11S X-Received: by 2002:a9d:600e:: with SMTP id h14mr113512703otj.113.1578334471353; Mon, 06 Jan 2020 10:14:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578334471; cv=none; d=google.com; s=arc-20160816; b=PLG4xw3ZNLSRyKuDQQcVcro6GMu7j47lLDEdgcmtJC+eoNzmTfyA1v9gbk4nV0tfFV GfEb4MEdDbeS27s4bH7Bb6NOOuoHVUymHec9HWTEUtFsBO2CgsfJKk0SA0Qjezy2vUC0 x8KNzt+MfvoFcXjrhWZZ++VqNiULpigxLGa5gosLzN3CqaIeLJzV3C3hCY7OJVVxnKLc 8SNq4ultgRZGu1rpH/PWoCJw++omuSh3bNcGGc4z+h1ih6mryPPMu62SJCTXSXtRInrc xReRGNo1N5B1Lav7F+uSaNej/X3qJz6x5klIIO3hRKMDtn0CXBwTtn3MJsr8Ug1Dm6Zn AOuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=UEDzAmAV9WaLeo9yTDqPSpBCyPNP5d0qczx1NnXY4co=; b=m5/cZqCgjY9Yi2o/U0dflWKYj0Y1DrfKDrs4yfOmxOg71fTzVMHXMVnigHFBlIR7ld ZjFI/wxD56nHXiXxEyLQ8KCHFWJ5raB7urMrt3sLokFKPfwg3quxOgbL+A2Nh4cTPDoR ZHrG+cgA1ITjx+DbwabuFYMrgnY5z1F+unvOOHLnry7X6toxazliAdik+UGmSmcS5b4l vZJL4dfl8WgVFfItPnuBJy6RM6fpHn14CHUwXjC3cbQZ4gG4zlLbynAn2mWpYBFr2g6m AoqhbeKLAMjM4Edyr4jVBQNyD9kyatmJTPFXQNlRzrpr+PCEtr9wfVfsOM017aLYNrYw xigA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=mP7El5Q4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j9si34960344otn.294.2020.01.06.10.14.18; Mon, 06 Jan 2020 10:14:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=mP7El5Q4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726723AbgAFSNe (ORCPT + 99 others); Mon, 6 Jan 2020 13:13:34 -0500 Received: from mail-pf1-f201.google.com ([209.85.210.201]:40037 "EHLO mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726536AbgAFSNe (ORCPT ); Mon, 6 Jan 2020 13:13:34 -0500 Received: by mail-pf1-f201.google.com with SMTP id d127so28304164pfa.7 for ; Mon, 06 Jan 2020 10:13:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=UEDzAmAV9WaLeo9yTDqPSpBCyPNP5d0qczx1NnXY4co=; b=mP7El5Q4TtrIfgk9TDJS14F2Eu9vFw0ZDs7c8H76nJtmFN5yjRrLSDguZ60lYkNcDM Bkt+gDdPDI5ehXsqcQw3LrmnwYmgN8yKSw+0Q1Rk9nr5Adh1EDI01FsSsxoig0GiXpd7 IT8yO+IXVVRGuEOamw+VDExxiunDcKNuGPzJEzvkJPSNNWFKizAqD59OhtgfAIHOknXs o7ECUMXlpuRUOt1QW5FmLC3hTyDp7kt7Rt9cYyYBnb6d0EWemY0pMCZPgYMGEN44sHj3 laVOuHXIuo2vbzwWcAkWnfkYmATCv3yyXYVI8kdwoRwBkgr9teI/QL34W2lxjY4j2VZ7 DYNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=UEDzAmAV9WaLeo9yTDqPSpBCyPNP5d0qczx1NnXY4co=; b=FKx1YEyujYz+43Eot+N1SEs6plKgvWtGSbJodpEbpRboZroNzAl7Gtm6eBbOSjDXOA 0JkC/BAwYFGmwvKrx9athXQ3AnJRHwfFwvRWdN8bcclGJTWPOmXRLbiLRpkDx3f7N6w+ M04vFvcexKaUfl02Ag14oW7eh/+BKCAVaXkfUXUXxNm3eChd8bO8yDPc3mfCeWdXFgSh Ipm1qMIradXfQmUon/YQGUYjF0j7eDCEU17FT/0e7r3bqjKPa9fN/4LEQxkYXB+2j0Lg Y6SPG7CE6nBGRGPYjzR9Qmv/tOVz8CkZVHf4AjR71fNzGfsHIpUa2iAJ3Hwg9aol2EB4 YpfQ== X-Gm-Message-State: APjAAAXz+zVLxgLrMtM+mDaI1uoXKGBjFNrw/4xzYTy8YZEZN/b3Ov/n iqx3pluGdGy9J/8klbEjvycuia9xoQs= X-Received: by 2002:a65:6842:: with SMTP id q2mr115275661pgt.345.1578334413511; Mon, 06 Jan 2020 10:13:33 -0800 (PST) Date: Mon, 6 Jan 2020 10:13:29 -0800 Message-Id: <20200106181329.167322-1-hridya@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.24.1.735.g03f4e72817-goog Subject: [PATCH] security: selinux: allow per-file labelling for binderfs From: Hridya Valsaraju To: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org, linux-kernel@vger.kernel.org Cc: kernel-team@android.com, Hridya Valsaraju , Jeff Vander Stoep , Mark Salyzyn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch allows genfscon per-file labeling for binderfs. This is required to have separate permissions to allow access to binder, hwbinder and vndbinder devices which are relocating to binderfs. Acked-by: Jeff Vander Stoep Acked-by: Mark Salyzyn Signed-off-by: Hridya Valsaraju --- security/selinux/hooks.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 116b4d644f68..3f0669a708e9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -752,6 +752,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (!strcmp(sb->s_type->name, "debugfs") || !strcmp(sb->s_type->name, "tracefs") || + !strcmp(sb->s_type->name, "binderfs") || !strcmp(sb->s_type->name, "pstore")) sbsec->flags |= SE_SBGENFS; -- 2.24.1.735.g03f4e72817-goog