[PATCH v17 1/3] lsm, selinux: Add setup_report permission to binder
Paul Moore
paul at paul-moore.com
Tue May 20 21:15:59 UTC 2025
On Apr 16, 2025 Li Li <dualli at chromium.org> wrote:
>
> Introduce a new permission "setup_report" to the "binder" class.
> This persmission controls the ability to set up the binder generic
> netlink driver to report certain binder transactions.
>
> Signed-off-by: Thiébaud Weksteen <tweek at google.com>
> Signed-off-by: Li Li <dualli at google.com>
> ---
> include/linux/lsm_hook_defs.h | 1 +
> include/linux/security.h | 6 ++++++
> security/security.c | 13 +++++++++++++
> security/selinux/hooks.c | 7 +++++++
> security/selinux/include/classmap.h | 3 ++-
> 5 files changed, 29 insertions(+), 1 deletion(-)
When possible, it is helpful to include at least one caller in the patch
which adds a new LSM hook as it helps put the hook in context. With that
in mind, I think it would be best to reorder this patchset so that patch
2/3 comes first and this patch comes second, with this patch including
the change to binder_nl_report_setup_doit() which adds the call to the
new LSM hook.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list