moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: Revert "security,lockdown,selinux: implement SELinux lockdown"

Browse Source 
This reverts commit f1ee68a8f6.

Reason for revert:
The change being reverted adds a new "lockdown" audit class. Support
for this new class needs to be added to Android and the processes
which need to be part of this class have to be annotated. While support
for this class has not yet been added to Android, this lockdown class
will be removed.

Tracefs usage by Android triggers a violation with respect to this new
audit class which prompted the need for this patch.

Bug: 148822198
Change-Id: Ie06f4be699234fb671ec4bcfe11962b2055a0c60
Signed-off-by: Ram Muthiah <rammuthiah@google.com>
This commit is contained in:
Ram Muthiah
2020-12-28 23:38:28 -08:00
parent 4a559bce32
commit 4162f006bd
6 changed files with 27 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/security.h
View File

@@ -131,8 +131,6 @@ enum lockdown_reason {
LOCKDOWN_CONFIDENTIALITY_MAX,
};
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);