On Mon, Jan 6, 2020 at 11:33 AM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 1/6/20 2:06 PM, Hridya Valsaraju wrote: > > On Mon, Jan 6, 2020 at 10:33 AM 'Stephen Smalley' via kernel-team > > <kernel-team@xxxxxxxxxxx> wrote: > >> > >> On 1/6/20 1:13 PM, Hridya Valsaraju wrote: > >>> This patch allows genfscon per-file labeling for binderfs. > >>> This is required to have separate permissions to allow > >>> access to binder, hwbinder and vndbinder devices which are > >>> relocating to binderfs. > >>> > >>> Acked-by: Jeff Vander Stoep <jeffv@xxxxxxxxxx> > >>> Acked-by: Mark Salyzyn <salyzyn@xxxxxxxxxxx> > >>> Signed-off-by: Hridya Valsaraju <hridya@xxxxxxxxxx> > >> > >> Do you want binderfs to also support userspace labeling of files via > >> setxattr()? If so, you'll want to also add it to > >> selinux_is_genfs_special_handling() as well. > > > > Thank you for the quick response Stephen :) I cannot think of a > > use-case for the userspace labelling of files in binderfs via > > setxattr() as of now. I > > will make the change if one comes up! > > Ok, then you can include my: > Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx> Great! Thank you for reviewing my patch Stephen! Regards, Hridya > > > > > Thanks, > > Hridya > > > > > >> > >>> --- > >>> security/selinux/hooks.c | 1 + > >>> 1 file changed, 1 insertion(+) > >>> > >>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >>> index 116b4d644f68..3f0669a708e9 100644 > >>> --- a/security/selinux/hooks.c > >>> +++ b/security/selinux/hooks.c > >>> @@ -752,6 +752,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, > >>> > >>> if (!strcmp(sb->s_type->name, "debugfs") || > >>> !strcmp(sb->s_type->name, "tracefs") || > >>> + !strcmp(sb->s_type->name, "binderfs") || > >>> !strcmp(sb->s_type->name, "pstore")) > >>> sbsec->flags |= SE_SBGENFS; > >>> > >>> > >> > >> -- > >> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@xxxxxxxxxxx. > >> >
