update sepolicy for fs notification hooks
Update access_vectors and global_macros to account for the changes in
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ac5656d8a4cdd93cd2c74355ed12e5617817e0e7
This change is needed to allow Android to boot on linux-next
Test: compiles
Change-Id: I35c59fc50fa9c94ab94399ce74d637e49d38129d
diff --git a/private/access_vectors b/private/access_vectors
index b77dcc1..275b9af 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -153,6 +153,7 @@
associate
quotamod
quotaget
+ watch
}
class dir
@@ -166,6 +167,11 @@
open
audit_access
execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class file
@@ -176,6 +182,11 @@
execmod
open
audit_access
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class lnk_file
@@ -184,6 +195,11 @@
open
audit_access
execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class chr_file
@@ -194,6 +210,11 @@
execmod
open
audit_access
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class blk_file
@@ -202,6 +223,11 @@
open
audit_access
execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class sock_file
@@ -210,6 +236,11 @@
open
audit_access
execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class fifo_file
@@ -218,6 +249,11 @@
open
audit_access
execmod
+ watch
+ watch_mount
+ watch_sb
+ watch_with_perm
+ watch_reads
}
class fd
diff --git a/public/global_macros b/public/global_macros
index 1a1d593..ed04ddb 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -22,7 +22,7 @@
# Common groupings of permissions.
#
define(`x_file_perms', `{ getattr execute execute_no_trans map }')
-define(`r_file_perms', `{ getattr open read ioctl lock map }')
+define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_mount watch_sb watch_with_perm watch_reads }')
define(`w_file_perms', `{ open append write lock map }')
define(`rx_file_perms', `{ r_file_perms x_file_perms }')
define(`ra_file_perms', `{ r_file_perms append }')
@@ -30,7 +30,7 @@
define(`rwx_file_perms', `{ rw_file_perms x_file_perms }')
define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }')
-define(`r_dir_perms', `{ open getattr read search ioctl lock }')
+define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }')
define(`w_dir_perms', `{ open search write add_name remove_name lock }')
define(`ra_dir_perms', `{ r_dir_perms add_name write }')
define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }')