From: Hridya Valsaraju <hridya@google.com>
Date: Mon, 6 Jan 2020 18:13:29 +0000 (-0800)
Subject: selinux: allow per-file labelling for binderfs
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=7a4b51947475a7f67e2bd06c4a4c768e2e64a975;p=linux.git

selinux: allow per-file labelling for binderfs

This patch allows genfscon per-file labeling for binderfs.
This is required to have separate permissions to allow
access to binder, hwbinder and vndbinder devices which are
relocating to binderfs.

Acked-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Mark Salyzyn <salyzyn@android.com>
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 659c4a81e8976..63a6e36abe9ff 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -752,6 +752,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 
 	if (!strcmp(sb->s_type->name, "debugfs") ||
 	    !strcmp(sb->s_type->name, "tracefs") ||
+	    !strcmp(sb->s_type->name, "binderfs") ||
 	    !strcmp(sb->s_type->name, "pstore"))
 		sbsec->flags |= SE_SBGENFS;