UPSTREAM: security: selinux: allow per-file labeling for bpffs

Add support for genfscon per-file labeling of bpffs files. This allows for separate permissions for different pinned bpf objects, which may be completely unrelated to each other. Signed-off-by: Connor O'Brien <connoro@google.com> Signed-off-by: Steven Moreland <smoreland@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit 4ca54d3d3022ce27170b50e4bdecc3a42f05dbdc) [which is v5.6-rc1-10-g4ca54d3d3022 and thus already included in 5.10] Bug: 200440527 Change-Id: I8234b9047f29981b8140bd81bb2ff070b3b0b843 (cherry picked from commit d52ac987ad2ae16ff313d7fb6185bc412cb221a4)
author: Connor O'Brien <connoro@google.com> 2020-02-07 10:01:49 -0800
committer: Michael Bestas <mkbestas@lineageos.org> 2022-04-19 00:52:31 +0300
commit: c74db0a426c523f200d14db61bcd9235ad2aefa0 (patch)
tree: fd5261638c1121f9c9dd3bd01823a55713a11593
parent: 8e649e0021176070155b2779459e87f4cad9d550 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 617ad3d897de..b967dcadcb4d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -822,7 +822,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 	if (!strcmp(sb->s_type->name, "debugfs") ||
 	    !strcmp(sb->s_type->name, "tracefs") ||
 	    !strcmp(sb->s_type->name, "sysfs") ||
-	    !strcmp(sb->s_type->name, "pstore"))
+	    !strcmp(sb->s_type->name, "pstore") ||
+	    !strcmp(sb->s_type->name, "bpf"))
 		sbsec->flags |= SE_SBGENFS;
 
 	if (!sbsec->behavior) {
author	Connor O'Brien <connoro@google.com>	2020-02-07 10:01:49 -0800
committer	Michael Bestas <mkbestas@lineageos.org>	2022-04-19 00:52:31 +0300
commit	c74db0a426c523f200d14db61bcd9235ad2aefa0 (patch)
tree	fd5261638c1121f9c9dd3bd01823a55713a11593
parent	8e649e0021176070155b2779459e87f4cad9d550 (diff)