Changes for May 2024

patches_treble/system_sepolicy/0001-Fix-sepolicy-for-kernel-5.10-that-doesn-t-support-bp.patch

@@ -0,0 +1,31 @@
+From a56636e9543054107dfcfc9f77533fc05df053c6 Mon Sep 17 00:00:00 2001
+From: danielzhang130 <37479705+danielzhang130@users.noreply.github.com>
+Date: Fri, 12 Apr 2024 13:01:08 -0400
+Subject: [PATCH] Fix sepolicy for kernel < 5.10 that doesn't support bpf file
+ context (#1)
+
+Change-Id: I877bd90b1dc74c9d2f7713c70fd9aebd92331085
+
+Signed-off-by: Daniel Zhang <danielzhang130@gmail.com>
+---
+ private/network_stack.te | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/private/network_stack.te b/private/network_stack.te
+index 7587c1f46..9e6bd4b12 100644
+--- a/private/network_stack.te
++++ b/private/network_stack.te
+@@ -61,8 +61,8 @@ hal_client_domain(network_stack, hal_tetheroffload)
+ allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl;
+ allow network_stack network_stack_service:service_manager find;
+ # allow Tethering(network_stack process) to run/update/read the eBPF maps to offload tethering traffic by eBPF.
+-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
+-allow network_stack { fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
++allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:dir search;
++allow network_stack { fs_bpf fs_bpf_net_private fs_bpf_net_shared fs_bpf_netd_readonly fs_bpf_netd_shared fs_bpf_tethering }:file { getattr read write };
+ allow network_stack bpfloader:bpf { map_read map_write prog_run };
+ # allow Tethering(network_stack process) to read flag value in tethering_u_or_later_native namespace
+ get_prop(network_stack, device_config_tethering_u_or_later_native_prop)
+-- 
+2.34.1
+