Google Git
Sign in
fuchsia/integration/488fd03c3012b07357e0954019a5da0d535774eb
commit
488fd03c3012b07357e0954019a5da0d535774eb
[log]
author
Wez <wez@fuchsia.infra.roller.google.com>
Thu Apr 03 08:09:39 2025 -0700
committer
Copybara-Service <copybara-worker@google.com>
Thu Apr 03 08:12:59 2025 -0700
tree
8d5096d2e967b2af8eb1394f7ce595a13d48581a
parent
e8b098663929e2909f038ac835d99f145fc4b95d [diff]
[roll] Roll fuchsia [sestarnix] Validate BPF resource access in file_receive hook

When a program receives BPF resources in a message, access to the
underlying resources must be access-checked, rather than checking
access to the FsNode associated with the file descriptors.

Since BPF FsNode labels are seemingly unused, migrate BPF to use
"private" anonymous nodes.

Original-Bug: 398654362, 406437558
Original-Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1243044
Original-Revision: e10ee533c1e7281d1b1efa95eb865da79d3f1eaa
GitOrigin-RevId: ef419c66d17a5454ecc3ed9cd423f40b0e47d4be
Change-Id: I2c0cfe5b9102fb3c5f6814f68f27cfce7bd8ee8f
1 file changed
tree: 8d5096d2e967b2af8eb1394f7ce595a13d48581a
  1. ctf/
  2. git-hooks/
  3. infra/
  4. third_party/
  5. cts
  6. firmware
  7. flower
  8. jiri.lock
  9. MILESTONE
  10. minimal
  11. prebuilts
  12. README.md
  13. stem
  14. test_durations
  15. toolchain
README.md

Integration

This repository contains Fuchsia's Global Integration manifest files.

Making changes

All changes should be made to the internal version of this repository. Our infrastructure automatically updates this version when the internal one changes.

Currently all changes must be made by a Google employee. Non-Google employees wishing to make a change can ask for assistance in one of the communication channels documented at get involved.

Obtaining the source

First install Jiri.

Next run:

$ jiri init
$ jiri import minimal https://fuchsia.googlesource.com/integration
$ jiri update

Third party

Third party projects should have their own subdirectory in ./third_party.