aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/include/av_inherit.h1
-rw-r--r--security/selinux/include/av_perm_to_string.h4
-rw-r--r--security/selinux/include/av_permissions.h28
-rw-r--r--security/selinux/include/class_to_string.h2
-rw-r--r--security/selinux/include/flask.h2
6 files changed, 39 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8a2cc75b394..2ae7d3cb8df 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -672,6 +672,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
672 return SECCLASS_NETLINK_IP6FW_SOCKET; 672 return SECCLASS_NETLINK_IP6FW_SOCKET;
673 case NETLINK_DNRTMSG: 673 case NETLINK_DNRTMSG:
674 return SECCLASS_NETLINK_DNRT_SOCKET; 674 return SECCLASS_NETLINK_DNRT_SOCKET;
675 case NETLINK_KOBJECT_UEVENT:
676 return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
675 default: 677 default:
676 return SECCLASS_NETLINK_SOCKET; 678 return SECCLASS_NETLINK_SOCKET;
677 } 679 }
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
index 9facb27822a..b0e6b12931c 100644
--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
@@ -28,3 +28,4 @@
28 S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) 28 S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
29 S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) 29 S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
30 S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) 30 S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
31 S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 903e8b3cc2e..eb340b45bc6 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -118,6 +118,8 @@
118 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") 118 S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
119 S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") 119 S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
120 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") 120 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
121 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
122 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
121 S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") 123 S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
122 S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") 124 S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
123 S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") 125 S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
@@ -230,3 +232,5 @@
230 S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") 232 S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
231 S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") 233 S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
232 S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") 234 S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
235 S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
236 S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index b0a12ac8f7e..f9de0f96655 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -559,6 +559,8 @@
559#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL 559#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
560#define CAPABILITY__MKNOD 0x08000000UL 560#define CAPABILITY__MKNOD 0x08000000UL
561#define CAPABILITY__LEASE 0x10000000UL 561#define CAPABILITY__LEASE 0x10000000UL
562#define CAPABILITY__AUDIT_WRITE 0x20000000UL
563#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
562 564
563#define PASSWD__PASSWD 0x00000001UL 565#define PASSWD__PASSWD 0x00000001UL
564#define PASSWD__CHFN 0x00000002UL 566#define PASSWD__CHFN 0x00000002UL
@@ -900,3 +902,29 @@
900#define NSCD__SHMEMGRP 0x00000040UL 902#define NSCD__SHMEMGRP 0x00000040UL
901#define NSCD__SHMEMHOST 0x00000080UL 903#define NSCD__SHMEMHOST 0x00000080UL
902 904
905#define ASSOCIATION__SENDTO 0x00000001UL
906#define ASSOCIATION__RECVFROM 0x00000002UL
907
908#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
909#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
910#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
911#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
912#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
913#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
914#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
915#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
916#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
917#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
918#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
919#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
920#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
921#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
922#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
923#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
924#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
925#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
926#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
927#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
928#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
929#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
930
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index 519a77d7394..77b2c5996f3 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -56,3 +56,5 @@
56 S_("netlink_dnrt_socket") 56 S_("netlink_dnrt_socket")
57 S_("dbus") 57 S_("dbus")
58 S_("nscd") 58 S_("nscd")
59 S_("association")
60 S_("netlink_kobject_uevent_socket")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 4eef1b654e9..eb9f50823f6 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -58,6 +58,8 @@
58#define SECCLASS_NETLINK_DNRT_SOCKET 51 58#define SECCLASS_NETLINK_DNRT_SOCKET 51
59#define SECCLASS_DBUS 52 59#define SECCLASS_DBUS 52
60#define SECCLASS_NSCD 53 60#define SECCLASS_NSCD 53
61#define SECCLASS_ASSOCIATION 54
62#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
61 63
62/* 64/*
63 * Security identifier indices for initial entities 65 * Security identifier indices for initial entities