diff options
author | Christopher J. PeBenito <cpebenito@tresys.com> | 2006-06-09 03:25:03 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-06-18 00:29:51 -0400 |
commit | 3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5 (patch) | |
tree | e3b3edcf5092e9533539f6e8abdda83eee2cb96d | |
parent | 6f68dc37759b1d6ff3b4d4a9d097605a09f8f043 (diff) |
[SELINUX]: add security class for appletalk sockets
Add a security class for appletalk sockets so that they can be
distinguished in SELinux policy. Please apply.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | security/selinux/hooks.c | 2 | ||||
-rw-r--r-- | security/selinux/include/av_inherit.h | 1 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 23 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 1 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 1 |
5 files changed, 28 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cf7b62ca886a..41b6f5d31945 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -696,6 +696,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
696 | return SECCLASS_PACKET_SOCKET; | 696 | return SECCLASS_PACKET_SOCKET; |
697 | case PF_KEY: | 697 | case PF_KEY: |
698 | return SECCLASS_KEY_SOCKET; | 698 | return SECCLASS_KEY_SOCKET; |
699 | case PF_APPLETALK: | ||
700 | return SECCLASS_APPLETALK_SOCKET; | ||
699 | } | 701 | } |
700 | 702 | ||
701 | return SECCLASS_SOCKET; | 703 | return SECCLASS_SOCKET; |
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h index b0e6b12931c9..a68fdd55597f 100644 --- a/security/selinux/include/av_inherit.h +++ b/security/selinux/include/av_inherit.h | |||
@@ -29,3 +29,4 @@ | |||
29 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) | 29 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) |
30 | S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) | 30 | S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) |
31 | S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) | 31 | S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) |
32 | S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index d7f02edf3930..41b073b8da09 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -933,3 +933,26 @@ | |||
933 | #define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL | 933 | #define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL |
934 | #define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL | 934 | #define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL |
935 | 935 | ||
936 | #define APPLETALK_SOCKET__IOCTL 0x00000001UL | ||
937 | #define APPLETALK_SOCKET__READ 0x00000002UL | ||
938 | #define APPLETALK_SOCKET__WRITE 0x00000004UL | ||
939 | #define APPLETALK_SOCKET__CREATE 0x00000008UL | ||
940 | #define APPLETALK_SOCKET__GETATTR 0x00000010UL | ||
941 | #define APPLETALK_SOCKET__SETATTR 0x00000020UL | ||
942 | #define APPLETALK_SOCKET__LOCK 0x00000040UL | ||
943 | #define APPLETALK_SOCKET__RELABELFROM 0x00000080UL | ||
944 | #define APPLETALK_SOCKET__RELABELTO 0x00000100UL | ||
945 | #define APPLETALK_SOCKET__APPEND 0x00000200UL | ||
946 | #define APPLETALK_SOCKET__BIND 0x00000400UL | ||
947 | #define APPLETALK_SOCKET__CONNECT 0x00000800UL | ||
948 | #define APPLETALK_SOCKET__LISTEN 0x00001000UL | ||
949 | #define APPLETALK_SOCKET__ACCEPT 0x00002000UL | ||
950 | #define APPLETALK_SOCKET__GETOPT 0x00004000UL | ||
951 | #define APPLETALK_SOCKET__SETOPT 0x00008000UL | ||
952 | #define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL | ||
953 | #define APPLETALK_SOCKET__RECVFROM 0x00020000UL | ||
954 | #define APPLETALK_SOCKET__SENDTO 0x00040000UL | ||
955 | #define APPLETALK_SOCKET__RECV_MSG 0x00080000UL | ||
956 | #define APPLETALK_SOCKET__SEND_MSG 0x00100000UL | ||
957 | #define APPLETALK_SOCKET__NAME_BIND 0x00200000UL | ||
958 | |||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index 77b2c5996f35..cc15069d0742 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -58,3 +58,4 @@ | |||
58 | S_("nscd") | 58 | S_("nscd") |
59 | S_("association") | 59 | S_("association") |
60 | S_("netlink_kobject_uevent_socket") | 60 | S_("netlink_kobject_uevent_socket") |
61 | S_("appletalk_socket") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index eb9f50823f6e..e4c8535d78c2 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -60,6 +60,7 @@ | |||
60 | #define SECCLASS_NSCD 53 | 60 | #define SECCLASS_NSCD 53 |
61 | #define SECCLASS_ASSOCIATION 54 | 61 | #define SECCLASS_ASSOCIATION 54 |
62 | #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 | 62 | #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 |
63 | #define SECCLASS_APPLETALK_SOCKET 56 | ||
63 | 64 | ||
64 | /* | 65 | /* |
65 | * Security identifier indices for initial entities | 66 | * Security identifier indices for initial entities |