diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-02-07 11:21:04 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-02-11 04:30:02 -0500 |
commit | b68e418c445e8a468634d0a7ca2fb63bbaa74028 (patch) | |
tree | e49b4a94ef28a9288ed6735a994387205b7cc5bd /security/selinux/include | |
parent | 19af35546de68c872dcb687613e0902a602cb20e (diff) |
selinux: support 64-bit capabilities
Fix SELinux to handle 64-bit capabilities correctly, and to catch
future extensions of capabilities beyond 64 bits to ensure that SELinux
is properly updated.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 3 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 3 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 1 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 1 |
4 files changed, 8 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 399f868c5c8f..d5696690d3a2 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -132,6 +132,9 @@ | |||
132 | S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") | 132 | S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") |
133 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") | 133 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") |
134 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") | 134 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") |
135 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") | ||
136 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") | ||
137 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") | ||
135 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") | 138 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") |
136 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") | 139 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") |
137 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") | 140 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") |
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 84c9abc80978..75b41311ab86 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -533,6 +533,9 @@ | |||
533 | #define CAPABILITY__LEASE 0x10000000UL | 533 | #define CAPABILITY__LEASE 0x10000000UL |
534 | #define CAPABILITY__AUDIT_WRITE 0x20000000UL | 534 | #define CAPABILITY__AUDIT_WRITE 0x20000000UL |
535 | #define CAPABILITY__AUDIT_CONTROL 0x40000000UL | 535 | #define CAPABILITY__AUDIT_CONTROL 0x40000000UL |
536 | #define CAPABILITY__SETFCAP 0x80000000UL | ||
537 | #define CAPABILITY2__MAC_OVERRIDE 0x00000001UL | ||
538 | #define CAPABILITY2__MAC_ADMIN 0x00000002UL | ||
536 | #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL | 539 | #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL |
537 | #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL | 540 | #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL |
538 | #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL | 541 | #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL |
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index b1b0d1d8f950..bd813c366e34 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -71,3 +71,4 @@ | |||
71 | S_(NULL) | 71 | S_(NULL) |
72 | S_(NULL) | 72 | S_(NULL) |
73 | S_("peer") | 73 | S_("peer") |
74 | S_("capability2") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index 09e9dd23ee1a..febf8868e852 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -51,6 +51,7 @@ | |||
51 | #define SECCLASS_DCCP_SOCKET 60 | 51 | #define SECCLASS_DCCP_SOCKET 60 |
52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 68 |
54 | #define SECCLASS_CAPABILITY2 69 | ||
54 | 55 | ||
55 | /* | 56 | /* |
56 | * Security identifier indices for initial entities | 57 | * Security identifier indices for initial entities |