aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2008-02-07 11:21:04 -0500
committerJames Morris <jmorris@namei.org>2008-02-11 04:30:02 -0500
commitb68e418c445e8a468634d0a7ca2fb63bbaa74028 (patch)
treee49b4a94ef28a9288ed6735a994387205b7cc5bd /security/selinux/include
parent19af35546de68c872dcb687613e0902a602cb20e (diff)
selinux: support 64-bit capabilities
Fix SELinux to handle 64-bit capabilities correctly, and to catch future extensions of capabilities beyond 64 bits to ensure that SELinux is properly updated. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/av_perm_to_string.h3
-rw-r--r--security/selinux/include/av_permissions.h3
-rw-r--r--security/selinux/include/class_to_string.h1
-rw-r--r--security/selinux/include/flask.h1
4 files changed, 8 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 399f868c5c8f..d5696690d3a2 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -132,6 +132,9 @@
132 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") 132 S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
133 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") 133 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
134 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") 134 S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
135 S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
136 S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
137 S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
135 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") 138 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
136 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") 139 S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
137 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") 140 S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 84c9abc80978..75b41311ab86 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -533,6 +533,9 @@
533#define CAPABILITY__LEASE 0x10000000UL 533#define CAPABILITY__LEASE 0x10000000UL
534#define CAPABILITY__AUDIT_WRITE 0x20000000UL 534#define CAPABILITY__AUDIT_WRITE 0x20000000UL
535#define CAPABILITY__AUDIT_CONTROL 0x40000000UL 535#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
536#define CAPABILITY__SETFCAP 0x80000000UL
537#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
538#define CAPABILITY2__MAC_ADMIN 0x00000002UL
536#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL 539#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
537#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL 540#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
538#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL 541#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index b1b0d1d8f950..bd813c366e34 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -71,3 +71,4 @@
71 S_(NULL) 71 S_(NULL)
72 S_(NULL) 72 S_(NULL)
73 S_("peer") 73 S_("peer")
74 S_("capability2")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 09e9dd23ee1a..febf8868e852 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -51,6 +51,7 @@
51#define SECCLASS_DCCP_SOCKET 60 51#define SECCLASS_DCCP_SOCKET 60
52#define SECCLASS_MEMPROTECT 61 52#define SECCLASS_MEMPROTECT 61
53#define SECCLASS_PEER 68 53#define SECCLASS_PEER 68
54#define SECCLASS_CAPABILITY2 69
54 55
55/* 56/*
56 * Security identifier indices for initial entities 57 * Security identifier indices for initial entities