diff options
| author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:19 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:23 -0500 |
| commit | 3bb56b25dbe0a4b44bd2ebceab6736d068e85068 (patch) | |
| tree | 2285d831352b8580d401730eee98820ed54a81a0 /security/selinux/ss/policydb.c | |
| parent | 224dfbd81e1ff672eb46e7695469c395bd531083 (diff) | |
SELinux: Add a capabilities bitmap to SELinux policy version 22
Add a new policy capabilities bitmap to SELinux policy version 22. This bitmap
will enable the security server to query the policy to determine which features
it supports.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/policydb.c')
| -rw-r--r-- | security/selinux/ss/policydb.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index b582aae3c62c..bd7d6a00342d 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -13,6 +13,11 @@ | |||
| 13 | * | 13 | * |
| 14 | * Added conditional policy language extensions | 14 | * Added conditional policy language extensions |
| 15 | * | 15 | * |
| 16 | * Updated: Hewlett-Packard <paul.moore@hp.com> | ||
| 17 | * | ||
| 18 | * Added support for the policy capability bitmap | ||
| 19 | * | ||
| 20 | * Copyright (C) 2007 Hewlett-Packard Development Company, L.P. | ||
| 16 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 21 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
| 17 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | 22 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
| 18 | * This program is free software; you can redistribute it and/or modify | 23 | * This program is free software; you can redistribute it and/or modify |
| @@ -102,6 +107,11 @@ static struct policydb_compat_info policydb_compat[] = { | |||
| 102 | .sym_num = SYM_NUM, | 107 | .sym_num = SYM_NUM, |
| 103 | .ocon_num = OCON_NUM, | 108 | .ocon_num = OCON_NUM, |
| 104 | }, | 109 | }, |
| 110 | { | ||
| 111 | .version = POLICYDB_VERSION_POLCAP, | ||
| 112 | .sym_num = SYM_NUM, | ||
| 113 | .ocon_num = OCON_NUM, | ||
| 114 | } | ||
| 105 | }; | 115 | }; |
| 106 | 116 | ||
| 107 | static struct policydb_compat_info *policydb_lookup_compat(int version) | 117 | static struct policydb_compat_info *policydb_lookup_compat(int version) |
| @@ -183,6 +193,8 @@ static int policydb_init(struct policydb *p) | |||
| 183 | if (rc) | 193 | if (rc) |
| 184 | goto out_free_symtab; | 194 | goto out_free_symtab; |
| 185 | 195 | ||
| 196 | ebitmap_init(&p->policycaps); | ||
| 197 | |||
| 186 | out: | 198 | out: |
| 187 | return rc; | 199 | return rc; |
| 188 | 200 | ||
| @@ -673,8 +685,8 @@ void policydb_destroy(struct policydb *p) | |||
| 673 | ebitmap_destroy(&p->type_attr_map[i]); | 685 | ebitmap_destroy(&p->type_attr_map[i]); |
| 674 | } | 686 | } |
| 675 | kfree(p->type_attr_map); | 687 | kfree(p->type_attr_map); |
| 676 | |||
| 677 | kfree(p->undefined_perms); | 688 | kfree(p->undefined_perms); |
| 689 | ebitmap_destroy(&p->policycaps); | ||
| 678 | 690 | ||
| 679 | return; | 691 | return; |
| 680 | } | 692 | } |
| @@ -1554,6 +1566,10 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1554 | p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); | 1566 | p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); |
| 1555 | p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); | 1567 | p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); |
| 1556 | 1568 | ||
| 1569 | if (p->policyvers >= POLICYDB_VERSION_POLCAP && | ||
| 1570 | ebitmap_read(&p->policycaps, fp) != 0) | ||
| 1571 | goto bad; | ||
| 1572 | |||
| 1557 | info = policydb_lookup_compat(p->policyvers); | 1573 | info = policydb_lookup_compat(p->policyvers); |
| 1558 | if (!info) { | 1574 | if (!info) { |
| 1559 | printk(KERN_ERR "security: unable to find policy compat info " | 1575 | printk(KERN_ERR "security: unable to find policy compat info " |