aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorChristopher J. PeBenito <cpebenito@tresys.com>2006-06-09 03:25:03 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-18 00:29:51 -0400
commit3e3ff15e6d8ba931fa9a6c7f9fe711edc77e96e5 (patch)
treee3b3edcf5092e9533539f6e8abdda83eee2cb96d /security
parent6f68dc37759b1d6ff3b4d4a9d097605a09f8f043 (diff)
[SELINUX]: add security class for appletalk sockets
Add a security class for appletalk sockets so that they can be distinguished in SELinux policy. Please apply. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/include/av_inherit.h1
-rw-r--r--security/selinux/include/av_permissions.h23
-rw-r--r--security/selinux/include/class_to_string.h1
-rw-r--r--security/selinux/include/flask.h1
5 files changed, 28 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cf7b62ca886a..41b6f5d31945 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -696,6 +696,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
696 return SECCLASS_PACKET_SOCKET; 696 return SECCLASS_PACKET_SOCKET;
697 case PF_KEY: 697 case PF_KEY:
698 return SECCLASS_KEY_SOCKET; 698 return SECCLASS_KEY_SOCKET;
699 case PF_APPLETALK:
700 return SECCLASS_APPLETALK_SOCKET;
699 } 701 }
700 702
701 return SECCLASS_SOCKET; 703 return SECCLASS_SOCKET;
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
index b0e6b12931c9..a68fdd55597f 100644
--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
@@ -29,3 +29,4 @@
29 S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) 29 S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
30 S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) 30 S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
31 S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) 31 S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
32 S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index d7f02edf3930..41b073b8da09 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -933,3 +933,26 @@
933#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL 933#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
934#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL 934#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
935 935
936#define APPLETALK_SOCKET__IOCTL 0x00000001UL
937#define APPLETALK_SOCKET__READ 0x00000002UL
938#define APPLETALK_SOCKET__WRITE 0x00000004UL
939#define APPLETALK_SOCKET__CREATE 0x00000008UL
940#define APPLETALK_SOCKET__GETATTR 0x00000010UL
941#define APPLETALK_SOCKET__SETATTR 0x00000020UL
942#define APPLETALK_SOCKET__LOCK 0x00000040UL
943#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
944#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
945#define APPLETALK_SOCKET__APPEND 0x00000200UL
946#define APPLETALK_SOCKET__BIND 0x00000400UL
947#define APPLETALK_SOCKET__CONNECT 0x00000800UL
948#define APPLETALK_SOCKET__LISTEN 0x00001000UL
949#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
950#define APPLETALK_SOCKET__GETOPT 0x00004000UL
951#define APPLETALK_SOCKET__SETOPT 0x00008000UL
952#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
953#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
954#define APPLETALK_SOCKET__SENDTO 0x00040000UL
955#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
956#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
957#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
958
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index 77b2c5996f35..cc15069d0742 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -58,3 +58,4 @@
58 S_("nscd") 58 S_("nscd")
59 S_("association") 59 S_("association")
60 S_("netlink_kobject_uevent_socket") 60 S_("netlink_kobject_uevent_socket")
61 S_("appletalk_socket")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index eb9f50823f6e..e4c8535d78c2 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -60,6 +60,7 @@
60#define SECCLASS_NSCD 53 60#define SECCLASS_NSCD 53
61#define SECCLASS_ASSOCIATION 54 61#define SECCLASS_ASSOCIATION 54
62#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 62#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
63#define SECCLASS_APPLETALK_SOCKET 56
63 64
64/* 65/*
65 * Security identifier indices for initial entities 66 * Security identifier indices for initial entities