aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/selinux/include/av_perm_to_string.h9
-rw-r--r--security/selinux/include/av_permissions.h9
-rw-r--r--security/selinux/include/class_to_string.h7
-rw-r--r--security/selinux/include/flask.h1
4 files changed, 26 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 049bf69429b6..399f868c5c8f 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -37,6 +37,8 @@
37 S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") 37 S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
38 S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") 38 S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
39 S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") 39 S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
40 S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom")
41 S_(SECCLASS_NODE, NODE__SENDTO, "sendto")
40 S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") 42 S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
41 S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") 43 S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
42 S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") 44 S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
@@ -45,6 +47,8 @@
45 S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") 47 S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
46 S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") 48 S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
47 S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") 49 S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
50 S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress")
51 S_(SECCLASS_NETIF, NETIF__EGRESS, "egress")
48 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") 52 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
49 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") 53 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
50 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") 54 S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
@@ -149,6 +153,10 @@
149 S_(SECCLASS_PACKET, PACKET__SEND, "send") 153 S_(SECCLASS_PACKET, PACKET__SEND, "send")
150 S_(SECCLASS_PACKET, PACKET__RECV, "recv") 154 S_(SECCLASS_PACKET, PACKET__RECV, "recv")
151 S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") 155 S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
156 S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in")
157 S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out")
158 S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in")
159 S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out")
152 S_(SECCLASS_KEY, KEY__VIEW, "view") 160 S_(SECCLASS_KEY, KEY__VIEW, "view")
153 S_(SECCLASS_KEY, KEY__READ, "read") 161 S_(SECCLASS_KEY, KEY__READ, "read")
154 S_(SECCLASS_KEY, KEY__WRITE, "write") 162 S_(SECCLASS_KEY, KEY__WRITE, "write")
@@ -159,3 +167,4 @@
159 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") 167 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
160 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") 168 S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
161 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") 169 S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
170 S_(SECCLASS_PEER, PEER__RECV, "recv")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index eda89a2ec635..84c9abc80978 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -292,6 +292,8 @@
292#define NODE__ENFORCE_DEST 0x00000040UL 292#define NODE__ENFORCE_DEST 0x00000040UL
293#define NODE__DCCP_RECV 0x00000080UL 293#define NODE__DCCP_RECV 0x00000080UL
294#define NODE__DCCP_SEND 0x00000100UL 294#define NODE__DCCP_SEND 0x00000100UL
295#define NODE__RECVFROM 0x00000200UL
296#define NODE__SENDTO 0x00000400UL
295#define NETIF__TCP_RECV 0x00000001UL 297#define NETIF__TCP_RECV 0x00000001UL
296#define NETIF__TCP_SEND 0x00000002UL 298#define NETIF__TCP_SEND 0x00000002UL
297#define NETIF__UDP_RECV 0x00000004UL 299#define NETIF__UDP_RECV 0x00000004UL
@@ -300,6 +302,8 @@
300#define NETIF__RAWIP_SEND 0x00000020UL 302#define NETIF__RAWIP_SEND 0x00000020UL
301#define NETIF__DCCP_RECV 0x00000040UL 303#define NETIF__DCCP_RECV 0x00000040UL
302#define NETIF__DCCP_SEND 0x00000080UL 304#define NETIF__DCCP_SEND 0x00000080UL
305#define NETIF__INGRESS 0x00000100UL
306#define NETIF__EGRESS 0x00000200UL
303#define NETLINK_SOCKET__IOCTL 0x00000001UL 307#define NETLINK_SOCKET__IOCTL 0x00000001UL
304#define NETLINK_SOCKET__READ 0x00000002UL 308#define NETLINK_SOCKET__READ 0x00000002UL
305#define NETLINK_SOCKET__WRITE 0x00000004UL 309#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -792,6 +796,10 @@
792#define PACKET__SEND 0x00000001UL 796#define PACKET__SEND 0x00000001UL
793#define PACKET__RECV 0x00000002UL 797#define PACKET__RECV 0x00000002UL
794#define PACKET__RELABELTO 0x00000004UL 798#define PACKET__RELABELTO 0x00000004UL
799#define PACKET__FLOW_IN 0x00000008UL
800#define PACKET__FLOW_OUT 0x00000010UL
801#define PACKET__FORWARD_IN 0x00000020UL
802#define PACKET__FORWARD_OUT 0x00000040UL
795#define KEY__VIEW 0x00000001UL 803#define KEY__VIEW 0x00000001UL
796#define KEY__READ 0x00000002UL 804#define KEY__READ 0x00000002UL
797#define KEY__WRITE 0x00000004UL 805#define KEY__WRITE 0x00000004UL
@@ -824,3 +832,4 @@
824#define DCCP_SOCKET__NODE_BIND 0x00400000UL 832#define DCCP_SOCKET__NODE_BIND 0x00400000UL
825#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL 833#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
826#define MEMPROTECT__MMAP_ZERO 0x00000001UL 834#define MEMPROTECT__MMAP_ZERO 0x00000001UL
835#define PEER__RECV 0x00000001UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index e77de0e62ea0..b1b0d1d8f950 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -64,3 +64,10 @@
64 S_(NULL) 64 S_(NULL)
65 S_("dccp_socket") 65 S_("dccp_socket")
66 S_("memprotect") 66 S_("memprotect")
67 S_(NULL)
68 S_(NULL)
69 S_(NULL)
70 S_(NULL)
71 S_(NULL)
72 S_(NULL)
73 S_("peer")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index a9c2b20f14b5..09e9dd23ee1a 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -50,6 +50,7 @@
50#define SECCLASS_KEY 58 50#define SECCLASS_KEY 58
51#define SECCLASS_DCCP_SOCKET 60 51#define SECCLASS_DCCP_SOCKET 60
52#define SECCLASS_MEMPROTECT 61 52#define SECCLASS_MEMPROTECT 61
53#define SECCLASS_PEER 68
53 54
54/* 55/*
55 * Security identifier indices for initial entities 56 * Security identifier indices for initial entities