diff options
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 9 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 9 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 7 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 1 |
4 files changed, 26 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 049bf69429b6..399f868c5c8f 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
@@ -37,6 +37,8 @@ | |||
37 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") | 37 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") |
38 | S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") | 38 | S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") |
39 | S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") | 39 | S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") |
40 | S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom") | ||
41 | S_(SECCLASS_NODE, NODE__SENDTO, "sendto") | ||
40 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") | 42 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") |
41 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") | 43 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") |
42 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") | 44 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") |
@@ -45,6 +47,8 @@ | |||
45 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") | 47 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") |
46 | S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") | 48 | S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") |
47 | S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") | 49 | S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") |
50 | S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress") | ||
51 | S_(SECCLASS_NETIF, NETIF__EGRESS, "egress") | ||
48 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") | 52 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") |
49 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") | 53 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") |
50 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") | 54 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") |
@@ -149,6 +153,10 @@ | |||
149 | S_(SECCLASS_PACKET, PACKET__SEND, "send") | 153 | S_(SECCLASS_PACKET, PACKET__SEND, "send") |
150 | S_(SECCLASS_PACKET, PACKET__RECV, "recv") | 154 | S_(SECCLASS_PACKET, PACKET__RECV, "recv") |
151 | S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") | 155 | S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") |
156 | S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") | ||
157 | S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") | ||
158 | S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in") | ||
159 | S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out") | ||
152 | S_(SECCLASS_KEY, KEY__VIEW, "view") | 160 | S_(SECCLASS_KEY, KEY__VIEW, "view") |
153 | S_(SECCLASS_KEY, KEY__READ, "read") | 161 | S_(SECCLASS_KEY, KEY__READ, "read") |
154 | S_(SECCLASS_KEY, KEY__WRITE, "write") | 162 | S_(SECCLASS_KEY, KEY__WRITE, "write") |
@@ -159,3 +167,4 @@ | |||
159 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") | 167 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") |
160 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | 168 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") |
161 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | 169 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") |
170 | S_(SECCLASS_PEER, PEER__RECV, "recv") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index eda89a2ec635..84c9abc80978 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
@@ -292,6 +292,8 @@ | |||
292 | #define NODE__ENFORCE_DEST 0x00000040UL | 292 | #define NODE__ENFORCE_DEST 0x00000040UL |
293 | #define NODE__DCCP_RECV 0x00000080UL | 293 | #define NODE__DCCP_RECV 0x00000080UL |
294 | #define NODE__DCCP_SEND 0x00000100UL | 294 | #define NODE__DCCP_SEND 0x00000100UL |
295 | #define NODE__RECVFROM 0x00000200UL | ||
296 | #define NODE__SENDTO 0x00000400UL | ||
295 | #define NETIF__TCP_RECV 0x00000001UL | 297 | #define NETIF__TCP_RECV 0x00000001UL |
296 | #define NETIF__TCP_SEND 0x00000002UL | 298 | #define NETIF__TCP_SEND 0x00000002UL |
297 | #define NETIF__UDP_RECV 0x00000004UL | 299 | #define NETIF__UDP_RECV 0x00000004UL |
@@ -300,6 +302,8 @@ | |||
300 | #define NETIF__RAWIP_SEND 0x00000020UL | 302 | #define NETIF__RAWIP_SEND 0x00000020UL |
301 | #define NETIF__DCCP_RECV 0x00000040UL | 303 | #define NETIF__DCCP_RECV 0x00000040UL |
302 | #define NETIF__DCCP_SEND 0x00000080UL | 304 | #define NETIF__DCCP_SEND 0x00000080UL |
305 | #define NETIF__INGRESS 0x00000100UL | ||
306 | #define NETIF__EGRESS 0x00000200UL | ||
303 | #define NETLINK_SOCKET__IOCTL 0x00000001UL | 307 | #define NETLINK_SOCKET__IOCTL 0x00000001UL |
304 | #define NETLINK_SOCKET__READ 0x00000002UL | 308 | #define NETLINK_SOCKET__READ 0x00000002UL |
305 | #define NETLINK_SOCKET__WRITE 0x00000004UL | 309 | #define NETLINK_SOCKET__WRITE 0x00000004UL |
@@ -792,6 +796,10 @@ | |||
792 | #define PACKET__SEND 0x00000001UL | 796 | #define PACKET__SEND 0x00000001UL |
793 | #define PACKET__RECV 0x00000002UL | 797 | #define PACKET__RECV 0x00000002UL |
794 | #define PACKET__RELABELTO 0x00000004UL | 798 | #define PACKET__RELABELTO 0x00000004UL |
799 | #define PACKET__FLOW_IN 0x00000008UL | ||
800 | #define PACKET__FLOW_OUT 0x00000010UL | ||
801 | #define PACKET__FORWARD_IN 0x00000020UL | ||
802 | #define PACKET__FORWARD_OUT 0x00000040UL | ||
795 | #define KEY__VIEW 0x00000001UL | 803 | #define KEY__VIEW 0x00000001UL |
796 | #define KEY__READ 0x00000002UL | 804 | #define KEY__READ 0x00000002UL |
797 | #define KEY__WRITE 0x00000004UL | 805 | #define KEY__WRITE 0x00000004UL |
@@ -824,3 +832,4 @@ | |||
824 | #define DCCP_SOCKET__NODE_BIND 0x00400000UL | 832 | #define DCCP_SOCKET__NODE_BIND 0x00400000UL |
825 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL | 833 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL |
826 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL | 834 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL |
835 | #define PEER__RECV 0x00000001UL | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index e77de0e62ea0..b1b0d1d8f950 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
@@ -64,3 +64,10 @@ | |||
64 | S_(NULL) | 64 | S_(NULL) |
65 | S_("dccp_socket") | 65 | S_("dccp_socket") |
66 | S_("memprotect") | 66 | S_("memprotect") |
67 | S_(NULL) | ||
68 | S_(NULL) | ||
69 | S_(NULL) | ||
70 | S_(NULL) | ||
71 | S_(NULL) | ||
72 | S_(NULL) | ||
73 | S_("peer") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index a9c2b20f14b5..09e9dd23ee1a 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
@@ -50,6 +50,7 @@ | |||
50 | #define SECCLASS_KEY 58 | 50 | #define SECCLASS_KEY 58 |
51 | #define SECCLASS_DCCP_SOCKET 60 | 51 | #define SECCLASS_DCCP_SOCKET 60 |
52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
53 | #define SECCLASS_PEER 68 | ||
53 | 54 | ||
54 | /* | 55 | /* |
55 | * Security identifier indices for initial entities | 56 | * Security identifier indices for initial entities |