diff options
| -rw-r--r-- | security/selinux/include/av_perm_to_string.h | 9 | ||||
| -rw-r--r-- | security/selinux/include/av_permissions.h | 9 | ||||
| -rw-r--r-- | security/selinux/include/class_to_string.h | 7 | ||||
| -rw-r--r-- | security/selinux/include/flask.h | 1 |
4 files changed, 26 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 049bf69429b6..399f868c5c8f 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h | |||
| @@ -37,6 +37,8 @@ | |||
| 37 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") | 37 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") |
| 38 | S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") | 38 | S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") |
| 39 | S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") | 39 | S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") |
| 40 | S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom") | ||
| 41 | S_(SECCLASS_NODE, NODE__SENDTO, "sendto") | ||
| 40 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") | 42 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") |
| 41 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") | 43 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") |
| 42 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") | 44 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") |
| @@ -45,6 +47,8 @@ | |||
| 45 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") | 47 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") |
| 46 | S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") | 48 | S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") |
| 47 | S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") | 49 | S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") |
| 50 | S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress") | ||
| 51 | S_(SECCLASS_NETIF, NETIF__EGRESS, "egress") | ||
| 48 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") | 52 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") |
| 49 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") | 53 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") |
| 50 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") | 54 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") |
| @@ -149,6 +153,10 @@ | |||
| 149 | S_(SECCLASS_PACKET, PACKET__SEND, "send") | 153 | S_(SECCLASS_PACKET, PACKET__SEND, "send") |
| 150 | S_(SECCLASS_PACKET, PACKET__RECV, "recv") | 154 | S_(SECCLASS_PACKET, PACKET__RECV, "recv") |
| 151 | S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") | 155 | S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") |
| 156 | S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") | ||
| 157 | S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") | ||
| 158 | S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in") | ||
| 159 | S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out") | ||
| 152 | S_(SECCLASS_KEY, KEY__VIEW, "view") | 160 | S_(SECCLASS_KEY, KEY__VIEW, "view") |
| 153 | S_(SECCLASS_KEY, KEY__READ, "read") | 161 | S_(SECCLASS_KEY, KEY__READ, "read") |
| 154 | S_(SECCLASS_KEY, KEY__WRITE, "write") | 162 | S_(SECCLASS_KEY, KEY__WRITE, "write") |
| @@ -159,3 +167,4 @@ | |||
| 159 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") | 167 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") |
| 160 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | 168 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") |
| 161 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | 169 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") |
| 170 | S_(SECCLASS_PEER, PEER__RECV, "recv") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index eda89a2ec635..84c9abc80978 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
| @@ -292,6 +292,8 @@ | |||
| 292 | #define NODE__ENFORCE_DEST 0x00000040UL | 292 | #define NODE__ENFORCE_DEST 0x00000040UL |
| 293 | #define NODE__DCCP_RECV 0x00000080UL | 293 | #define NODE__DCCP_RECV 0x00000080UL |
| 294 | #define NODE__DCCP_SEND 0x00000100UL | 294 | #define NODE__DCCP_SEND 0x00000100UL |
| 295 | #define NODE__RECVFROM 0x00000200UL | ||
| 296 | #define NODE__SENDTO 0x00000400UL | ||
| 295 | #define NETIF__TCP_RECV 0x00000001UL | 297 | #define NETIF__TCP_RECV 0x00000001UL |
| 296 | #define NETIF__TCP_SEND 0x00000002UL | 298 | #define NETIF__TCP_SEND 0x00000002UL |
| 297 | #define NETIF__UDP_RECV 0x00000004UL | 299 | #define NETIF__UDP_RECV 0x00000004UL |
| @@ -300,6 +302,8 @@ | |||
| 300 | #define NETIF__RAWIP_SEND 0x00000020UL | 302 | #define NETIF__RAWIP_SEND 0x00000020UL |
| 301 | #define NETIF__DCCP_RECV 0x00000040UL | 303 | #define NETIF__DCCP_RECV 0x00000040UL |
| 302 | #define NETIF__DCCP_SEND 0x00000080UL | 304 | #define NETIF__DCCP_SEND 0x00000080UL |
| 305 | #define NETIF__INGRESS 0x00000100UL | ||
| 306 | #define NETIF__EGRESS 0x00000200UL | ||
| 303 | #define NETLINK_SOCKET__IOCTL 0x00000001UL | 307 | #define NETLINK_SOCKET__IOCTL 0x00000001UL |
| 304 | #define NETLINK_SOCKET__READ 0x00000002UL | 308 | #define NETLINK_SOCKET__READ 0x00000002UL |
| 305 | #define NETLINK_SOCKET__WRITE 0x00000004UL | 309 | #define NETLINK_SOCKET__WRITE 0x00000004UL |
| @@ -792,6 +796,10 @@ | |||
| 792 | #define PACKET__SEND 0x00000001UL | 796 | #define PACKET__SEND 0x00000001UL |
| 793 | #define PACKET__RECV 0x00000002UL | 797 | #define PACKET__RECV 0x00000002UL |
| 794 | #define PACKET__RELABELTO 0x00000004UL | 798 | #define PACKET__RELABELTO 0x00000004UL |
| 799 | #define PACKET__FLOW_IN 0x00000008UL | ||
| 800 | #define PACKET__FLOW_OUT 0x00000010UL | ||
| 801 | #define PACKET__FORWARD_IN 0x00000020UL | ||
| 802 | #define PACKET__FORWARD_OUT 0x00000040UL | ||
| 795 | #define KEY__VIEW 0x00000001UL | 803 | #define KEY__VIEW 0x00000001UL |
| 796 | #define KEY__READ 0x00000002UL | 804 | #define KEY__READ 0x00000002UL |
| 797 | #define KEY__WRITE 0x00000004UL | 805 | #define KEY__WRITE 0x00000004UL |
| @@ -824,3 +832,4 @@ | |||
| 824 | #define DCCP_SOCKET__NODE_BIND 0x00400000UL | 832 | #define DCCP_SOCKET__NODE_BIND 0x00400000UL |
| 825 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL | 833 | #define DCCP_SOCKET__NAME_CONNECT 0x00800000UL |
| 826 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL | 834 | #define MEMPROTECT__MMAP_ZERO 0x00000001UL |
| 835 | #define PEER__RECV 0x00000001UL | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index e77de0e62ea0..b1b0d1d8f950 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h | |||
| @@ -64,3 +64,10 @@ | |||
| 64 | S_(NULL) | 64 | S_(NULL) |
| 65 | S_("dccp_socket") | 65 | S_("dccp_socket") |
| 66 | S_("memprotect") | 66 | S_("memprotect") |
| 67 | S_(NULL) | ||
| 68 | S_(NULL) | ||
| 69 | S_(NULL) | ||
| 70 | S_(NULL) | ||
| 71 | S_(NULL) | ||
| 72 | S_(NULL) | ||
| 73 | S_("peer") | ||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index a9c2b20f14b5..09e9dd23ee1a 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
| @@ -50,6 +50,7 @@ | |||
| 50 | #define SECCLASS_KEY 58 | 50 | #define SECCLASS_KEY 58 |
| 51 | #define SECCLASS_DCCP_SOCKET 60 | 51 | #define SECCLASS_DCCP_SOCKET 60 |
| 52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 61 |
| 53 | #define SECCLASS_PEER 68 | ||
| 53 | 54 | ||
| 54 | /* | 55 | /* |
| 55 | * Security identifier indices for initial entities | 56 | * Security identifier indices for initial entities |