diff options
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/av_inherit.h | 34 | ||||
| -rw-r--r-- | security/selinux/include/av_perm_to_string.h | 183 | ||||
| -rw-r--r-- | security/selinux/include/av_permissions.h | 44 | ||||
| -rw-r--r-- | security/selinux/include/avc_ss.h | 21 | ||||
| -rw-r--r-- | security/selinux/include/class_to_string.h | 80 | ||||
| -rw-r--r-- | security/selinux/include/classmap.h | 150 | ||||
| -rw-r--r-- | security/selinux/include/common_perm_to_string.h | 58 | ||||
| -rw-r--r-- | security/selinux/include/flask.h | 40 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 13 |
9 files changed, 206 insertions, 417 deletions
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h deleted file mode 100644 index abedcd704dae..000000000000 --- a/security/selinux/include/av_inherit.h +++ /dev/null | |||
| @@ -1,34 +0,0 @@ | |||
| 1 | /* This file is automatically generated. Do not edit. */ | ||
| 2 | S_(SECCLASS_DIR, file, 0x00020000UL) | ||
| 3 | S_(SECCLASS_FILE, file, 0x00020000UL) | ||
| 4 | S_(SECCLASS_LNK_FILE, file, 0x00020000UL) | ||
| 5 | S_(SECCLASS_CHR_FILE, file, 0x00020000UL) | ||
| 6 | S_(SECCLASS_BLK_FILE, file, 0x00020000UL) | ||
| 7 | S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) | ||
| 8 | S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) | ||
| 9 | S_(SECCLASS_SOCKET, socket, 0x00400000UL) | ||
| 10 | S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) | ||
| 11 | S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) | ||
| 12 | S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) | ||
| 13 | S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) | ||
| 14 | S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) | ||
| 15 | S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) | ||
| 16 | S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) | ||
| 17 | S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) | ||
| 18 | S_(SECCLASS_TUN_SOCKET, socket, 0x00400000UL) | ||
| 19 | S_(SECCLASS_IPC, ipc, 0x00000200UL) | ||
| 20 | S_(SECCLASS_SEM, ipc, 0x00000200UL) | ||
| 21 | S_(SECCLASS_MSGQ, ipc, 0x00000200UL) | ||
| 22 | S_(SECCLASS_SHM, ipc, 0x00000200UL) | ||
| 23 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) | ||
| 24 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) | ||
| 25 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) | ||
| 26 | S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) | ||
| 27 | S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) | ||
| 28 | S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) | ||
| 29 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) | ||
| 30 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) | ||
| 31 | S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) | ||
| 32 | S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) | ||
| 33 | S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) | ||
| 34 | S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL) | ||
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h deleted file mode 100644 index 2b683ad83d21..000000000000 --- a/security/selinux/include/av_perm_to_string.h +++ /dev/null | |||
| @@ -1,183 +0,0 @@ | |||
| 1 | /* This file is automatically generated. Do not edit. */ | ||
| 2 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") | ||
| 3 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") | ||
| 4 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") | ||
| 5 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") | ||
| 6 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") | ||
| 7 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") | ||
| 8 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") | ||
| 9 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") | ||
| 10 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") | ||
| 11 | S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") | ||
| 12 | S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") | ||
| 13 | S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") | ||
| 14 | S_(SECCLASS_DIR, DIR__REPARENT, "reparent") | ||
| 15 | S_(SECCLASS_DIR, DIR__SEARCH, "search") | ||
| 16 | S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") | ||
| 17 | S_(SECCLASS_DIR, DIR__OPEN, "open") | ||
| 18 | S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") | ||
| 19 | S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") | ||
| 20 | S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") | ||
| 21 | S_(SECCLASS_FILE, FILE__OPEN, "open") | ||
| 22 | S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") | ||
| 23 | S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") | ||
| 24 | S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") | ||
| 25 | S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open") | ||
| 26 | S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open") | ||
| 27 | S_(SECCLASS_SOCK_FILE, SOCK_FILE__OPEN, "open") | ||
| 28 | S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open") | ||
| 29 | S_(SECCLASS_FD, FD__USE, "use") | ||
| 30 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") | ||
| 31 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") | ||
| 32 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") | ||
| 33 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") | ||
| 34 | S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") | ||
| 35 | S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") | ||
| 36 | S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") | ||
| 37 | S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") | ||
| 38 | S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") | ||
| 39 | S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") | ||
| 40 | S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") | ||
| 41 | S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") | ||
| 42 | S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") | ||
| 43 | S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") | ||
| 44 | S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") | ||
| 45 | S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") | ||
| 46 | S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom") | ||
| 47 | S_(SECCLASS_NODE, NODE__SENDTO, "sendto") | ||
| 48 | S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") | ||
| 49 | S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") | ||
| 50 | S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") | ||
| 51 | S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") | ||
| 52 | S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") | ||
| 53 | S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") | ||
| 54 | S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") | ||
| 55 | S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") | ||
| 56 | S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress") | ||
| 57 | S_(SECCLASS_NETIF, NETIF__EGRESS, "egress") | ||
| 58 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") | ||
| 59 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") | ||
| 60 | S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") | ||
| 61 | S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") | ||
| 62 | S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") | ||
| 63 | S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") | ||
| 64 | S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") | ||
| 65 | S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") | ||
| 66 | S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") | ||
| 67 | S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") | ||
| 68 | S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") | ||
| 69 | S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") | ||
| 70 | S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") | ||
| 71 | S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") | ||
| 72 | S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") | ||
| 73 | S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") | ||
| 74 | S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") | ||
| 75 | S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") | ||
| 76 | S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") | ||
| 77 | S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") | ||
| 78 | S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") | ||
| 79 | S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") | ||
| 80 | S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") | ||
| 81 | S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") | ||
| 82 | S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") | ||
| 83 | S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") | ||
| 84 | S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") | ||
| 85 | S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") | ||
| 86 | S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") | ||
| 87 | S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") | ||
| 88 | S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") | ||
| 89 | S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") | ||
| 90 | S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") | ||
| 91 | S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") | ||
| 92 | S_(SECCLASS_MSG, MSG__SEND, "send") | ||
| 93 | S_(SECCLASS_MSG, MSG__RECEIVE, "receive") | ||
| 94 | S_(SECCLASS_SHM, SHM__LOCK, "lock") | ||
| 95 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") | ||
| 96 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") | ||
| 97 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") | ||
| 98 | S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") | ||
| 99 | S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") | ||
| 100 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") | ||
| 101 | S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") | ||
| 102 | S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") | ||
| 103 | S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") | ||
| 104 | S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") | ||
| 105 | S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") | ||
| 106 | S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") | ||
| 107 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") | ||
| 108 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") | ||
| 109 | S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") | ||
| 110 | S_(SECCLASS_SYSTEM, SYSTEM__MODULE_REQUEST, "module_request") | ||
| 111 | S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") | ||
| 112 | S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") | ||
| 113 | S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") | ||
| 114 | S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") | ||
| 115 | S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") | ||
| 116 | S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") | ||
| 117 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") | ||
| 118 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") | ||
| 119 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") | ||
| 120 | S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") | ||
| 121 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") | ||
| 122 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") | ||
| 123 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") | ||
| 124 | S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") | ||
| 125 | S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") | ||
| 126 | S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") | ||
| 127 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") | ||
| 128 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") | ||
| 129 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") | ||
| 130 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") | ||
| 131 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") | ||
| 132 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") | ||
| 133 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") | ||
| 134 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") | ||
| 135 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") | ||
| 136 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") | ||
| 137 | S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") | ||
| 138 | S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") | ||
| 139 | S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") | ||
| 140 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") | ||
| 141 | S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") | ||
| 142 | S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") | ||
| 143 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") | ||
| 144 | S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") | ||
| 145 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 146 | S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 147 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 148 | S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 149 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 150 | S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 151 | S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 152 | S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 153 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 154 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 155 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") | ||
| 156 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") | ||
| 157 | S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit") | ||
| 158 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") | ||
| 159 | S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") | ||
| 160 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") | ||
| 161 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") | ||
| 162 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") | ||
| 163 | S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") | ||
| 164 | S_(SECCLASS_PACKET, PACKET__SEND, "send") | ||
| 165 | S_(SECCLASS_PACKET, PACKET__RECV, "recv") | ||
| 166 | S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") | ||
| 167 | S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") | ||
| 168 | S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") | ||
| 169 | S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in") | ||
| 170 | S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out") | ||
| 171 | S_(SECCLASS_KEY, KEY__VIEW, "view") | ||
| 172 | S_(SECCLASS_KEY, KEY__READ, "read") | ||
| 173 | S_(SECCLASS_KEY, KEY__WRITE, "write") | ||
| 174 | S_(SECCLASS_KEY, KEY__SEARCH, "search") | ||
| 175 | S_(SECCLASS_KEY, KEY__LINK, "link") | ||
| 176 | S_(SECCLASS_KEY, KEY__SETATTR, "setattr") | ||
| 177 | S_(SECCLASS_KEY, KEY__CREATE, "create") | ||
| 178 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") | ||
| 179 | S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") | ||
| 180 | S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") | ||
| 181 | S_(SECCLASS_PEER, PEER__RECV, "recv") | ||
| 182 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__USE_AS_OVERRIDE, "use_as_override") | ||
| 183 | S_(SECCLASS_KERNEL_SERVICE, KERNEL_SERVICE__CREATE_FILES_AS, "create_files_as") | ||
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 0546d616ccac..fef2582b734d 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h | |||
| @@ -423,28 +423,6 @@ | |||
| 423 | #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL | 423 | #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL |
| 424 | #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL | 424 | #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL |
| 425 | #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL | 425 | #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL |
| 426 | #define TUN_SOCKET__IOCTL 0x00000001UL | ||
| 427 | #define TUN_SOCKET__READ 0x00000002UL | ||
| 428 | #define TUN_SOCKET__WRITE 0x00000004UL | ||
| 429 | #define TUN_SOCKET__CREATE 0x00000008UL | ||
| 430 | #define TUN_SOCKET__GETATTR 0x00000010UL | ||
| 431 | #define TUN_SOCKET__SETATTR 0x00000020UL | ||
| 432 | #define TUN_SOCKET__LOCK 0x00000040UL | ||
| 433 | #define TUN_SOCKET__RELABELFROM 0x00000080UL | ||
| 434 | #define TUN_SOCKET__RELABELTO 0x00000100UL | ||
| 435 | #define TUN_SOCKET__APPEND 0x00000200UL | ||
| 436 | #define TUN_SOCKET__BIND 0x00000400UL | ||
| 437 | #define TUN_SOCKET__CONNECT 0x00000800UL | ||
| 438 | #define TUN_SOCKET__LISTEN 0x00001000UL | ||
| 439 | #define TUN_SOCKET__ACCEPT 0x00002000UL | ||
| 440 | #define TUN_SOCKET__GETOPT 0x00004000UL | ||
| 441 | #define TUN_SOCKET__SETOPT 0x00008000UL | ||
| 442 | #define TUN_SOCKET__SHUTDOWN 0x00010000UL | ||
| 443 | #define TUN_SOCKET__RECVFROM 0x00020000UL | ||
| 444 | #define TUN_SOCKET__SENDTO 0x00040000UL | ||
| 445 | #define TUN_SOCKET__RECV_MSG 0x00080000UL | ||
| 446 | #define TUN_SOCKET__SEND_MSG 0x00100000UL | ||
| 447 | #define TUN_SOCKET__NAME_BIND 0x00200000UL | ||
| 448 | #define PROCESS__FORK 0x00000001UL | 426 | #define PROCESS__FORK 0x00000001UL |
| 449 | #define PROCESS__TRANSITION 0x00000002UL | 427 | #define PROCESS__TRANSITION 0x00000002UL |
| 450 | #define PROCESS__SIGCHLD 0x00000004UL | 428 | #define PROCESS__SIGCHLD 0x00000004UL |
| @@ -868,3 +846,25 @@ | |||
| 868 | #define PEER__RECV 0x00000001UL | 846 | #define PEER__RECV 0x00000001UL |
| 869 | #define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL | 847 | #define KERNEL_SERVICE__USE_AS_OVERRIDE 0x00000001UL |
| 870 | #define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL | 848 | #define KERNEL_SERVICE__CREATE_FILES_AS 0x00000002UL |
| 849 | #define TUN_SOCKET__IOCTL 0x00000001UL | ||
| 850 | #define TUN_SOCKET__READ 0x00000002UL | ||
| 851 | #define TUN_SOCKET__WRITE 0x00000004UL | ||
| 852 | #define TUN_SOCKET__CREATE 0x00000008UL | ||
| 853 | #define TUN_SOCKET__GETATTR 0x00000010UL | ||
| 854 | #define TUN_SOCKET__SETATTR 0x00000020UL | ||
| 855 | #define TUN_SOCKET__LOCK 0x00000040UL | ||
| 856 | #define TUN_SOCKET__RELABELFROM 0x00000080UL | ||
| 857 | #define TUN_SOCKET__RELABELTO 0x00000100UL | ||
| 858 | #define TUN_SOCKET__APPEND 0x00000200UL | ||
| 859 | #define TUN_SOCKET__BIND 0x00000400UL | ||
| 860 | #define TUN_SOCKET__CONNECT 0x00000800UL | ||
| 861 | #define TUN_SOCKET__LISTEN 0x00001000UL | ||
| 862 | #define TUN_SOCKET__ACCEPT 0x00002000UL | ||
| 863 | #define TUN_SOCKET__GETOPT 0x00004000UL | ||
| 864 | #define TUN_SOCKET__SETOPT 0x00008000UL | ||
| 865 | #define TUN_SOCKET__SHUTDOWN 0x00010000UL | ||
| 866 | #define TUN_SOCKET__RECVFROM 0x00020000UL | ||
| 867 | #define TUN_SOCKET__SENDTO 0x00040000UL | ||
| 868 | #define TUN_SOCKET__RECV_MSG 0x00080000UL | ||
| 869 | #define TUN_SOCKET__SEND_MSG 0x00100000UL | ||
| 870 | #define TUN_SOCKET__NAME_BIND 0x00200000UL | ||
diff --git a/security/selinux/include/avc_ss.h b/security/selinux/include/avc_ss.h index bb1ec801bdfe..4677aa519b04 100644 --- a/security/selinux/include/avc_ss.h +++ b/security/selinux/include/avc_ss.h | |||
| @@ -10,26 +10,13 @@ | |||
| 10 | 10 | ||
| 11 | int avc_ss_reset(u32 seqno); | 11 | int avc_ss_reset(u32 seqno); |
| 12 | 12 | ||
| 13 | struct av_perm_to_string { | 13 | /* Class/perm mapping support */ |
| 14 | u16 tclass; | 14 | struct security_class_mapping { |
| 15 | u32 value; | ||
| 16 | const char *name; | 15 | const char *name; |
| 16 | const char *perms[sizeof(u32) * 8 + 1]; | ||
| 17 | }; | 17 | }; |
| 18 | 18 | ||
| 19 | struct av_inherit { | 19 | extern struct security_class_mapping secclass_map[]; |
| 20 | const char **common_pts; | ||
| 21 | u32 common_base; | ||
| 22 | u16 tclass; | ||
| 23 | }; | ||
| 24 | |||
| 25 | struct selinux_class_perm { | ||
| 26 | const struct av_perm_to_string *av_perm_to_string; | ||
| 27 | u32 av_pts_len; | ||
| 28 | u32 cts_len; | ||
| 29 | const char **class_to_string; | ||
| 30 | const struct av_inherit *av_inherit; | ||
| 31 | u32 av_inherit_len; | ||
| 32 | }; | ||
| 33 | 20 | ||
| 34 | #endif /* _SELINUX_AVC_SS_H_ */ | 21 | #endif /* _SELINUX_AVC_SS_H_ */ |
| 35 | 22 | ||
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h deleted file mode 100644 index 7ab9299bfb6b..000000000000 --- a/security/selinux/include/class_to_string.h +++ /dev/null | |||
| @@ -1,80 +0,0 @@ | |||
| 1 | /* This file is automatically generated. Do not edit. */ | ||
| 2 | /* | ||
| 3 | * Security object class definitions | ||
| 4 | */ | ||
| 5 | S_(NULL) | ||
| 6 | S_("security") | ||
| 7 | S_("process") | ||
| 8 | S_("system") | ||
| 9 | S_("capability") | ||
| 10 | S_("filesystem") | ||
| 11 | S_("file") | ||
| 12 | S_("dir") | ||
| 13 | S_("fd") | ||
| 14 | S_("lnk_file") | ||
| 15 | S_("chr_file") | ||
| 16 | S_("blk_file") | ||
| 17 | S_("sock_file") | ||
| 18 | S_("fifo_file") | ||
| 19 | S_("socket") | ||
| 20 | S_("tcp_socket") | ||
| 21 | S_("udp_socket") | ||
| 22 | S_("rawip_socket") | ||
| 23 | S_("node") | ||
| 24 | S_("netif") | ||
| 25 | S_("netlink_socket") | ||
| 26 | S_("packet_socket") | ||
| 27 | S_("key_socket") | ||
| 28 | S_("unix_stream_socket") | ||
| 29 | S_("unix_dgram_socket") | ||
| 30 | S_("sem") | ||
| 31 | S_("msg") | ||
| 32 | S_("msgq") | ||
| 33 | S_("shm") | ||
| 34 | S_("ipc") | ||
| 35 | S_(NULL) | ||
| 36 | S_(NULL) | ||
| 37 | S_(NULL) | ||
| 38 | S_(NULL) | ||
| 39 | S_(NULL) | ||
| 40 | S_(NULL) | ||
| 41 | S_(NULL) | ||
| 42 | S_(NULL) | ||
| 43 | S_(NULL) | ||
| 44 | S_(NULL) | ||
| 45 | S_(NULL) | ||
| 46 | S_(NULL) | ||
| 47 | S_(NULL) | ||
| 48 | S_("netlink_route_socket") | ||
| 49 | S_("netlink_firewall_socket") | ||
| 50 | S_("netlink_tcpdiag_socket") | ||
| 51 | S_("netlink_nflog_socket") | ||
| 52 | S_("netlink_xfrm_socket") | ||
| 53 | S_("netlink_selinux_socket") | ||
| 54 | S_("netlink_audit_socket") | ||
| 55 | S_("netlink_ip6fw_socket") | ||
| 56 | S_("netlink_dnrt_socket") | ||
| 57 | S_(NULL) | ||
| 58 | S_(NULL) | ||
| 59 | S_("association") | ||
| 60 | S_("netlink_kobject_uevent_socket") | ||
| 61 | S_("appletalk_socket") | ||
| 62 | S_("packet") | ||
| 63 | S_("key") | ||
| 64 | S_(NULL) | ||
| 65 | S_("dccp_socket") | ||
| 66 | S_("memprotect") | ||
| 67 | S_(NULL) | ||
| 68 | S_(NULL) | ||
| 69 | S_(NULL) | ||
| 70 | S_(NULL) | ||
| 71 | S_(NULL) | ||
| 72 | S_(NULL) | ||
| 73 | S_("peer") | ||
| 74 | S_("capability2") | ||
| 75 | S_(NULL) | ||
| 76 | S_(NULL) | ||
| 77 | S_(NULL) | ||
| 78 | S_(NULL) | ||
| 79 | S_("kernel_service") | ||
| 80 | S_("tun_socket") | ||
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h new file mode 100644 index 000000000000..8b32e959bb2e --- /dev/null +++ b/security/selinux/include/classmap.h | |||
| @@ -0,0 +1,150 @@ | |||
| 1 | #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \ | ||
| 2 | "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append" | ||
| 3 | |||
| 4 | #define COMMON_FILE_PERMS COMMON_FILE_SOCK_PERMS, "unlink", "link", \ | ||
| 5 | "rename", "execute", "swapon", "quotaon", "mounton" | ||
| 6 | |||
| 7 | #define COMMON_SOCK_PERMS COMMON_FILE_SOCK_PERMS, "bind", "connect", \ | ||
| 8 | "listen", "accept", "getopt", "setopt", "shutdown", "recvfrom", \ | ||
| 9 | "sendto", "recv_msg", "send_msg", "name_bind" | ||
| 10 | |||
| 11 | #define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \ | ||
| 12 | "write", "associate", "unix_read", "unix_write" | ||
| 13 | |||
| 14 | struct security_class_mapping secclass_map[] = { | ||
| 15 | { "security", | ||
| 16 | { "compute_av", "compute_create", "compute_member", | ||
| 17 | "check_context", "load_policy", "compute_relabel", | ||
| 18 | "compute_user", "setenforce", "setbool", "setsecparam", | ||
| 19 | "setcheckreqprot", NULL } }, | ||
| 20 | { "process", | ||
| 21 | { "fork", "transition", "sigchld", "sigkill", | ||
| 22 | "sigstop", "signull", "signal", "ptrace", "getsched", "setsched", | ||
| 23 | "getsession", "getpgid", "setpgid", "getcap", "setcap", "share", | ||
| 24 | "getattr", "setexec", "setfscreate", "noatsecure", "siginh", | ||
| 25 | "setrlimit", "rlimitinh", "dyntransition", "setcurrent", | ||
| 26 | "execmem", "execstack", "execheap", "setkeycreate", | ||
| 27 | "setsockcreate", NULL } }, | ||
| 28 | { "system", | ||
| 29 | { "ipc_info", "syslog_read", "syslog_mod", | ||
| 30 | "syslog_console", "module_request", NULL } }, | ||
| 31 | { "capability", | ||
| 32 | { "chown", "dac_override", "dac_read_search", | ||
| 33 | "fowner", "fsetid", "kill", "setgid", "setuid", "setpcap", | ||
| 34 | "linux_immutable", "net_bind_service", "net_broadcast", | ||
| 35 | "net_admin", "net_raw", "ipc_lock", "ipc_owner", "sys_module", | ||
| 36 | "sys_rawio", "sys_chroot", "sys_ptrace", "sys_pacct", "sys_admin", | ||
| 37 | "sys_boot", "sys_nice", "sys_resource", "sys_time", | ||
| 38 | "sys_tty_config", "mknod", "lease", "audit_write", | ||
| 39 | "audit_control", "setfcap", NULL } }, | ||
| 40 | { "filesystem", | ||
| 41 | { "mount", "remount", "unmount", "getattr", | ||
| 42 | "relabelfrom", "relabelto", "transition", "associate", "quotamod", | ||
| 43 | "quotaget", NULL } }, | ||
| 44 | { "file", | ||
| 45 | { COMMON_FILE_PERMS, | ||
| 46 | "execute_no_trans", "entrypoint", "execmod", "open", NULL } }, | ||
| 47 | { "dir", | ||
| 48 | { COMMON_FILE_PERMS, "add_name", "remove_name", | ||
| 49 | "reparent", "search", "rmdir", "open", NULL } }, | ||
| 50 | { "fd", { "use", NULL } }, | ||
| 51 | { "lnk_file", | ||
| 52 | { COMMON_FILE_PERMS, NULL } }, | ||
| 53 | { "chr_file", | ||
| 54 | { COMMON_FILE_PERMS, | ||
| 55 | "execute_no_trans", "entrypoint", "execmod", "open", NULL } }, | ||
| 56 | { "blk_file", | ||
| 57 | { COMMON_FILE_PERMS, "open", NULL } }, | ||
| 58 | { "sock_file", | ||
| 59 | { COMMON_FILE_PERMS, "open", NULL } }, | ||
| 60 | { "fifo_file", | ||
| 61 | { COMMON_FILE_PERMS, "open", NULL } }, | ||
| 62 | { "socket", | ||
| 63 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 64 | { "tcp_socket", | ||
| 65 | { COMMON_SOCK_PERMS, | ||
| 66 | "connectto", "newconn", "acceptfrom", "node_bind", "name_connect", | ||
| 67 | NULL } }, | ||
| 68 | { "udp_socket", | ||
| 69 | { COMMON_SOCK_PERMS, | ||
| 70 | "node_bind", NULL } }, | ||
| 71 | { "rawip_socket", | ||
| 72 | { COMMON_SOCK_PERMS, | ||
| 73 | "node_bind", NULL } }, | ||
| 74 | { "node", | ||
| 75 | { "tcp_recv", "tcp_send", "udp_recv", "udp_send", | ||
| 76 | "rawip_recv", "rawip_send", "enforce_dest", | ||
| 77 | "dccp_recv", "dccp_send", "recvfrom", "sendto", NULL } }, | ||
| 78 | { "netif", | ||
| 79 | { "tcp_recv", "tcp_send", "udp_recv", "udp_send", | ||
| 80 | "rawip_recv", "rawip_send", "dccp_recv", "dccp_send", | ||
| 81 | "ingress", "egress", NULL } }, | ||
| 82 | { "netlink_socket", | ||
| 83 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 84 | { "packet_socket", | ||
| 85 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 86 | { "key_socket", | ||
| 87 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 88 | { "unix_stream_socket", | ||
| 89 | { COMMON_SOCK_PERMS, "connectto", "newconn", "acceptfrom", NULL | ||
| 90 | } }, | ||
| 91 | { "unix_dgram_socket", | ||
| 92 | { COMMON_SOCK_PERMS, NULL | ||
| 93 | } }, | ||
| 94 | { "sem", | ||
| 95 | { COMMON_IPC_PERMS, NULL } }, | ||
| 96 | { "msg", { "send", "receive", NULL } }, | ||
| 97 | { "msgq", | ||
| 98 | { COMMON_IPC_PERMS, "enqueue", NULL } }, | ||
| 99 | { "shm", | ||
| 100 | { COMMON_IPC_PERMS, "lock", NULL } }, | ||
| 101 | { "ipc", | ||
| 102 | { COMMON_IPC_PERMS, NULL } }, | ||
| 103 | { "netlink_route_socket", | ||
| 104 | { COMMON_SOCK_PERMS, | ||
| 105 | "nlmsg_read", "nlmsg_write", NULL } }, | ||
| 106 | { "netlink_firewall_socket", | ||
| 107 | { COMMON_SOCK_PERMS, | ||
| 108 | "nlmsg_read", "nlmsg_write", NULL } }, | ||
| 109 | { "netlink_tcpdiag_socket", | ||
| 110 | { COMMON_SOCK_PERMS, | ||
| 111 | "nlmsg_read", "nlmsg_write", NULL } }, | ||
| 112 | { "netlink_nflog_socket", | ||
| 113 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 114 | { "netlink_xfrm_socket", | ||
| 115 | { COMMON_SOCK_PERMS, | ||
| 116 | "nlmsg_read", "nlmsg_write", NULL } }, | ||
| 117 | { "netlink_selinux_socket", | ||
| 118 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 119 | { "netlink_audit_socket", | ||
| 120 | { COMMON_SOCK_PERMS, | ||
| 121 | "nlmsg_read", "nlmsg_write", "nlmsg_relay", "nlmsg_readpriv", | ||
| 122 | "nlmsg_tty_audit", NULL } }, | ||
| 123 | { "netlink_ip6fw_socket", | ||
| 124 | { COMMON_SOCK_PERMS, | ||
| 125 | "nlmsg_read", "nlmsg_write", NULL } }, | ||
| 126 | { "netlink_dnrt_socket", | ||
| 127 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 128 | { "association", | ||
| 129 | { "sendto", "recvfrom", "setcontext", "polmatch", NULL } }, | ||
| 130 | { "netlink_kobject_uevent_socket", | ||
| 131 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 132 | { "appletalk_socket", | ||
| 133 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 134 | { "packet", | ||
| 135 | { "send", "recv", "relabelto", "flow_in", "flow_out", | ||
| 136 | "forward_in", "forward_out", NULL } }, | ||
| 137 | { "key", | ||
| 138 | { "view", "read", "write", "search", "link", "setattr", "create", | ||
| 139 | NULL } }, | ||
| 140 | { "dccp_socket", | ||
| 141 | { COMMON_SOCK_PERMS, | ||
| 142 | "node_bind", "name_connect", NULL } }, | ||
| 143 | { "memprotect", { "mmap_zero", NULL } }, | ||
| 144 | { "peer", { "recv", NULL } }, | ||
| 145 | { "capability2", { "mac_override", "mac_admin", NULL } }, | ||
| 146 | { "kernel_service", { "use_as_override", "create_files_as", NULL } }, | ||
| 147 | { "tun_socket", | ||
| 148 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 149 | { NULL } | ||
| 150 | }; | ||
diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h deleted file mode 100644 index ce5b6e2fe9dd..000000000000 --- a/security/selinux/include/common_perm_to_string.h +++ /dev/null | |||
| @@ -1,58 +0,0 @@ | |||
| 1 | /* This file is automatically generated. Do not edit. */ | ||
| 2 | TB_(common_file_perm_to_string) | ||
| 3 | S_("ioctl") | ||
| 4 | S_("read") | ||
| 5 | S_("write") | ||
| 6 | S_("create") | ||
| 7 | S_("getattr") | ||
| 8 | S_("setattr") | ||
| 9 | S_("lock") | ||
| 10 | S_("relabelfrom") | ||
| 11 | S_("relabelto") | ||
| 12 | S_("append") | ||
| 13 | S_("unlink") | ||
| 14 | S_("link") | ||
| 15 | S_("rename") | ||
| 16 | S_("execute") | ||
| 17 | S_("swapon") | ||
| 18 | S_("quotaon") | ||
| 19 | S_("mounton") | ||
| 20 | TE_(common_file_perm_to_string) | ||
| 21 | |||
| 22 | TB_(common_socket_perm_to_string) | ||
| 23 | S_("ioctl") | ||
| 24 | S_("read") | ||
| 25 | S_("write") | ||
| 26 | S_("create") | ||
| 27 | S_("getattr") | ||
| 28 | S_("setattr") | ||
| 29 | S_("lock") | ||
| 30 | S_("relabelfrom") | ||
| 31 | S_("relabelto") | ||
| 32 | S_("append") | ||
| 33 | S_("bind") | ||
| 34 | S_("connect") | ||
| 35 | S_("listen") | ||
| 36 | S_("accept") | ||
| 37 | S_("getopt") | ||
| 38 | S_("setopt") | ||
| 39 | S_("shutdown") | ||
| 40 | S_("recvfrom") | ||
| 41 | S_("sendto") | ||
| 42 | S_("recv_msg") | ||
| 43 | S_("send_msg") | ||
| 44 | S_("name_bind") | ||
| 45 | TE_(common_socket_perm_to_string) | ||
| 46 | |||
| 47 | TB_(common_ipc_perm_to_string) | ||
| 48 | S_("create") | ||
| 49 | S_("destroy") | ||
| 50 | S_("getattr") | ||
| 51 | S_("setattr") | ||
| 52 | S_("read") | ||
| 53 | S_("write") | ||
| 54 | S_("associate") | ||
| 55 | S_("unix_read") | ||
| 56 | S_("unix_write") | ||
| 57 | TE_(common_ipc_perm_to_string) | ||
| 58 | |||
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index f248500a1e3c..5359ca2abf21 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h | |||
| @@ -34,26 +34,26 @@ | |||
| 34 | #define SECCLASS_MSGQ 27 | 34 | #define SECCLASS_MSGQ 27 |
| 35 | #define SECCLASS_SHM 28 | 35 | #define SECCLASS_SHM 28 |
| 36 | #define SECCLASS_IPC 29 | 36 | #define SECCLASS_IPC 29 |
| 37 | #define SECCLASS_NETLINK_ROUTE_SOCKET 43 | 37 | #define SECCLASS_NETLINK_ROUTE_SOCKET 30 |
| 38 | #define SECCLASS_NETLINK_FIREWALL_SOCKET 44 | 38 | #define SECCLASS_NETLINK_FIREWALL_SOCKET 31 |
| 39 | #define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 | 39 | #define SECCLASS_NETLINK_TCPDIAG_SOCKET 32 |
| 40 | #define SECCLASS_NETLINK_NFLOG_SOCKET 46 | 40 | #define SECCLASS_NETLINK_NFLOG_SOCKET 33 |
| 41 | #define SECCLASS_NETLINK_XFRM_SOCKET 47 | 41 | #define SECCLASS_NETLINK_XFRM_SOCKET 34 |
| 42 | #define SECCLASS_NETLINK_SELINUX_SOCKET 48 | 42 | #define SECCLASS_NETLINK_SELINUX_SOCKET 35 |
| 43 | #define SECCLASS_NETLINK_AUDIT_SOCKET 49 | 43 | #define SECCLASS_NETLINK_AUDIT_SOCKET 36 |
| 44 | #define SECCLASS_NETLINK_IP6FW_SOCKET 50 | 44 | #define SECCLASS_NETLINK_IP6FW_SOCKET 37 |
| 45 | #define SECCLASS_NETLINK_DNRT_SOCKET 51 | 45 | #define SECCLASS_NETLINK_DNRT_SOCKET 38 |
| 46 | #define SECCLASS_ASSOCIATION 54 | 46 | #define SECCLASS_ASSOCIATION 39 |
| 47 | #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 | 47 | #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 40 |
| 48 | #define SECCLASS_APPLETALK_SOCKET 56 | 48 | #define SECCLASS_APPLETALK_SOCKET 41 |
| 49 | #define SECCLASS_PACKET 57 | 49 | #define SECCLASS_PACKET 42 |
| 50 | #define SECCLASS_KEY 58 | 50 | #define SECCLASS_KEY 43 |
| 51 | #define SECCLASS_DCCP_SOCKET 60 | 51 | #define SECCLASS_DCCP_SOCKET 44 |
| 52 | #define SECCLASS_MEMPROTECT 61 | 52 | #define SECCLASS_MEMPROTECT 45 |
| 53 | #define SECCLASS_PEER 68 | 53 | #define SECCLASS_PEER 46 |
| 54 | #define SECCLASS_CAPABILITY2 69 | 54 | #define SECCLASS_CAPABILITY2 47 |
| 55 | #define SECCLASS_KERNEL_SERVICE 74 | 55 | #define SECCLASS_KERNEL_SERVICE 48 |
| 56 | #define SECCLASS_TUN_SOCKET 75 | 56 | #define SECCLASS_TUN_SOCKET 49 |
| 57 | 57 | ||
| 58 | /* | 58 | /* |
| 59 | * Security identifier indices for initial entities | 59 | * Security identifier indices for initial entities |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ca835795a8b3..2553266ad793 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -97,11 +97,18 @@ struct av_decision { | |||
| 97 | #define AVD_FLAGS_PERMISSIVE 0x0001 | 97 | #define AVD_FLAGS_PERMISSIVE 0x0001 |
| 98 | 98 | ||
| 99 | int security_compute_av(u32 ssid, u32 tsid, | 99 | int security_compute_av(u32 ssid, u32 tsid, |
| 100 | u16 tclass, u32 requested, | 100 | u16 tclass, u32 requested, |
| 101 | struct av_decision *avd); | 101 | struct av_decision *avd); |
| 102 | |||
| 103 | int security_compute_av_user(u32 ssid, u32 tsid, | ||
| 104 | u16 tclass, u32 requested, | ||
| 105 | struct av_decision *avd); | ||
| 102 | 106 | ||
| 103 | int security_transition_sid(u32 ssid, u32 tsid, | 107 | int security_transition_sid(u32 ssid, u32 tsid, |
| 104 | u16 tclass, u32 *out_sid); | 108 | u16 tclass, u32 *out_sid); |
| 109 | |||
| 110 | int security_transition_sid_user(u32 ssid, u32 tsid, | ||
| 111 | u16 tclass, u32 *out_sid); | ||
| 105 | 112 | ||
| 106 | int security_member_sid(u32 ssid, u32 tsid, | 113 | int security_member_sid(u32 ssid, u32 tsid, |
| 107 | u16 tclass, u32 *out_sid); | 114 | u16 tclass, u32 *out_sid); |