3 files changed, 5 insertions, 1 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index bc020bde6c86..e777578ccd9d 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -72,6 +72,7 @@
   S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
   S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
   S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
+   S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
   S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
   S_(SECCLASS_MSG, MSG__SEND, "send")
   S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
@@ -248,3 +249,4 @@
   S_(SECCLASS_KEY, KEY__SEARCH, "search")
   S_(SECCLASS_KEY, KEY__LINK, "link")
   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
+   S_(SECCLASS_KEY, KEY__CREATE, "create")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 1205227a3a33..1e1678023b68 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -467,6 +467,7 @@
 #define PROCESS__EXECMEM                          0x02000000UL
 #define PROCESS__EXECSTACK                        0x04000000UL
 #define PROCESS__EXECHEAP                         0x08000000UL
+#define PROCESS__SETKEYCREATE                     0x10000000UL
 #define IPC__CREATE                               0x00000001UL
 #define IPC__DESTROY                              0x00000002UL
@@ -966,4 +967,4 @@
 #define KEY__SEARCH                               0x00000008UL
 #define KEY__LINK                                 0x00000010UL
 #define KEY__SETATTR                              0x00000020UL
+#define KEY__CREATE                               0x00000040UL
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 8f5547ad1856..191b3e4484ce 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -32,6 +32,7 @@ struct task_security_struct {
        u32 sid;             /* current SID */
        u32 exec_sid;        /* exec SID */
        u32 create_sid;      /* fscreate SID */
+        u32 keycreate_sid;   /* keycreate SID */
        u32 ptrace_sid;      /* SID of ptrace parent */
 };

diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index bc020bde6c86..e777578ccd9d 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h
@@ -72,6 +72,7 @@
72	S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")	72	S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
73	S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")	73	S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
74	S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")	74	S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
		75	S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
75	S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")	76	S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
76	S_(SECCLASS_MSG, MSG__SEND, "send")	77	S_(SECCLASS_MSG, MSG__SEND, "send")
77	S_(SECCLASS_MSG, MSG__RECEIVE, "receive")	78	S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
@@ -248,3 +249,4 @@
248	S_(SECCLASS_KEY, KEY__SEARCH, "search")	249	S_(SECCLASS_KEY, KEY__SEARCH, "search")
249	S_(SECCLASS_KEY, KEY__LINK, "link")	250	S_(SECCLASS_KEY, KEY__LINK, "link")
250	S_(SECCLASS_KEY, KEY__SETATTR, "setattr")	251	S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
		252	S_(SECCLASS_KEY, KEY__CREATE, "create")


diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 1205227a3a33..1e1678023b68 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h
@@ -467,6 +467,7 @@
467	#define PROCESS__EXECMEM 0x02000000UL	467	#define PROCESS__EXECMEM 0x02000000UL
468	#define PROCESS__EXECSTACK 0x04000000UL	468	#define PROCESS__EXECSTACK 0x04000000UL
469	#define PROCESS__EXECHEAP 0x08000000UL	469	#define PROCESS__EXECHEAP 0x08000000UL
		470	#define PROCESS__SETKEYCREATE 0x10000000UL
470		471
471	#define IPC__CREATE 0x00000001UL	472	#define IPC__CREATE 0x00000001UL
472	#define IPC__DESTROY 0x00000002UL	473	#define IPC__DESTROY 0x00000002UL
@@ -966,4 +967,4 @@
966	#define KEY__SEARCH 0x00000008UL	967	#define KEY__SEARCH 0x00000008UL
967	#define KEY__LINK 0x00000010UL	968	#define KEY__LINK 0x00000010UL
968	#define KEY__SETATTR 0x00000020UL	969	#define KEY__SETATTR 0x00000020UL
969		970	#define KEY__CREATE 0x00000040UL


diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 8f5547ad1856..191b3e4484ce 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h
@@ -32,6 +32,7 @@ struct task_security_struct {
32	u32 sid; /* current SID */	32	u32 sid; /* current SID */
33	u32 exec_sid; /* exec SID */	33	u32 exec_sid; /* exec SID */
34	u32 create_sid; /* fscreate SID */	34	u32 create_sid; /* fscreate SID */
		35	u32 keycreate_sid; /* keycreate SID */
35	u32 ptrace_sid; /* SID of ptrace parent */	36	u32 ptrace_sid; /* SID of ptrace parent */
36	};	37	};
37		38