diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 8 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 3 |
2 files changed, 4 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index dec6dcb1c8de..31d677f7c65f 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -49,14 +49,12 @@ struct ima_measure_rule_entry { | |||
| 49 | * written in terms of .action, .func, .mask, .fsmagic, and .uid | 49 | * written in terms of .action, .func, .mask, .fsmagic, and .uid |
| 50 | */ | 50 | */ |
| 51 | static struct ima_measure_rule_entry default_rules[] = { | 51 | static struct ima_measure_rule_entry default_rules[] = { |
| 52 | {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC, | 52 | {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC}, |
| 53 | .flags = IMA_FSMAGIC}, | ||
| 54 | {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, | 53 | {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 55 | {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, | 54 | {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 56 | {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, | 55 | {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 57 | {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC, | 56 | {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC}, |
| 58 | .flags = IMA_FSMAGIC}, | 57 | {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC}, |
| 59 | {.action = DONT_MEASURE,.fsmagic = 0xF97CFF8C,.flags = IMA_FSMAGIC}, | ||
| 60 | {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, | 58 | {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, |
| 61 | .flags = IMA_FUNC | IMA_MASK}, | 59 | .flags = IMA_FUNC | IMA_MASK}, |
| 62 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, | 60 | {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index a7be3f01fb08..ca835795a8b3 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -8,14 +8,13 @@ | |||
| 8 | #ifndef _SELINUX_SECURITY_H_ | 8 | #ifndef _SELINUX_SECURITY_H_ |
| 9 | #define _SELINUX_SECURITY_H_ | 9 | #define _SELINUX_SECURITY_H_ |
| 10 | 10 | ||
| 11 | #include <linux/magic.h> | ||
| 11 | #include "flask.h" | 12 | #include "flask.h" |
| 12 | 13 | ||
| 13 | #define SECSID_NULL 0x00000000 /* unspecified SID */ | 14 | #define SECSID_NULL 0x00000000 /* unspecified SID */ |
| 14 | #define SECSID_WILD 0xffffffff /* wildcard SID */ | 15 | #define SECSID_WILD 0xffffffff /* wildcard SID */ |
| 15 | #define SECCLASS_NULL 0x0000 /* no class */ | 16 | #define SECCLASS_NULL 0x0000 /* no class */ |
| 16 | 17 | ||
| 17 | #define SELINUX_MAGIC 0xf97cff8c | ||
| 18 | |||
| 19 | /* Identify specific policy version changes */ | 18 | /* Identify specific policy version changes */ |
| 20 | #define POLICYDB_VERSION_BASE 15 | 19 | #define POLICYDB_VERSION_BASE 15 |
| 21 | #define POLICYDB_VERSION_BOOL 16 | 20 | #define POLICYDB_VERSION_BOOL 16 |