[SELinux]: Add support for DCCP

This patch implements SELinux kernel support for DCCP (http://linux-net.osdl.org/index.php/DCCP), which is similar in operation to TCP in terms of connected state between peers. The SELinux support for DCCP is thus modeled on existing handling of TCP. A new DCCP socket class is introduced, to allow protocol differentation. The permissions for this class inherit all of the socket permissions, as well as the current TCP permissions (node_bind, name_bind etc). IPv4 and IPv6 are supported, although labeled networking is not, at this stage. Patches for SELinux userspace are at: http://people.redhat.com/jmorris/selinux/dccp/user/ I've performed some basic testing, and it seems to be working as expected. Adding policy support is similar to TCP, the only real difference being that it's a different protocol. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: James Morris <jmorris@namei.org> 2006-11-13 19:09:01 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 00:22:24 -0500
commit: 2ee92d46c6cabedd50edf6f273fa8cf84f707618 (patch)
tree: bdf7c64514a5063ba4ef41915f9efb6f803fc38a /security/selinux/include/av_perm_to_string.h
parent: 90833aa4f496d69ca374af6acef7d1614c8693ff (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 09fc8a2345..ad9fb2d69b 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -35,12 +35,16 @@
   S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
   S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
   S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
+   S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
+   S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
   S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
   S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
   S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
   S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
   S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
   S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
+   S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
+   S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
@@ -252,3 +256,7 @@
   S_(SECCLASS_KEY, KEY__LINK, "link")
   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
   S_(SECCLASS_KEY, KEY__CREATE, "create")
+   S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+   S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
+   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
author	James Morris <jmorris@namei.org>	2006-11-13 19:09:01 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 00:22:24 -0500
commit	2ee92d46c6cabedd50edf6f273fa8cf84f707618 (patch)
tree	bdf7c64514a5063ba4ef41915f9efb6f803fc38a /security/selinux/include/av_perm_to_string.h
parent	90833aa4f496d69ca374af6acef7d1614c8693ff (diff)