diff options
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/av_perm_to_string.h | 102 | ||||
-rw-r--r-- | security/selinux/include/av_permissions.h | 179 | ||||
-rw-r--r-- | security/selinux/include/class_to_string.h | 34 | ||||
-rw-r--r-- | security/selinux/include/flask.h | 16 | ||||
-rw-r--r-- | security/selinux/include/netlabel.h (renamed from security/selinux/include/selinux_netlabel.h) | 71 | ||||
-rw-r--r-- | security/selinux/include/security.h | 29 |
6 files changed, 77 insertions, 354 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index ad9fb2d69b50..b83e74012a97 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h @@ -128,96 +128,6 @@ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") - S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") - S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") - S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") - S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") - S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") - S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") - S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") - S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") - S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") - S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") - S_(SECCLASS_GC, GC__CREATE, "create") - S_(SECCLASS_GC, GC__FREE, "free") - S_(SECCLASS_GC, GC__GETATTR, "getattr") - S_(SECCLASS_GC, GC__SETATTR, "setattr") - S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") - S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") - S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") - S_(SECCLASS_WINDOW, WINDOW__MAP, "map") - S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") - S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") - S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") - S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") - S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") - S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") - S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") - S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") - S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") - S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") - S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") - S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") - S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") - S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") - S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") - S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") - S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") - S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") - S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") - S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") - S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") - S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") - S_(SECCLASS_FONT, FONT__LOAD, "load") - S_(SECCLASS_FONT, FONT__FREE, "free") - S_(SECCLASS_FONT, FONT__GETATTR, "getattr") - S_(SECCLASS_FONT, FONT__USE, "use") - S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") - S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") - S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") - S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") - S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") - S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") - S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") - S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") - S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") - S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") - S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") - S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") - S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") - S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") - S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") - S_(SECCLASS_CURSOR, CURSOR__FREE, "free") - S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") - S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") - S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") - S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") - S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") - S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") - S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") - S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") - S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") - S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") - S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") - S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") - S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") - S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") - S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") - S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") - S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") - S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") - S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") - S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") - S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") - S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") - S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") - S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") - S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") - S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") - S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") - S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") - S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") - S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") @@ -232,16 +142,6 @@ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") - S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") - S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") - S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") - S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") - S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") - S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") - S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") - S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") - S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") - S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") @@ -256,7 +156,5 @@ S_(SECCLASS_KEY, KEY__LINK, "link") S_(SECCLASS_KEY, KEY__SETATTR, "setattr") S_(SECCLASS_KEY, KEY__CREATE, "create") - S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") - S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 2de4b5fe3aa1..5fee1735bffe 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h @@ -16,7 +16,6 @@ #define COMMON_FILE__SWAPON 0x00004000UL #define COMMON_FILE__QUOTAON 0x00008000UL #define COMMON_FILE__MOUNTON 0x00010000UL - #define COMMON_SOCKET__IOCTL 0x00000001UL #define COMMON_SOCKET__READ 0x00000002UL #define COMMON_SOCKET__WRITE 0x00000004UL @@ -39,7 +38,6 @@ #define COMMON_SOCKET__RECV_MSG 0x00080000UL #define COMMON_SOCKET__SEND_MSG 0x00100000UL #define COMMON_SOCKET__NAME_BIND 0x00200000UL - #define COMMON_IPC__CREATE 0x00000001UL #define COMMON_IPC__DESTROY 0x00000002UL #define COMMON_IPC__GETATTR 0x00000004UL @@ -49,7 +47,6 @@ #define COMMON_IPC__ASSOCIATE 0x00000040UL #define COMMON_IPC__UNIX_READ 0x00000080UL #define COMMON_IPC__UNIX_WRITE 0x00000100UL - #define FILESYSTEM__MOUNT 0x00000001UL #define FILESYSTEM__REMOUNT 0x00000002UL #define FILESYSTEM__UNMOUNT 0x00000004UL @@ -60,7 +57,6 @@ #define FILESYSTEM__ASSOCIATE 0x00000080UL #define FILESYSTEM__QUOTAMOD 0x00000100UL #define FILESYSTEM__QUOTAGET 0x00000200UL - #define DIR__IOCTL 0x00000001UL #define DIR__READ 0x00000002UL #define DIR__WRITE 0x00000004UL @@ -78,13 +74,11 @@ #define DIR__SWAPON 0x00004000UL #define DIR__QUOTAON 0x00008000UL #define DIR__MOUNTON 0x00010000UL - #define DIR__ADD_NAME 0x00020000UL #define DIR__REMOVE_NAME 0x00040000UL #define DIR__REPARENT 0x00080000UL #define DIR__SEARCH 0x00100000UL #define DIR__RMDIR 0x00200000UL - #define FILE__IOCTL 0x00000001UL #define FILE__READ 0x00000002UL #define FILE__WRITE 0x00000004UL @@ -102,11 +96,9 @@ #define FILE__SWAPON 0x00004000UL #define FILE__QUOTAON 0x00008000UL #define FILE__MOUNTON 0x00010000UL - #define FILE__EXECUTE_NO_TRANS 0x00020000UL #define FILE__ENTRYPOINT 0x00040000UL #define FILE__EXECMOD 0x00080000UL - #define LNK_FILE__IOCTL 0x00000001UL #define LNK_FILE__READ 0x00000002UL #define LNK_FILE__WRITE 0x00000004UL @@ -124,7 +116,6 @@ #define LNK_FILE__SWAPON 0x00004000UL #define LNK_FILE__QUOTAON 0x00008000UL #define LNK_FILE__MOUNTON 0x00010000UL - #define CHR_FILE__IOCTL 0x00000001UL #define CHR_FILE__READ 0x00000002UL #define CHR_FILE__WRITE 0x00000004UL @@ -142,11 +133,9 @@ #define CHR_FILE__SWAPON 0x00004000UL #define CHR_FILE__QUOTAON 0x00008000UL #define CHR_FILE__MOUNTON 0x00010000UL - #define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL #define CHR_FILE__ENTRYPOINT 0x00040000UL #define CHR_FILE__EXECMOD 0x00080000UL - #define BLK_FILE__IOCTL 0x00000001UL #define BLK_FILE__READ 0x00000002UL #define BLK_FILE__WRITE 0x00000004UL @@ -164,7 +153,6 @@ #define BLK_FILE__SWAPON 0x00004000UL #define BLK_FILE__QUOTAON 0x00008000UL #define BLK_FILE__MOUNTON 0x00010000UL - #define SOCK_FILE__IOCTL 0x00000001UL #define SOCK_FILE__READ 0x00000002UL #define SOCK_FILE__WRITE 0x00000004UL @@ -182,7 +170,6 @@ #define SOCK_FILE__SWAPON 0x00004000UL #define SOCK_FILE__QUOTAON 0x00008000UL #define SOCK_FILE__MOUNTON 0x00010000UL - #define FIFO_FILE__IOCTL 0x00000001UL #define FIFO_FILE__READ 0x00000002UL #define FIFO_FILE__WRITE 0x00000004UL @@ -200,9 +187,7 @@ #define FIFO_FILE__SWAPON 0x00004000UL #define FIFO_FILE__QUOTAON 0x00008000UL #define FIFO_FILE__MOUNTON 0x00010000UL - #define FD__USE 0x00000001UL - #define SOCKET__IOCTL 0x00000001UL #define SOCKET__READ 0x00000002UL #define SOCKET__WRITE 0x00000004UL @@ -225,7 +210,6 @@ #define SOCKET__RECV_MSG 0x00080000UL #define SOCKET__SEND_MSG 0x00100000UL #define SOCKET__NAME_BIND 0x00200000UL - #define TCP_SOCKET__IOCTL 0x00000001UL #define TCP_SOCKET__READ 0x00000002UL #define TCP_SOCKET__WRITE 0x00000004UL @@ -248,13 +232,11 @@ #define TCP_SOCKET__RECV_MSG 0x00080000UL #define TCP_SOCKET__SEND_MSG 0x00100000UL #define TCP_SOCKET__NAME_BIND 0x00200000UL - #define TCP_SOCKET__CONNECTTO 0x00400000UL #define TCP_SOCKET__NEWCONN 0x00800000UL #define TCP_SOCKET__ACCEPTFROM 0x01000000UL #define TCP_SOCKET__NODE_BIND 0x02000000UL #define TCP_SOCKET__NAME_CONNECT 0x04000000UL - #define UDP_SOCKET__IOCTL 0x00000001UL #define UDP_SOCKET__READ 0x00000002UL #define UDP_SOCKET__WRITE 0x00000004UL @@ -277,9 +259,7 @@ #define UDP_SOCKET__RECV_MSG 0x00080000UL #define UDP_SOCKET__SEND_MSG 0x00100000UL #define UDP_SOCKET__NAME_BIND 0x00200000UL - #define UDP_SOCKET__NODE_BIND 0x00400000UL - #define RAWIP_SOCKET__IOCTL 0x00000001UL #define RAWIP_SOCKET__READ 0x00000002UL #define RAWIP_SOCKET__WRITE 0x00000004UL @@ -302,9 +282,7 @@ #define RAWIP_SOCKET__RECV_MSG 0x00080000UL #define RAWIP_SOCKET__SEND_MSG 0x00100000UL #define RAWIP_SOCKET__NAME_BIND 0x00200000UL - #define RAWIP_SOCKET__NODE_BIND 0x00400000UL - #define NODE__TCP_RECV 0x00000001UL #define NODE__TCP_SEND 0x00000002UL #define NODE__UDP_RECV 0x00000004UL @@ -314,7 +292,6 @@ #define NODE__ENFORCE_DEST 0x00000040UL #define NODE__DCCP_RECV 0x00000080UL #define NODE__DCCP_SEND 0x00000100UL - #define NETIF__TCP_RECV 0x00000001UL #define NETIF__TCP_SEND 0x00000002UL #define NETIF__UDP_RECV 0x00000004UL @@ -323,7 +300,6 @@ #define NETIF__RAWIP_SEND 0x00000020UL #define NETIF__DCCP_RECV 0x00000040UL #define NETIF__DCCP_SEND 0x00000080UL - #define NETLINK_SOCKET__IOCTL 0x00000001UL #define NETLINK_SOCKET__READ 0x00000002UL #define NETLINK_SOCKET__WRITE 0x00000004UL @@ -346,7 +322,6 @@ #define NETLINK_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_SOCKET__NAME_BIND 0x00200000UL - #define PACKET_SOCKET__IOCTL 0x00000001UL #define PACKET_SOCKET__READ 0x00000002UL #define PACKET_SOCKET__WRITE 0x00000004UL @@ -369,7 +344,6 @@ #define PACKET_SOCKET__RECV_MSG 0x00080000UL #define PACKET_SOCKET__SEND_MSG 0x00100000UL #define PACKET_SOCKET__NAME_BIND 0x00200000UL - #define KEY_SOCKET__IOCTL 0x00000001UL #define KEY_SOCKET__READ 0x00000002UL #define KEY_SOCKET__WRITE 0x00000004UL @@ -392,7 +366,6 @@ #define KEY_SOCKET__RECV_MSG 0x00080000UL #define KEY_SOCKET__SEND_MSG 0x00100000UL #define KEY_SOCKET__NAME_BIND 0x00200000UL - #define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL #define UNIX_STREAM_SOCKET__READ 0x00000002UL #define UNIX_STREAM_SOCKET__WRITE 0x00000004UL @@ -415,11 +388,9 @@ #define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL #define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL #define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL - #define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL #define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL #define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL - #define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL #define UNIX_DGRAM_SOCKET__READ 0x00000002UL #define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL @@ -442,7 +413,6 @@ #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL - #define PROCESS__FORK 0x00000001UL #define PROCESS__TRANSITION 0x00000002UL #define PROCESS__SIGCHLD 0x00000004UL @@ -473,7 +443,6 @@ #define PROCESS__EXECHEAP 0x08000000UL #define PROCESS__SETKEYCREATE 0x10000000UL #define PROCESS__SETSOCKCREATE 0x20000000UL - #define IPC__CREATE 0x00000001UL #define IPC__DESTROY 0x00000002UL #define IPC__GETATTR 0x00000004UL @@ -483,7 +452,6 @@ #define IPC__ASSOCIATE 0x00000040UL #define IPC__UNIX_READ 0x00000080UL #define IPC__UNIX_WRITE 0x00000100UL - #define SEM__CREATE 0x00000001UL #define SEM__DESTROY 0x00000002UL #define SEM__GETATTR 0x00000004UL @@ -493,7 +461,6 @@ #define SEM__ASSOCIATE 0x00000040UL #define SEM__UNIX_READ 0x00000080UL #define SEM__UNIX_WRITE 0x00000100UL - #define MSGQ__CREATE 0x00000001UL #define MSGQ__DESTROY 0x00000002UL #define MSGQ__GETATTR 0x00000004UL @@ -503,12 +470,9 @@ #define MSGQ__ASSOCIATE 0x00000040UL #define MSGQ__UNIX_READ 0x00000080UL #define MSGQ__UNIX_WRITE 0x00000100UL - #define MSGQ__ENQUEUE 0x00000200UL - #define MSG__SEND 0x00000001UL #define MSG__RECEIVE 0x00000002UL - #define SHM__CREATE 0x00000001UL #define SHM__DESTROY 0x00000002UL #define SHM__GETATTR 0x00000004UL @@ -518,9 +482,7 @@ #define SHM__ASSOCIATE 0x00000040UL #define SHM__UNIX_READ 0x00000080UL #define SHM__UNIX_WRITE 0x00000100UL - #define SHM__LOCK 0x00000200UL - #define SECURITY__COMPUTE_AV 0x00000001UL #define SECURITY__COMPUTE_CREATE 0x00000002UL #define SECURITY__COMPUTE_MEMBER 0x00000004UL @@ -532,12 +494,10 @@ #define SECURITY__SETBOOL 0x00000100UL #define SECURITY__SETSECPARAM 0x00000200UL #define SECURITY__SETCHECKREQPROT 0x00000400UL - #define SYSTEM__IPC_INFO 0x00000001UL #define SYSTEM__SYSLOG_READ 0x00000002UL #define SYSTEM__SYSLOG_MOD 0x00000004UL #define SYSTEM__SYSLOG_CONSOLE 0x00000008UL - #define CAPABILITY__CHOWN 0x00000001UL #define CAPABILITY__DAC_OVERRIDE 0x00000002UL #define CAPABILITY__DAC_READ_SEARCH 0x00000004UL @@ -569,110 +529,6 @@ #define CAPABILITY__LEASE 0x10000000UL #define CAPABILITY__AUDIT_WRITE 0x20000000UL #define CAPABILITY__AUDIT_CONTROL 0x40000000UL - -#define PASSWD__PASSWD 0x00000001UL -#define PASSWD__CHFN 0x00000002UL -#define PASSWD__CHSH 0x00000004UL -#define PASSWD__ROOTOK 0x00000008UL -#define PASSWD__CRONTAB 0x00000010UL - -#define DRAWABLE__CREATE 0x00000001UL -#define DRAWABLE__DESTROY 0x00000002UL -#define DRAWABLE__DRAW 0x00000004UL -#define DRAWABLE__COPY 0x00000008UL -#define DRAWABLE__GETATTR 0x00000010UL - -#define GC__CREATE 0x00000001UL -#define GC__FREE 0x00000002UL -#define GC__GETATTR 0x00000004UL -#define GC__SETATTR 0x00000008UL - -#define WINDOW__ADDCHILD 0x00000001UL -#define WINDOW__CREATE 0x00000002UL -#define WINDOW__DESTROY 0x00000004UL -#define WINDOW__MAP 0x00000008UL -#define WINDOW__UNMAP 0x00000010UL -#define WINDOW__CHSTACK 0x00000020UL -#define WINDOW__CHPROPLIST 0x00000040UL -#define WINDOW__CHPROP 0x00000080UL -#define WINDOW__LISTPROP 0x00000100UL -#define WINDOW__GETATTR 0x00000200UL -#define WINDOW__SETATTR 0x00000400UL -#define WINDOW__SETFOCUS 0x00000800UL -#define WINDOW__MOVE 0x00001000UL -#define WINDOW__CHSELECTION 0x00002000UL -#define WINDOW__CHPARENT 0x00004000UL -#define WINDOW__CTRLLIFE 0x00008000UL -#define WINDOW__ENUMERATE 0x00010000UL -#define WINDOW__TRANSPARENT 0x00020000UL -#define WINDOW__MOUSEMOTION 0x00040000UL -#define WINDOW__CLIENTCOMEVENT 0x00080000UL -#define WINDOW__INPUTEVENT 0x00100000UL -#define WINDOW__DRAWEVENT 0x00200000UL -#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL -#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL -#define WINDOW__SERVERCHANGEEVENT 0x01000000UL -#define WINDOW__EXTENSIONEVENT 0x02000000UL - -#define FONT__LOAD 0x00000001UL -#define FONT__FREE 0x00000002UL -#define FONT__GETATTR 0x00000004UL -#define FONT__USE 0x00000008UL - -#define COLORMAP__CREATE 0x00000001UL -#define COLORMAP__FREE 0x00000002UL -#define COLORMAP__INSTALL 0x00000004UL -#define COLORMAP__UNINSTALL 0x00000008UL -#define COLORMAP__LIST 0x00000010UL -#define COLORMAP__READ 0x00000020UL -#define COLORMAP__STORE 0x00000040UL -#define COLORMAP__GETATTR 0x00000080UL -#define COLORMAP__SETATTR 0x00000100UL - -#define PROPERTY__CREATE 0x00000001UL -#define PROPERTY__FREE 0x00000002UL -#define PROPERTY__READ 0x00000004UL -#define PROPERTY__WRITE 0x00000008UL - -#define CURSOR__CREATE 0x00000001UL -#define CURSOR__CREATEGLYPH 0x00000002UL -#define CURSOR__FREE 0x00000004UL -#define CURSOR__ASSIGN 0x00000008UL -#define CURSOR__SETATTR 0x00000010UL - -#define XCLIENT__KILL 0x00000001UL - -#define XINPUT__LOOKUP 0x00000001UL -#define XINPUT__GETATTR 0x00000002UL -#define XINPUT__SETATTR 0x00000004UL -#define XINPUT__SETFOCUS 0x00000008UL -#define XINPUT__WARPPOINTER 0x00000010UL -#define XINPUT__ACTIVEGRAB 0x00000020UL -#define XINPUT__PASSIVEGRAB 0x00000040UL -#define XINPUT__UNGRAB 0x00000080UL -#define XINPUT__BELL 0x00000100UL -#define XINPUT__MOUSEMOTION 0x00000200UL -#define XINPUT__RELABELINPUT 0x00000400UL - -#define XSERVER__SCREENSAVER 0x00000001UL -#define XSERVER__GETHOSTLIST 0x00000002UL -#define XSERVER__SETHOSTLIST 0x00000004UL -#define XSERVER__GETFONTPATH 0x00000008UL -#define XSERVER__SETFONTPATH 0x00000010UL -#define XSERVER__GETATTR 0x00000020UL -#define XSERVER__GRAB 0x00000040UL -#define XSERVER__UNGRAB 0x00000080UL - -#define XEXTENSION__QUERY 0x00000001UL -#define XEXTENSION__USE 0x00000002UL - -#define PAX__PAGEEXEC 0x00000001UL -#define PAX__EMUTRAMP 0x00000002UL -#define PAX__MPROTECT 0x00000004UL -#define PAX__RANDMMAP 0x00000008UL -#define PAX__RANDEXEC 0x00000010UL -#define PAX__SEGMEXEC 0x00000020UL - #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL @@ -695,10 +551,8 @@ #define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL #define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL #define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL @@ -721,10 +575,8 @@ #define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL #define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL #define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL @@ -747,10 +599,8 @@ #define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL #define NETLINK_NFLOG_SOCKET__READ 0x00000002UL #define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL @@ -773,7 +623,6 @@ #define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL #define NETLINK_XFRM_SOCKET__READ 0x00000002UL #define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL @@ -796,10 +645,8 @@ #define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL #define NETLINK_SELINUX_SOCKET__READ 0x00000002UL #define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL @@ -822,7 +669,6 @@ #define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL #define NETLINK_AUDIT_SOCKET__READ 0x00000002UL #define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL @@ -845,12 +691,10 @@ #define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL #define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL #define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL - #define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL #define NETLINK_IP6FW_SOCKET__READ 0x00000002UL #define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL @@ -873,10 +717,8 @@ #define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL - #define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL - #define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL #define NETLINK_DNRT_SOCKET__READ 0x00000002UL #define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL @@ -899,24 +741,10 @@ #define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL - -#define DBUS__ACQUIRE_SVC 0x00000001UL -#define DBUS__SEND_MSG 0x00000002UL - -#define NSCD__GETPWD 0x00000001UL -#define NSCD__GETGRP 0x00000002UL -#define NSCD__GETHOST 0x00000004UL -#define NSCD__GETSTAT 0x00000008UL -#define NSCD__ADMIN 0x00000010UL -#define NSCD__SHMEMPWD 0x00000020UL -#define NSCD__SHMEMGRP 0x00000040UL -#define NSCD__SHMEMHOST 0x00000080UL - #define ASSOCIATION__SENDTO 0x00000001UL #define ASSOCIATION__RECVFROM 0x00000002UL #define ASSOCIATION__SETCONTEXT 0x00000004UL #define ASSOCIATION__POLMATCH 0x00000008UL - #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL #define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL @@ -939,7 +767,6 @@ #define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL #define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL #define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL - #define APPLETALK_SOCKET__IOCTL 0x00000001UL #define APPLETALK_SOCKET__READ 0x00000002UL #define APPLETALK_SOCKET__WRITE 0x00000004UL @@ -962,11 +789,9 @@ #define APPLETALK_SOCKET__RECV_MSG 0x00080000UL #define APPLETALK_SOCKET__SEND_MSG 0x00100000UL #define APPLETALK_SOCKET__NAME_BIND 0x00200000UL - #define PACKET__SEND 0x00000001UL #define PACKET__RECV 0x00000002UL #define PACKET__RELABELTO 0x00000004UL - #define KEY__VIEW 0x00000001UL #define KEY__READ 0x00000002UL #define KEY__WRITE 0x00000004UL @@ -974,10 +799,6 @@ #define KEY__LINK 0x00000010UL #define KEY__SETATTR 0x00000020UL #define KEY__CREATE 0x00000040UL - -#define CONTEXT__TRANSLATE 0x00000001UL -#define CONTEXT__CONTAINS 0x00000002UL - #define DCCP_SOCKET__IOCTL 0x00000001UL #define DCCP_SOCKET__READ 0x00000002UL #define DCCP_SOCKET__WRITE 0x00000004UL diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index 9f3ebb1bfae6..378799068441 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h @@ -2,7 +2,7 @@ /* * Security object class definitions */ - S_("null") + S_(NULL) S_("security") S_("process") S_("system") @@ -32,19 +32,19 @@ S_("msgq") S_("shm") S_("ipc") - S_("passwd") - S_("drawable") - S_("window") - S_("gc") - S_("font") - S_("colormap") - S_("property") - S_("cursor") - S_("xclient") - S_("xinput") - S_("xserver") - S_("xextension") - S_("pax") + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) + S_(NULL) S_("netlink_route_socket") S_("netlink_firewall_socket") S_("netlink_tcpdiag_socket") @@ -54,12 +54,12 @@ S_("netlink_audit_socket") S_("netlink_ip6fw_socket") S_("netlink_dnrt_socket") - S_("dbus") - S_("nscd") + S_(NULL) + S_(NULL) S_("association") S_("netlink_kobject_uevent_socket") S_("appletalk_socket") S_("packet") S_("key") - S_("context") + S_(NULL) S_("dccp_socket") diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index 67cef371ee00..35f309f47873 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h @@ -34,19 +34,6 @@ #define SECCLASS_MSGQ 27 #define SECCLASS_SHM 28 #define SECCLASS_IPC 29 -#define SECCLASS_PASSWD 30 -#define SECCLASS_DRAWABLE 31 -#define SECCLASS_WINDOW 32 -#define SECCLASS_GC 33 -#define SECCLASS_FONT 34 -#define SECCLASS_COLORMAP 35 -#define SECCLASS_PROPERTY 36 -#define SECCLASS_CURSOR 37 -#define SECCLASS_XCLIENT 38 -#define SECCLASS_XINPUT 39 -#define SECCLASS_XSERVER 40 -#define SECCLASS_XEXTENSION 41 -#define SECCLASS_PAX 42 #define SECCLASS_NETLINK_ROUTE_SOCKET 43 #define SECCLASS_NETLINK_FIREWALL_SOCKET 44 #define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 @@ -56,14 +43,11 @@ #define SECCLASS_NETLINK_AUDIT_SOCKET 49 #define SECCLASS_NETLINK_IP6FW_SOCKET 50 #define SECCLASS_NETLINK_DNRT_SOCKET 51 -#define SECCLASS_DBUS 52 -#define SECCLASS_NSCD 53 #define SECCLASS_ASSOCIATION 54 #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 #define SECCLASS_APPLETALK_SOCKET 56 #define SECCLASS_PACKET 57 #define SECCLASS_KEY 58 -#define SECCLASS_CONTEXT 59 #define SECCLASS_DCCP_SOCKET 60 /* diff --git a/security/selinux/include/selinux_netlabel.h b/security/selinux/include/netlabel.h index 2a732c9033e3..218e3f77c350 100644 --- a/security/selinux/include/selinux_netlabel.h +++ b/security/selinux/include/netlabel.h @@ -38,19 +38,22 @@ #ifdef CONFIG_NETLABEL void selinux_netlbl_cache_invalidate(void); -int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); -int selinux_netlbl_socket_post_create(struct socket *sock); -void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); -int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, - struct sk_buff *skb, - struct avc_audit_data *ad); + void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec, int family); void selinux_netlbl_sk_security_init(struct sk_security_struct *ssec, int family); void selinux_netlbl_sk_security_clone(struct sk_security_struct *ssec, struct sk_security_struct *newssec); + +int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid); + +void selinux_netlbl_sock_graft(struct sock *sk, struct socket *sock); +int selinux_netlbl_socket_post_create(struct socket *sock); int selinux_netlbl_inode_permission(struct inode *inode, int mask); +int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, + struct sk_buff *skb, + struct avc_audit_data *ad); int selinux_netlbl_socket_setsockopt(struct socket *sock, int level, int optname); @@ -60,59 +63,53 @@ static inline void selinux_netlbl_cache_invalidate(void) return; } -static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, - u32 base_sid, - u32 *sid) +static inline void selinux_netlbl_sk_security_reset( + struct sk_security_struct *ssec, + int family) { - *sid = SECSID_NULL; - return 0; + return; } - -static inline int selinux_netlbl_socket_post_create(struct socket *sock) +static inline void selinux_netlbl_sk_security_init( + struct sk_security_struct *ssec, + int family) { - return 0; + return; } - -static inline void selinux_netlbl_sock_graft(struct sock *sk, - struct socket *sock) +static inline void selinux_netlbl_sk_security_clone( + struct sk_security_struct *ssec, + struct sk_security_struct *newssec) { return; } -static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, - struct sk_buff *skb, - struct avc_audit_data *ad) +static inline int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, + u32 base_sid, + u32 *sid) { + *sid = SECSID_NULL; return 0; } -static inline void selinux_netlbl_sk_security_reset( - struct sk_security_struct *ssec, - int family) -{ - return; -} - -static inline void selinux_netlbl_sk_security_init( - struct sk_security_struct *ssec, - int family) +static inline void selinux_netlbl_sock_graft(struct sock *sk, + struct socket *sock) { return; } - -static inline void selinux_netlbl_sk_security_clone( - struct sk_security_struct *ssec, - struct sk_security_struct *newssec) +static inline int selinux_netlbl_socket_post_create(struct socket *sock) { - return; + return 0; } - static inline int selinux_netlbl_inode_permission(struct inode *inode, int mask) { return 0; } - +static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, + struct sk_buff *skb, + struct avc_audit_data *ad) +{ + return 0; +} static inline int selinux_netlbl_socket_setsockopt(struct socket *sock, int level, int optname) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 210eec77e7ff..b94378afea25 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -34,7 +34,7 @@ #define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS #endif -struct sk_buff; +struct netlbl_lsm_secattr; extern int selinux_enabled; extern int selinux_mls_enabled; @@ -82,8 +82,6 @@ int security_netif_sid(char *name, u32 *if_sid, int security_node_sid(u16 domain, void *addr, u32 addrlen, u32 *out_sid); -void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid); - int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, u16 tclass); @@ -102,5 +100,30 @@ int security_fs_use(const char *fstype, unsigned int *behavior, int security_genfs_sid(const char *fstype, char *name, u16 sclass, u32 *sid); +#ifdef CONFIG_NETLABEL +int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, + u32 base_sid, + u32 *sid); + +int security_netlbl_sid_to_secattr(u32 sid, + struct netlbl_lsm_secattr *secattr); +#else +static inline int security_netlbl_secattr_to_sid( + struct netlbl_lsm_secattr *secattr, + u32 base_sid, + u32 *sid) +{ + return -EIDRM; +} + +static inline int security_netlbl_sid_to_secattr(u32 sid, + struct netlbl_lsm_secattr *secattr) +{ + return -ENOENT; +} +#endif /* CONFIG_NETLABEL */ + +const char *security_get_initial_sid_context(u32 sid); + #endif /* _SELINUX_SECURITY_H_ */ |