Commit 76716cb2 authored by James Morris's avatar James Morris Committed by David S. Miller

[SELINUX]: Fine-grained Netlink support - SELinux headers

This patch regenerates the SELinux module headers to reflect new class
and access vectors definitions.  The size of the diff is misleading;
much of it is simply a change in the ordering of the automatically
generated definitions. The corresponding generation script has been
changed to ensure a stable order in the future.

Author: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 1ee910d7
...@@ -30,6 +30,9 @@ static struct av_perm_to_string av_perm_to_string[] = { ...@@ -30,6 +30,9 @@ static struct av_perm_to_string av_perm_to_string[] = {
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" }, { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" }, { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" }, { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" }, { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
{ SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" }, { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
{ SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" }, { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
...@@ -46,9 +49,6 @@ static struct av_perm_to_string av_perm_to_string[] = { ...@@ -46,9 +49,6 @@ static struct av_perm_to_string av_perm_to_string[] = {
{ SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" }, { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto" },
{ SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" }, { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn" },
{ SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" }, { SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom" },
{ SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
{ SECCLASS_PROCESS, PROCESS__FORK, "fork" }, { SECCLASS_PROCESS, PROCESS__FORK, "fork" },
{ SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" }, { SECCLASS_PROCESS, PROCESS__TRANSITION, "transition" },
{ SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" }, { SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld" },
...@@ -121,6 +121,92 @@ static struct av_perm_to_string av_perm_to_string[] = { ...@@ -121,6 +121,92 @@ static struct av_perm_to_string av_perm_to_string[] = {
{ SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" }, { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
{ SECCLASS_PASSWD, PASSWD__CHFN, "chfn" }, { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
{ SECCLASS_PASSWD, PASSWD__CHSH, "chsh" }, { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },
{ SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" },
{ SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create" },
{ SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy" },
{ SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw" },
{ SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy" },
{ SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr" },
{ SECCLASS_GC, GC__CREATE, "create" },
{ SECCLASS_GC, GC__FREE, "free" },
{ SECCLASS_GC, GC__GETATTR, "getattr" },
{ SECCLASS_GC, GC__SETATTR, "setattr" },
{ SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild" },
{ SECCLASS_WINDOW, WINDOW__CREATE, "create" },
{ SECCLASS_WINDOW, WINDOW__DESTROY, "destroy" },
{ SECCLASS_WINDOW, WINDOW__MAP, "map" },
{ SECCLASS_WINDOW, WINDOW__UNMAP, "unmap" },
{ SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack" },
{ SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist" },
{ SECCLASS_WINDOW, WINDOW__CHPROP, "chprop" },
{ SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop" },
{ SECCLASS_WINDOW, WINDOW__GETATTR, "getattr" },
{ SECCLASS_WINDOW, WINDOW__SETATTR, "setattr" },
{ SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus" },
{ SECCLASS_WINDOW, WINDOW__MOVE, "move" },
{ SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection" },
{ SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent" },
{ SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife" },
{ SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate" },
{ SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent" },
{ SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion" },
{ SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent" },
{ SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent" },
{ SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent" },
{ SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent" },
{ SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest" },
{ SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent" },
{ SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent" },
{ SECCLASS_FONT, FONT__LOAD, "load" },
{ SECCLASS_FONT, FONT__FREE, "free" },
{ SECCLASS_FONT, FONT__GETATTR, "getattr" },
{ SECCLASS_FONT, FONT__USE, "use" },
{ SECCLASS_COLORMAP, COLORMAP__CREATE, "create" },
{ SECCLASS_COLORMAP, COLORMAP__FREE, "free" },
{ SECCLASS_COLORMAP, COLORMAP__INSTALL, "install" },
{ SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall" },
{ SECCLASS_COLORMAP, COLORMAP__LIST, "list" },
{ SECCLASS_COLORMAP, COLORMAP__READ, "read" },
{ SECCLASS_COLORMAP, COLORMAP__STORE, "store" },
{ SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr" },
{ SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr" },
{ SECCLASS_PROPERTY, PROPERTY__CREATE, "create" },
{ SECCLASS_PROPERTY, PROPERTY__FREE, "free" },
{ SECCLASS_PROPERTY, PROPERTY__READ, "read" },
{ SECCLASS_PROPERTY, PROPERTY__WRITE, "write" },
{ SECCLASS_CURSOR, CURSOR__CREATE, "create" },
{ SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph" },
{ SECCLASS_CURSOR, CURSOR__FREE, "free" },
{ SECCLASS_CURSOR, CURSOR__ASSIGN, "assign" },
{ SECCLASS_CURSOR, CURSOR__SETATTR, "setattr" },
{ SECCLASS_XCLIENT, XCLIENT__KILL, "kill" },
{ SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup" },
{ SECCLASS_XINPUT, XINPUT__GETATTR, "getattr" },
{ SECCLASS_XINPUT, XINPUT__SETATTR, "setattr" },
{ SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus" },
{ SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer" },
{ SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab" },
{ SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab" },
{ SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab" },
{ SECCLASS_XINPUT, XINPUT__BELL, "bell" },
{ SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion" },
{ SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput" },
{ SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver" },
{ SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist" },
{ SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist" },
{ SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath" },
{ SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath" },
{ SECCLASS_XSERVER, XSERVER__GETATTR, "getattr" },
{ SECCLASS_XSERVER, XSERVER__GRAB, "grab" },
{ SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab" },
{ SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query" },
{ SECCLASS_XEXTENSION, XEXTENSION__USE, "use" },
{ SECCLASS_PAX, PAX__PAGEEXEC, "pageexec" },
{ SECCLASS_PAX, PAX__EMUTRAMP, "emutramp" },
{ SECCLASS_PAX, PAX__MPROTECT, "mprotect" },
{ SECCLASS_PAX, PAX__RANDMMAP, "randmmap" },
{ SECCLASS_PAX, PAX__RANDEXEC, "randexec" },
{ SECCLASS_PAX, PAX__SEGMEXEC, "segmexec" },
}; };
......
This diff is collapsed.
...@@ -35,5 +35,17 @@ static char *class_to_string[] = ...@@ -35,5 +35,17 @@ static char *class_to_string[] =
"shm", "shm",
"ipc", "ipc",
"passwd", "passwd",
"drawable",
"window",
"gc",
"font",
"colormap",
"property",
"cursor",
"xclient",
"xinput",
"xserver",
"xextension",
"pax",
}; };
...@@ -35,6 +35,18 @@ ...@@ -35,6 +35,18 @@
#define SECCLASS_SHM 28 #define SECCLASS_SHM 28
#define SECCLASS_IPC 29 #define SECCLASS_IPC 29
#define SECCLASS_PASSWD 30 #define SECCLASS_PASSWD 30
#define SECCLASS_DRAWABLE 31
#define SECCLASS_WINDOW 32
#define SECCLASS_GC 33
#define SECCLASS_FONT 34
#define SECCLASS_COLORMAP 35
#define SECCLASS_PROPERTY 36
#define SECCLASS_CURSOR 37
#define SECCLASS_XCLIENT 38
#define SECCLASS_XINPUT 39
#define SECCLASS_XSERVER 40
#define SECCLASS_XEXTENSION 41
#define SECCLASS_PAX 42
/* /*
* Security identifier indices for initial entities * Security identifier indices for initial entities
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment