From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nicolas Iooss Subject: Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls Date: Tue, 6 Oct 2015 20:55:33 +0200 Message-ID: <56141925.5050004@m4x.org> References: <20151005203358.32023.88592.stgit@localhost> <20151005204137.32023.7198.stgit@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20151005204137.32023.7198.stgit@localhost> List-Post: List-Help: Errors-To: selinux-bounces-+05T5uksL2qpZYMLLGbcSA@public.gmane.org Sender: "Selinux" To: Paul Moore , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Cc: linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org List-Id: linux-audit@redhat.com On 10/05/2015 10:41 PM, Paul Moore wrote: > Add the SELinux access control implementation for the new kdbus LSM > hooks using the new kdbus object class and the following permissions: > [[SNIP]] > diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h > index eccd61b..31e4435 100644 > --- a/security/selinux/include/classmap.h > +++ b/security/selinux/include/classmap.h > @@ -153,5 +153,9 @@ struct security_class_mapping secclass_map[] = { > { COMMON_SOCK_PERMS, "attach_queue", NULL } }, > { "binder", { "impersonate", "call", "set_context_mgr", "transfer", > NULL } }, > + { "kdbus", { "impersonate", "fakecreds", "fakepids", "owner", > + "privileged", "activator", "monitor", "policy_holder", > + "connect", "own", "talk", "see", "see_name", > + "see_notification" } }, > { NULL } > }; Hello, Out of curiosity, why is the new list of permissions not NULL-terminated? As far as I can tell, as the field "perms" of struct security_class_mapping is a fixed-size vector, it doesn't matter here (the C compiler would always pad with NULL pointers), but then I am wondering why all the other lists of perms are NULL-terminated in classmap.h. Thanks, Nicolas _______________________________________________ Selinux mailing list Selinux-+05T5uksL2qpZYMLLGbcSA@public.gmane.org To unsubscribe, send email to Selinux-leave-+05T5uksL2pAGbPMOrvdOA@public.gmane.org To get help, send an email containing "help" to Selinux-request-+05T5uksL2pAGbPMOrvdOA@public.gmane.org