* [patch 2/9] selinux: add security class for appletalk sockets
@ 2006-06-09 5:20 akpm
2006-06-09 7:26 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: akpm @ 2006-06-09 5:20 UTC (permalink / raw)
To: davem; +Cc: netdev, akpm, cpebenito, jmorris, sds
From: Christopher J. PeBenito <cpebenito@tresys.com>
Add a security class for appletalk sockets so that they can be
distinguished in SELinux policy. Please apply.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---
security/selinux/hooks.c | 2 +
security/selinux/include/av_inherit.h | 1
security/selinux/include/av_permissions.h | 23 +++++++++++++++++++
security/selinux/include/class_to_string.h | 1
security/selinux/include/flask.h | 1
5 files changed, 28 insertions(+)
diff -puN security/selinux/hooks.c~selinux-add-security-class-for-appletalk-sockets security/selinux/hooks.c
--- devel/security/selinux/hooks.c~selinux-add-security-class-for-appletalk-sockets 2006-06-01 20:31:49.000000000 -0700
+++ devel-akpm/security/selinux/hooks.c 2006-06-01 20:31:49.000000000 -0700
@@ -696,6 +696,8 @@ static inline u16 socket_type_to_securit
return SECCLASS_PACKET_SOCKET;
case PF_KEY:
return SECCLASS_KEY_SOCKET;
+ case PF_APPLETALK:
+ return SECCLASS_APPLETALK_SOCKET;
}
return SECCLASS_SOCKET;
diff -puN security/selinux/include/av_inherit.h~selinux-add-security-class-for-appletalk-sockets security/selinux/include/av_inherit.h
--- devel/security/selinux/include/av_inherit.h~selinux-add-security-class-for-appletalk-sockets 2006-06-01 20:31:49.000000000 -0700
+++ devel-akpm/security/selinux/include/av_inherit.h 2006-06-01 20:31:49.000000000 -0700
@@ -29,3 +29,4 @@
S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
diff -puN security/selinux/include/av_permissions.h~selinux-add-security-class-for-appletalk-sockets security/selinux/include/av_permissions.h
--- devel/security/selinux/include/av_permissions.h~selinux-add-security-class-for-appletalk-sockets 2006-06-01 20:31:49.000000000 -0700
+++ devel-akpm/security/selinux/include/av_permissions.h 2006-06-01 20:31:49.000000000 -0700
@@ -933,3 +933,26 @@
#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
+#define APPLETALK_SOCKET__IOCTL 0x00000001UL
+#define APPLETALK_SOCKET__READ 0x00000002UL
+#define APPLETALK_SOCKET__WRITE 0x00000004UL
+#define APPLETALK_SOCKET__CREATE 0x00000008UL
+#define APPLETALK_SOCKET__GETATTR 0x00000010UL
+#define APPLETALK_SOCKET__SETATTR 0x00000020UL
+#define APPLETALK_SOCKET__LOCK 0x00000040UL
+#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
+#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
+#define APPLETALK_SOCKET__APPEND 0x00000200UL
+#define APPLETALK_SOCKET__BIND 0x00000400UL
+#define APPLETALK_SOCKET__CONNECT 0x00000800UL
+#define APPLETALK_SOCKET__LISTEN 0x00001000UL
+#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
+#define APPLETALK_SOCKET__GETOPT 0x00004000UL
+#define APPLETALK_SOCKET__SETOPT 0x00008000UL
+#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
+#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
+#define APPLETALK_SOCKET__SENDTO 0x00040000UL
+#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
+#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
+#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
+
diff -puN security/selinux/include/class_to_string.h~selinux-add-security-class-for-appletalk-sockets security/selinux/include/class_to_string.h
--- devel/security/selinux/include/class_to_string.h~selinux-add-security-class-for-appletalk-sockets 2006-06-01 20:31:49.000000000 -0700
+++ devel-akpm/security/selinux/include/class_to_string.h 2006-06-01 20:31:49.000000000 -0700
@@ -58,3 +58,4 @@
S_("nscd")
S_("association")
S_("netlink_kobject_uevent_socket")
+ S_("appletalk_socket")
diff -puN security/selinux/include/flask.h~selinux-add-security-class-for-appletalk-sockets security/selinux/include/flask.h
--- devel/security/selinux/include/flask.h~selinux-add-security-class-for-appletalk-sockets 2006-06-01 20:31:49.000000000 -0700
+++ devel-akpm/security/selinux/include/flask.h 2006-06-01 20:31:49.000000000 -0700
@@ -60,6 +60,7 @@
#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
+#define SECCLASS_APPLETALK_SOCKET 56
/*
* Security identifier indices for initial entities
_
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [patch 2/9] selinux: add security class for appletalk sockets
2006-06-09 5:20 [patch 2/9] selinux: add security class for appletalk sockets akpm
@ 2006-06-09 7:26 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2006-06-09 7:26 UTC (permalink / raw)
To: akpm; +Cc: netdev, cpebenito, jmorris, sds
From: akpm@osdl.org
Date: Thu, 08 Jun 2006 22:20:52 -0700
>
> From: Christopher J. PeBenito <cpebenito@tresys.com>
>
> Add a security class for appletalk sockets so that they can be
> distinguished in SELinux policy. Please apply.
>
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
> Acked-by: James Morris <jmorris@namei.org>
> Cc: "David S. Miller" <davem@davemloft.net>
> Signed-off-by: Andrew Morton <akpm@osdl.org>
Applied to net-2.6.18, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-06-09 7:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-09 5:20 [patch 2/9] selinux: add security class for appletalk sockets akpm
2006-06-09 7:26 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).