diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-02-07 11:21:04 -0500 | 
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-02-11 20:30:02 +1100 | 
| commit | b68e418c445e8a468634d0a7ca2fb63bbaa74028 (patch) | |
| tree | e49b4a94ef28a9288ed6735a994387205b7cc5bd /security/selinux/include | |
| parent | 19af35546de68c872dcb687613e0902a602cb20e (diff) | |
selinux: support 64-bit capabilities
Fix SELinux to handle 64-bit capabilities correctly, and to catch
future extensions of capabilities beyond 64 bits to ensure that SELinux
is properly updated.
Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/av_perm_to_string.h | 3 | ||||
| -rw-r--r-- | security/selinux/include/av_permissions.h | 3 | ||||
| -rw-r--r-- | security/selinux/include/class_to_string.h | 1 | ||||
| -rw-r--r-- | security/selinux/include/flask.h | 1 | 
4 files changed, 8 insertions, 0 deletions
| diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 399f868c5c8f..d5696690d3a2 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h @@ -132,6 +132,9 @@     S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")     S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")     S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") +   S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") +   S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") +   S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")     S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")     S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")     S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 84c9abc80978..75b41311ab86 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h @@ -533,6 +533,9 @@  #define CAPABILITY__LEASE                         0x10000000UL  #define CAPABILITY__AUDIT_WRITE                   0x20000000UL  #define CAPABILITY__AUDIT_CONTROL                 0x40000000UL +#define CAPABILITY__SETFCAP                       0x80000000UL +#define CAPABILITY2__MAC_OVERRIDE                 0x00000001UL +#define CAPABILITY2__MAC_ADMIN                    0x00000002UL  #define NETLINK_ROUTE_SOCKET__IOCTL               0x00000001UL  #define NETLINK_ROUTE_SOCKET__READ                0x00000002UL  #define NETLINK_ROUTE_SOCKET__WRITE               0x00000004UL diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index b1b0d1d8f950..bd813c366e34 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h @@ -71,3 +71,4 @@      S_(NULL)      S_(NULL)      S_("peer") +    S_("capability2") diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index 09e9dd23ee1a..febf8868e852 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h @@ -51,6 +51,7 @@  #define SECCLASS_DCCP_SOCKET                             60  #define SECCLASS_MEMPROTECT                              61  #define SECCLASS_PEER                                    68 +#define SECCLASS_CAPABILITY2                             69  /*   * Security identifier indices for initial entities | 
