d720024e94
Introduce SELinux hooks to support the access key retention subsystem within the kernel. Incorporate new flask headers from a modified version of the SELinux reference policy, with support for the new security class representing retained keys. Extend the "key_alloc" security hook with a task parameter representing the intended ownership context for the key being allocated. Attach security information to root's default keyrings within the SELinux initialization routine. Has passed David's testsuite. Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
101 lines
5.2 KiB
C
101 lines
5.2 KiB
C
/* This file is automatically generated. Do not edit. */
|
|
#ifndef _SELINUX_FLASK_H_
|
|
#define _SELINUX_FLASK_H_
|
|
|
|
/*
|
|
* Security object class definitions
|
|
*/
|
|
#define SECCLASS_SECURITY 1
|
|
#define SECCLASS_PROCESS 2
|
|
#define SECCLASS_SYSTEM 3
|
|
#define SECCLASS_CAPABILITY 4
|
|
#define SECCLASS_FILESYSTEM 5
|
|
#define SECCLASS_FILE 6
|
|
#define SECCLASS_DIR 7
|
|
#define SECCLASS_FD 8
|
|
#define SECCLASS_LNK_FILE 9
|
|
#define SECCLASS_CHR_FILE 10
|
|
#define SECCLASS_BLK_FILE 11
|
|
#define SECCLASS_SOCK_FILE 12
|
|
#define SECCLASS_FIFO_FILE 13
|
|
#define SECCLASS_SOCKET 14
|
|
#define SECCLASS_TCP_SOCKET 15
|
|
#define SECCLASS_UDP_SOCKET 16
|
|
#define SECCLASS_RAWIP_SOCKET 17
|
|
#define SECCLASS_NODE 18
|
|
#define SECCLASS_NETIF 19
|
|
#define SECCLASS_NETLINK_SOCKET 20
|
|
#define SECCLASS_PACKET_SOCKET 21
|
|
#define SECCLASS_KEY_SOCKET 22
|
|
#define SECCLASS_UNIX_STREAM_SOCKET 23
|
|
#define SECCLASS_UNIX_DGRAM_SOCKET 24
|
|
#define SECCLASS_SEM 25
|
|
#define SECCLASS_MSG 26
|
|
#define SECCLASS_MSGQ 27
|
|
#define SECCLASS_SHM 28
|
|
#define SECCLASS_IPC 29
|
|
#define SECCLASS_PASSWD 30
|
|
#define SECCLASS_DRAWABLE 31
|
|
#define SECCLASS_WINDOW 32
|
|
#define SECCLASS_GC 33
|
|
#define SECCLASS_FONT 34
|
|
#define SECCLASS_COLORMAP 35
|
|
#define SECCLASS_PROPERTY 36
|
|
#define SECCLASS_CURSOR 37
|
|
#define SECCLASS_XCLIENT 38
|
|
#define SECCLASS_XINPUT 39
|
|
#define SECCLASS_XSERVER 40
|
|
#define SECCLASS_XEXTENSION 41
|
|
#define SECCLASS_PAX 42
|
|
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
|
|
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
|
|
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
|
|
#define SECCLASS_NETLINK_NFLOG_SOCKET 46
|
|
#define SECCLASS_NETLINK_XFRM_SOCKET 47
|
|
#define SECCLASS_NETLINK_SELINUX_SOCKET 48
|
|
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
|
|
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
|
|
#define SECCLASS_NETLINK_DNRT_SOCKET 51
|
|
#define SECCLASS_DBUS 52
|
|
#define SECCLASS_NSCD 53
|
|
#define SECCLASS_ASSOCIATION 54
|
|
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
|
|
#define SECCLASS_APPLETALK_SOCKET 56
|
|
#define SECCLASS_PACKET 57
|
|
#define SECCLASS_KEY 58
|
|
|
|
/*
|
|
* Security identifier indices for initial entities
|
|
*/
|
|
#define SECINITSID_KERNEL 1
|
|
#define SECINITSID_SECURITY 2
|
|
#define SECINITSID_UNLABELED 3
|
|
#define SECINITSID_FS 4
|
|
#define SECINITSID_FILE 5
|
|
#define SECINITSID_FILE_LABELS 6
|
|
#define SECINITSID_INIT 7
|
|
#define SECINITSID_ANY_SOCKET 8
|
|
#define SECINITSID_PORT 9
|
|
#define SECINITSID_NETIF 10
|
|
#define SECINITSID_NETMSG 11
|
|
#define SECINITSID_NODE 12
|
|
#define SECINITSID_IGMP_PACKET 13
|
|
#define SECINITSID_ICMP_SOCKET 14
|
|
#define SECINITSID_TCP_SOCKET 15
|
|
#define SECINITSID_SYSCTL_MODPROBE 16
|
|
#define SECINITSID_SYSCTL 17
|
|
#define SECINITSID_SYSCTL_FS 18
|
|
#define SECINITSID_SYSCTL_KERNEL 19
|
|
#define SECINITSID_SYSCTL_NET 20
|
|
#define SECINITSID_SYSCTL_NET_UNIX 21
|
|
#define SECINITSID_SYSCTL_VM 22
|
|
#define SECINITSID_SYSCTL_DEV 23
|
|
#define SECINITSID_KMOD 24
|
|
#define SECINITSID_POLICY 25
|
|
#define SECINITSID_SCMP_PACKET 26
|
|
#define SECINITSID_DEVNULL 27
|
|
|
|
#define SECINITSID_NUM 27
|
|
|
|
#endif
|