Commit 11787a9a authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Linus Torvalds

[PATCH] SELinux: define execmod permission for character devices

This patch regenerates the SELinux module headers to define the execmod
permission for character device files in order to provide proper auditing
of such checks on /dev/zero.
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 423a924e
...@@ -17,6 +17,9 @@ ...@@ -17,6 +17,9 @@
S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
S_(SECCLASS_FD, FD__USE, "use") S_(SECCLASS_FD, FD__USE, "use")
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
......
...@@ -143,6 +143,10 @@ ...@@ -143,6 +143,10 @@
#define CHR_FILE__QUOTAON 0x00008000UL #define CHR_FILE__QUOTAON 0x00008000UL
#define CHR_FILE__MOUNTON 0x00010000UL #define CHR_FILE__MOUNTON 0x00010000UL
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
#define CHR_FILE__ENTRYPOINT 0x00040000UL
#define CHR_FILE__EXECMOD 0x00080000UL
#define BLK_FILE__IOCTL 0x00000001UL #define BLK_FILE__IOCTL 0x00000001UL
#define BLK_FILE__READ 0x00000002UL #define BLK_FILE__READ 0x00000002UL
#define BLK_FILE__WRITE 0x00000004UL #define BLK_FILE__WRITE 0x00000004UL
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment