diff options
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/av_perm_to_string.h | 3 | ||||
| -rw-r--r-- | security/selinux/include/av_permissions.h | 3 | ||||
| -rw-r--r-- | security/selinux/include/avc.h | 6 | ||||
| -rw-r--r-- | security/selinux/include/class_to_string.h | 1 | ||||
| -rw-r--r-- | security/selinux/include/flask.h | 1 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 1 |
6 files changed, 10 insertions, 5 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h index 399f868c5c8..d5696690d3a 100644 --- a/security/selinux/include/av_perm_to_string.h +++ b/security/selinux/include/av_perm_to_string.h @@ -132,6 +132,9 @@ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") + S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") + S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h index 84c9abc8097..75b41311ab8 100644 --- a/security/selinux/include/av_permissions.h +++ b/security/selinux/include/av_permissions.h @@ -533,6 +533,9 @@ #define CAPABILITY__LEASE 0x10000000UL #define CAPABILITY__AUDIT_WRITE 0x20000000UL #define CAPABILITY__AUDIT_CONTROL 0x40000000UL +#define CAPABILITY__SETFCAP 0x80000000UL +#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL +#define CAPABILITY2__MAC_ADMIN 0x00000002UL #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 80c28fa6621..8e23d7a873a 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h @@ -13,6 +13,7 @@ #include <linux/spinlock.h> #include <linux/init.h> #include <linux/in6.h> +#include <linux/path.h> #include <asm/system.h> #include "flask.h" #include "av_permissions.h" @@ -30,8 +31,6 @@ extern int selinux_enforcing; struct avc_entry; struct task_struct; -struct vfsmount; -struct dentry; struct inode; struct sock; struct sk_buff; @@ -46,8 +45,7 @@ struct avc_audit_data { struct task_struct *tsk; union { struct { - struct vfsmount *mnt; - struct dentry *dentry; + struct path path; struct inode *inode; } fs; struct { diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h index b1b0d1d8f95..bd813c366e3 100644 --- a/security/selinux/include/class_to_string.h +++ b/security/selinux/include/class_to_string.h @@ -71,3 +71,4 @@ S_(NULL) S_(NULL) S_("peer") + S_("capability2") diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h index 09e9dd23ee1..febf8868e85 100644 --- a/security/selinux/include/flask.h +++ b/security/selinux/include/flask.h @@ -51,6 +51,7 @@ #define SECCLASS_DCCP_SOCKET 60 #define SECCLASS_MEMPROTECT 61 #define SECCLASS_PEER 68 +#define SECCLASS_CAPABILITY2 69 /* * Security identifier indices for initial entities diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 23137c17f91..837ce420d2f 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -107,7 +107,6 @@ int security_get_classes(char ***classes, int *nclasses); int security_get_permissions(char *class, char ***perms, int *nperms); int security_get_reject_unknown(void); int security_get_allow_unknown(void); -int security_get_policycaps(int *len, int **values); #define SECURITY_FS_USE_XATTR 1 /* use xattr */ #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |