mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-16 16:54:20 +08:00
2ee92d46c6
This patch implements SELinux kernel support for DCCP (http://linux-net.osdl.org/index.php/DCCP), which is similar in operation to TCP in terms of connected state between peers. The SELinux support for DCCP is thus modeled on existing handling of TCP. A new DCCP socket class is introduced, to allow protocol differentation. The permissions for this class inherit all of the socket permissions, as well as the current TCP permissions (node_bind, name_bind etc). IPv4 and IPv6 are supported, although labeled networking is not, at this stage. Patches for SELinux userspace are at: http://people.redhat.com/jmorris/selinux/dccp/user/ I've performed some basic testing, and it seems to be working as expected. Adding policy support is similar to TCP, the only real difference being that it's a different protocol. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
103 lines
5.3 KiB
C
103 lines
5.3 KiB
C
/* This file is automatically generated. Do not edit. */
|
|
#ifndef _SELINUX_FLASK_H_
|
|
#define _SELINUX_FLASK_H_
|
|
|
|
/*
|
|
* Security object class definitions
|
|
*/
|
|
#define SECCLASS_SECURITY 1
|
|
#define SECCLASS_PROCESS 2
|
|
#define SECCLASS_SYSTEM 3
|
|
#define SECCLASS_CAPABILITY 4
|
|
#define SECCLASS_FILESYSTEM 5
|
|
#define SECCLASS_FILE 6
|
|
#define SECCLASS_DIR 7
|
|
#define SECCLASS_FD 8
|
|
#define SECCLASS_LNK_FILE 9
|
|
#define SECCLASS_CHR_FILE 10
|
|
#define SECCLASS_BLK_FILE 11
|
|
#define SECCLASS_SOCK_FILE 12
|
|
#define SECCLASS_FIFO_FILE 13
|
|
#define SECCLASS_SOCKET 14
|
|
#define SECCLASS_TCP_SOCKET 15
|
|
#define SECCLASS_UDP_SOCKET 16
|
|
#define SECCLASS_RAWIP_SOCKET 17
|
|
#define SECCLASS_NODE 18
|
|
#define SECCLASS_NETIF 19
|
|
#define SECCLASS_NETLINK_SOCKET 20
|
|
#define SECCLASS_PACKET_SOCKET 21
|
|
#define SECCLASS_KEY_SOCKET 22
|
|
#define SECCLASS_UNIX_STREAM_SOCKET 23
|
|
#define SECCLASS_UNIX_DGRAM_SOCKET 24
|
|
#define SECCLASS_SEM 25
|
|
#define SECCLASS_MSG 26
|
|
#define SECCLASS_MSGQ 27
|
|
#define SECCLASS_SHM 28
|
|
#define SECCLASS_IPC 29
|
|
#define SECCLASS_PASSWD 30
|
|
#define SECCLASS_DRAWABLE 31
|
|
#define SECCLASS_WINDOW 32
|
|
#define SECCLASS_GC 33
|
|
#define SECCLASS_FONT 34
|
|
#define SECCLASS_COLORMAP 35
|
|
#define SECCLASS_PROPERTY 36
|
|
#define SECCLASS_CURSOR 37
|
|
#define SECCLASS_XCLIENT 38
|
|
#define SECCLASS_XINPUT 39
|
|
#define SECCLASS_XSERVER 40
|
|
#define SECCLASS_XEXTENSION 41
|
|
#define SECCLASS_PAX 42
|
|
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
|
|
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
|
|
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
|
|
#define SECCLASS_NETLINK_NFLOG_SOCKET 46
|
|
#define SECCLASS_NETLINK_XFRM_SOCKET 47
|
|
#define SECCLASS_NETLINK_SELINUX_SOCKET 48
|
|
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
|
|
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
|
|
#define SECCLASS_NETLINK_DNRT_SOCKET 51
|
|
#define SECCLASS_DBUS 52
|
|
#define SECCLASS_NSCD 53
|
|
#define SECCLASS_ASSOCIATION 54
|
|
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
|
|
#define SECCLASS_APPLETALK_SOCKET 56
|
|
#define SECCLASS_PACKET 57
|
|
#define SECCLASS_KEY 58
|
|
#define SECCLASS_CONTEXT 59
|
|
#define SECCLASS_DCCP_SOCKET 60
|
|
|
|
/*
|
|
* Security identifier indices for initial entities
|
|
*/
|
|
#define SECINITSID_KERNEL 1
|
|
#define SECINITSID_SECURITY 2
|
|
#define SECINITSID_UNLABELED 3
|
|
#define SECINITSID_FS 4
|
|
#define SECINITSID_FILE 5
|
|
#define SECINITSID_FILE_LABELS 6
|
|
#define SECINITSID_INIT 7
|
|
#define SECINITSID_ANY_SOCKET 8
|
|
#define SECINITSID_PORT 9
|
|
#define SECINITSID_NETIF 10
|
|
#define SECINITSID_NETMSG 11
|
|
#define SECINITSID_NODE 12
|
|
#define SECINITSID_IGMP_PACKET 13
|
|
#define SECINITSID_ICMP_SOCKET 14
|
|
#define SECINITSID_TCP_SOCKET 15
|
|
#define SECINITSID_SYSCTL_MODPROBE 16
|
|
#define SECINITSID_SYSCTL 17
|
|
#define SECINITSID_SYSCTL_FS 18
|
|
#define SECINITSID_SYSCTL_KERNEL 19
|
|
#define SECINITSID_SYSCTL_NET 20
|
|
#define SECINITSID_SYSCTL_NET_UNIX 21
|
|
#define SECINITSID_SYSCTL_VM 22
|
|
#define SECINITSID_SYSCTL_DEV 23
|
|
#define SECINITSID_KMOD 24
|
|
#define SECINITSID_POLICY 25
|
|
#define SECINITSID_SCMP_PACKET 26
|
|
#define SECINITSID_DEVNULL 27
|
|
|
|
#define SECINITSID_NUM 27
|
|
|
|
#endif
|