[SELINUX]: add security class for appletalk sockets

Add a security class for appletalk sockets so that they can be distinguished in SELinux policy. Please apply. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2025-01-19 19:14:01 +08:00 · 2006-06-09 00:25:03 -07:00 · 2006-06-09 00:25:03 -07:00 · 3e3ff15e6d
commit 3e3ff15e6d
parent 6f68dc3775
5 changed files with 28 additions and 0 deletions
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@ -696,6 +696,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 		return SECCLASS_PACKET_SOCKET;
 	case PF_KEY:
 		return SECCLASS_KEY_SOCKET;
+	case PF_APPLETALK:
+		return SECCLASS_APPLETALK_SOCKET;
 	}

 	return SECCLASS_SOCKET;
--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
@ -29,3 +29,4 @@
   S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
   S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
   S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
+   S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@ -933,3 +933,26 @@
 #define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG   0x00100000UL
 #define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND  0x00200000UL

+#define APPLETALK_SOCKET__IOCTL                   0x00000001UL
+#define APPLETALK_SOCKET__READ                    0x00000002UL
+#define APPLETALK_SOCKET__WRITE                   0x00000004UL
+#define APPLETALK_SOCKET__CREATE                  0x00000008UL
+#define APPLETALK_SOCKET__GETATTR                 0x00000010UL
+#define APPLETALK_SOCKET__SETATTR                 0x00000020UL
+#define APPLETALK_SOCKET__LOCK                    0x00000040UL
+#define APPLETALK_SOCKET__RELABELFROM             0x00000080UL
+#define APPLETALK_SOCKET__RELABELTO               0x00000100UL
+#define APPLETALK_SOCKET__APPEND                  0x00000200UL
+#define APPLETALK_SOCKET__BIND                    0x00000400UL
+#define APPLETALK_SOCKET__CONNECT                 0x00000800UL
+#define APPLETALK_SOCKET__LISTEN                  0x00001000UL
+#define APPLETALK_SOCKET__ACCEPT                  0x00002000UL
+#define APPLETALK_SOCKET__GETOPT                  0x00004000UL
+#define APPLETALK_SOCKET__SETOPT                  0x00008000UL
+#define APPLETALK_SOCKET__SHUTDOWN                0x00010000UL
+#define APPLETALK_SOCKET__RECVFROM                0x00020000UL
+#define APPLETALK_SOCKET__SENDTO                  0x00040000UL
+#define APPLETALK_SOCKET__RECV_MSG                0x00080000UL
+#define APPLETALK_SOCKET__SEND_MSG                0x00100000UL
+#define APPLETALK_SOCKET__NAME_BIND               0x00200000UL
+
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@ -58,3 +58,4 @@
    S_("nscd")
    S_("association")
    S_("netlink_kobject_uevent_socket")
+    S_("appletalk_socket")
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@ -60,6 +60,7 @@
 #define SECCLASS_NSCD                                    53
 #define SECCLASS_ASSOCIATION                             54
 #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
+#define SECCLASS_APPLETALK_SOCKET                        56

 /*
 * Security identifier indices for initial entities