2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-16 01:04:08 +08:00
linux-next/security
KaiGai Kohei 8a6f83afd0 Permissive domain in userspace object manager
This patch enables applications to handle permissive domain correctly.

Since the v2.6.26 kernel, SELinux has supported an idea of permissive
domain which allows certain processes to work as if permissive mode,
even if the global setting is enforcing mode.
However, we don't have an application program interface to inform
what domains are permissive one, and what domains are not.
It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
and so on) cannot handle permissive domain correctly.

This patch add the sixth field (flags) on the reply of the /selinux/access
interface which is used to make an access control decision from userspace.
If the first bit of the flags field is positive, it means the required
access control decision is on permissive domain, so application should
allow any required actions, as the kernel doing.

This patch also has a side benefit. The av_decision.flags is set at
context_struct_compute_av(). It enables to check required permissions
without read_lock(&policy_rwlock).

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
--
 security/selinux/avc.c              |    2 +-
 security/selinux/include/security.h |    4 +++-
 security/selinux/selinuxfs.c        |    4 ++--
 security/selinux/ss/services.c      |   30 +++++-------------------------
 4 files changed, 11 insertions(+), 29 deletions(-)
Signed-off-by: James Morris <jmorris@namei.org>
2009-04-02 09:23:45 +11:00
..
integrity/ima integrity: ima iint radix_tree_lookup locking fix 2009-02-23 09:54:53 +11:00
keys keys: make procfiles per-user-namespace 2009-02-27 12:35:15 +11:00
selinux Permissive domain in userspace object manager 2009-04-02 09:23:45 +11:00
smack smack: Add a new '-CIPSO' option to the network address label configuration 2009-03-28 15:01:37 +11:00
tomoyo TOMOYO: Fix a typo. 2009-03-27 19:03:44 +11:00
capability.c lsm: Remove the socket_post_accept() hook 2009-03-28 15:01:37 +11:00
commoncap.c Merge branch 'next' into for-linus 2009-01-07 09:58:22 +11:00
device_cgroup.c devices cgroup: allow mkfifo 2009-01-08 08:31:03 -08:00
inode.c Merge branch 'master' into next 2009-02-06 11:01:45 +11:00
Kconfig Kconfig and Makefile 2009-02-12 15:19:00 +11:00
Makefile security: change link order of LSMs so security=tomoyo works 2009-02-12 16:29:04 +11:00
root_plug.c Revert "CRED: Fix regression in cap_capable() as shown up by sys_faccessat() [ver #2]" 2009-01-07 09:21:54 +11:00
security.c lsm: Remove the socket_post_accept() hook 2009-03-28 15:01:37 +11:00