1
linux/security/selinux/ss
Chad Sellers b94c7e677b SELinux: validate kernel object classes and permissions
This is a new object class and permission validation scheme that validates
against the defined kernel headers. This scheme allows extra classes
and permissions that do not conflict with the kernel definitions to be
added to the policy. This validation is now done for all policy loads,
not just subsequent loads after the first policy load.

The implementation walks the three structrures containing the defined
object class and permission values and ensures their values are the
same in the policy being loaded. This includes verifying the object
classes themselves, the permissions they contain, and the permissions
they inherit from commons. Classes or permissions that are present in the
kernel but missing from the policy cause a warning (printed to KERN_INFO)
to be printed, but do not stop the policy from loading, emulating current
behavior. Any other inconsistencies cause the load to fail.

Signed-off-by: Chad Sellers <csellers@tresys.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2006-11-28 12:04:38 -05:00
..
avtab.c [PATCH] selinux: more ARRAY_SIZE cleanups 2006-01-06 08:33:29 -08:00
avtab.h [PATCH] selinux: Reduce memory use by avtab 2005-09-05 00:05:50 -07:00
conditional.c [PATCH] SELinux: convert to kzalloc 2005-10-30 17:37:11 -08:00
conditional.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ebitmap.c NetLabel: better error handling involving mls_export_cat() 2006-10-15 23:14:15 -07:00
ebitmap.h [NetLabel]: SELinux support 2006-09-22 14:53:36 -07:00
hashtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
hashtab.h SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mls_types.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mls.c NetLabel: better error handling involving mls_export_cat() 2006-10-15 23:14:15 -07:00
mls.h [NetLabel]: SELinux support 2006-09-22 14:53:36 -07:00
policydb.c SELinux: Bug fix in polidydb_destroy 2006-10-11 23:59:41 -07:00
policydb.h [PATCH] selinux: add support for range transitions on object classes 2006-09-26 08:48:52 -07:00
services.c SELinux: validate kernel object classes and permissions 2006-11-28 12:04:38 -05:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
symtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00