SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file. The idea is that opening a file and reading/writing to that file are not the same thing. Its different if a program had its stdout redirected to /tmp/output than if the program tried to directly open /tmp/output. This should allow policy writers to more liberally give read/write permissions across the policy while still blocking many design and programing flaws SELinux is so good at catching today. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Reviewed-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Eric Paris
James Morris
@ -14,12 +14,17 @@
|
||||
S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
|
||||
S_(SECCLASS_DIR, DIR__SEARCH, "search")
|
||||
S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
|
||||
S_(SECCLASS_DIR, DIR__OPEN, "open")
|
||||
S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
|
||||
S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
|
||||
S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
|
||||
S_(SECCLASS_FILE, FILE__OPEN, "open")
|
||||
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
|
||||
S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
|
||||
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
|
||||
S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open")
|
||||
S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open")
|
||||
S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open")
|
||||
S_(SECCLASS_FD, FD__USE, "use")
|
||||
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
|
||||
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
|
||||
|
||||
@ -79,6 +79,7 @@
|
||||
#define DIR__REPARENT 0x00080000UL
|
||||
#define DIR__SEARCH 0x00100000UL
|
||||
#define DIR__RMDIR 0x00200000UL
|
||||
#define DIR__OPEN 0x00400000UL
|
||||
#define FILE__IOCTL 0x00000001UL
|
||||
#define FILE__READ 0x00000002UL
|
||||
#define FILE__WRITE 0x00000004UL
|
||||
@ -99,6 +100,7 @@
|
||||
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
|
||||
#define FILE__ENTRYPOINT 0x00040000UL
|
||||
#define FILE__EXECMOD 0x00080000UL
|
||||
#define FILE__OPEN 0x00100000UL
|
||||
#define LNK_FILE__IOCTL 0x00000001UL
|
||||
#define LNK_FILE__READ 0x00000002UL
|
||||
#define LNK_FILE__WRITE 0x00000004UL
|
||||
@ -136,6 +138,7 @@
|
||||
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
|
||||
#define CHR_FILE__ENTRYPOINT 0x00040000UL
|
||||
#define CHR_FILE__EXECMOD 0x00080000UL
|
||||
#define CHR_FILE__OPEN 0x00100000UL
|
||||
#define BLK_FILE__IOCTL 0x00000001UL
|
||||
#define BLK_FILE__READ 0x00000002UL
|
||||
#define BLK_FILE__WRITE 0x00000004UL
|
||||
@ -153,6 +156,7 @@
|
||||
#define BLK_FILE__SWAPON 0x00004000UL
|
||||
#define BLK_FILE__QUOTAON 0x00008000UL
|
||||
#define BLK_FILE__MOUNTON 0x00010000UL
|
||||
#define BLK_FILE__OPEN 0x00020000UL
|
||||
#define SOCK_FILE__IOCTL 0x00000001UL
|
||||
#define SOCK_FILE__READ 0x00000002UL
|
||||
#define SOCK_FILE__WRITE 0x00000004UL
|
||||
@ -187,6 +191,7 @@
|
||||
#define FIFO_FILE__SWAPON 0x00004000UL
|
||||
#define FIFO_FILE__QUOTAON 0x00008000UL
|
||||
#define FIFO_FILE__MOUNTON 0x00010000UL
|
||||
#define FIFO_FILE__OPEN 0x00020000UL
|
||||
#define FD__USE 0x00000001UL
|
||||
#define SOCKET__IOCTL 0x00000001UL
|
||||
#define SOCKET__READ 0x00000002UL
|
||||
|
||||
@ -48,11 +48,13 @@ extern int selinux_mls_enabled;
|
||||
/* Policy capabilities */
|
||||
enum {
|
||||
POLICYDB_CAPABILITY_NETPEER,
|
||||
POLICYDB_CAPABILITY_OPENPERM,
|
||||
__POLICYDB_CAPABILITY_MAX
|
||||
};
|
||||
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
|
||||
|
||||
extern int selinux_policycap_netpeer;
|
||||
extern int selinux_policycap_openperm;
|
||||
|
||||
int security_load_policy(void * data, size_t len);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user