aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/include/av_inherit.h1
-rw-r--r--security/selinux/include/av_perm_to_string.h4
-rw-r--r--security/selinux/include/av_permissions.h28
-rw-r--r--security/selinux/include/class_to_string.h2
-rw-r--r--security/selinux/include/flask.h2
6 files changed, 39 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8a2cc75b394..2ae7d3cb8df 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -672,6 +672,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
return SECCLASS_NETLINK_IP6FW_SOCKET;
case NETLINK_DNRTMSG:
return SECCLASS_NETLINK_DNRT_SOCKET;
+ case NETLINK_KOBJECT_UEVENT:
+ return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
default:
return SECCLASS_NETLINK_SOCKET;
}
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
index 9facb27822a..b0e6b12931c 100644
--- a/security/selinux/include/av_inherit.h
+++ b/security/selinux/include/av_inherit.h
@@ -28,3 +28,4 @@
S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index 903e8b3cc2e..eb340b45bc6 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -118,6 +118,8 @@
S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
@@ -230,3 +232,5 @@
S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index b0a12ac8f7e..f9de0f96655 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -559,6 +559,8 @@
#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
#define CAPABILITY__MKNOD 0x08000000UL
#define CAPABILITY__LEASE 0x10000000UL
+#define CAPABILITY__AUDIT_WRITE 0x20000000UL
+#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
#define PASSWD__PASSWD 0x00000001UL
#define PASSWD__CHFN 0x00000002UL
@@ -900,3 +902,29 @@
#define NSCD__SHMEMGRP 0x00000040UL
#define NSCD__SHMEMHOST 0x00000080UL
+#define ASSOCIATION__SENDTO 0x00000001UL
+#define ASSOCIATION__RECVFROM 0x00000002UL
+
+#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
+
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index 519a77d7394..77b2c5996f3 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -56,3 +56,5 @@
S_("netlink_dnrt_socket")
S_("dbus")
S_("nscd")
+ S_("association")
+ S_("netlink_kobject_uevent_socket")
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 4eef1b654e9..eb9f50823f6 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -58,6 +58,8 @@
#define SECCLASS_NETLINK_DNRT_SOCKET 51
#define SECCLASS_DBUS 52
#define SECCLASS_NSCD 53
+#define SECCLASS_ASSOCIATION 54
+#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
/*
* Security identifier indices for initial entities