git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 788e7dd) | patch
SELinux: policy selectable handling of unknown classes and perms
authorEric Paris <eparis@redhat.com>
Fri, 21 Sep 2007 18:37:10 +0000 (14:37 -0400)
committerJames Morris <jmorris@namei.org>
Tue, 16 Oct 2007 22:59:33 +0000 (08:59 +1000)
commit3f12070e27b4a213d62607d2bff139793089a77d
treeb6b614737f916c7c3102f66e6ad9e682b9c9bf04tree | snapshot
parent788e7dd4c22e6f41b3a118fd8c291f831f6fddbbcommit | diff
SELinux: policy selectable handling of unknown classes and perms

Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes.  The three choices for the
policy flags are

0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access

The policy's choice is exported through 2 booleans in
selinuxfs.  /selinux/deny_unknown and /selinux/reject_unknown.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/include/security.h diff | blob | history
security/selinux/selinuxfs.c diff | blob | history
security/selinux/ss/policydb.c diff | blob | history
security/selinux/ss/policydb.h diff | blob | history
security/selinux/ss/services.c diff | blob | history
Pandora Kernel Repository