Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a764ae4b authored by Stephen Smalley's avatar Stephen Smalley Committed by James Morris
Browse files

selinux: remove userland security class and permission definitions 



Remove userland security class and permission definitions from the kernel
as the kernel only needs to use and validate its own class and permission
definitions and userland definitions may change.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 4f6a993f

security/selinux/avc.c

+2 −0
Original line number Diff line number Diff line
@@ -217,6 +217,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla 
		audit_log_format(ab, " tcontext=%s", scontext);

		kfree(scontext);

	}



	BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);

	audit_log_format(ab, " tclass=%s", class_to_string[tclass]);

}

security/selinux/include/av_perm_to_string.h

+0 −102
Original line number Diff line number Diff line
@@ -128,96 +128,6 @@ 
   S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")

   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")

   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")

   S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")

   S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")

   S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")

   S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")

   S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")

   S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")

   S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")

   S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")

   S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")

   S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")

   S_(SECCLASS_GC, GC__CREATE, "create")

   S_(SECCLASS_GC, GC__FREE, "free")

   S_(SECCLASS_GC, GC__GETATTR, "getattr")

   S_(SECCLASS_GC, GC__SETATTR, "setattr")

   S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")

   S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")

   S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")

   S_(SECCLASS_WINDOW, WINDOW__MAP, "map")

   S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")

   S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")

   S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")

   S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")

   S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")

   S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")

   S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")

   S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")

   S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")

   S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")

   S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")

   S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")

   S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")

   S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")

   S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")

   S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")

   S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")

   S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")

   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")

   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")

   S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")

   S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")

   S_(SECCLASS_FONT, FONT__LOAD, "load")

   S_(SECCLASS_FONT, FONT__FREE, "free")

   S_(SECCLASS_FONT, FONT__GETATTR, "getattr")

   S_(SECCLASS_FONT, FONT__USE, "use")

   S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")

   S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")

   S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")

   S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")

   S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")

   S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")

   S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")

   S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")

   S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")

   S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")

   S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")

   S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")

   S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")

   S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")

   S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")

   S_(SECCLASS_CURSOR, CURSOR__FREE, "free")

   S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")

   S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")

   S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")

   S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")

   S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")

   S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")

   S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")

   S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")

   S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")

   S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")

   S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")

   S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")

   S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")

   S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")

   S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")

   S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")

   S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")

   S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")

   S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")

   S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")

   S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")

   S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")

   S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")

   S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")

   S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")

   S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")

   S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")

   S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")

   S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")

   S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")

   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")

   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")

   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
@@ -232,16 +142,6 @@ 
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")

   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")

   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")

   S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")

   S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")

   S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")

   S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")

   S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")

   S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")

   S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")

   S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")

   S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")

   S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
@@ -256,7 +156,5 @@ 
   S_(SECCLASS_KEY, KEY__LINK, "link")

   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")

   S_(SECCLASS_KEY, KEY__CREATE, "create")

   S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")

   S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")

   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")

   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")

security/selinux/include/av_permissions.h

+0 −179

File changed.

Preview size limit exceeded, changes collapsed.

security/selinux/include/class_to_string.h

+17 −17
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
/*

 * Security object class definitions

 */

    S_("null")

    S_(NULL)

    S_("security")

    S_("process")

    S_("system")
@@ -32,19 +32,19 @@ 
    S_("msgq")

    S_("shm")

    S_("ipc")

    S_("passwd")

    S_("drawable")

    S_("window")

    S_("gc")

    S_("font")

    S_("colormap")

    S_("property")

    S_("cursor")

    S_("xclient")

    S_("xinput")

    S_("xserver")

    S_("xextension")

    S_("pax")

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_(NULL)

    S_("netlink_route_socket")

    S_("netlink_firewall_socket")

    S_("netlink_tcpdiag_socket")
@@ -54,12 +54,12 @@ 
    S_("netlink_audit_socket")

    S_("netlink_ip6fw_socket")

    S_("netlink_dnrt_socket")

    S_("dbus")

    S_("nscd")

    S_(NULL)

    S_(NULL)

    S_("association")

    S_("netlink_kobject_uevent_socket")

    S_("appletalk_socket")

    S_("packet")

    S_("key")

    S_("context")

    S_(NULL)

    S_("dccp_socket")

security/selinux/include/flask.h

+0 −16
Original line number Diff line number Diff line
@@ -34,19 +34,6 @@ 
#define SECCLASS_MSGQ                                    27

#define SECCLASS_SHM                                     28

#define SECCLASS_IPC                                     29

#define SECCLASS_PASSWD                                  30

#define SECCLASS_DRAWABLE                                31

#define SECCLASS_WINDOW                                  32

#define SECCLASS_GC                                      33

#define SECCLASS_FONT                                    34

#define SECCLASS_COLORMAP                                35

#define SECCLASS_PROPERTY                                36

#define SECCLASS_CURSOR                                  37

#define SECCLASS_XCLIENT                                 38

#define SECCLASS_XINPUT                                  39

#define SECCLASS_XSERVER                                 40

#define SECCLASS_XEXTENSION                              41

#define SECCLASS_PAX                                     42

#define SECCLASS_NETLINK_ROUTE_SOCKET                    43

#define SECCLASS_NETLINK_FIREWALL_SOCKET                 44

#define SECCLASS_NETLINK_TCPDIAG_SOCKET                  45
@@ -56,14 +43,11 @@ 
#define SECCLASS_NETLINK_AUDIT_SOCKET                    49

#define SECCLASS_NETLINK_IP6FW_SOCKET                    50

#define SECCLASS_NETLINK_DNRT_SOCKET                     51

#define SECCLASS_DBUS                                    52

#define SECCLASS_NSCD                                    53

#define SECCLASS_ASSOCIATION                             54

#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55

#define SECCLASS_APPLETALK_SOCKET                        56

#define SECCLASS_PACKET                                  57

#define SECCLASS_KEY                                     58

#define SECCLASS_CONTEXT                                 59

#define SECCLASS_DCCP_SOCKET                             60



/*