Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a764ae4b authored by Stephen Smalley's avatar Stephen Smalley Committed by James Morris
Browse files

selinux: remove userland security class and permission definitions 



Remove userland security class and permission definitions from the kernel
as the kernel only needs to use and validate its own class and permission
definitions and userland definitions may change.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 4f6a993f

security/selinux/avc.c

+2 −0
Original line number Diff line number Diff line
@@ -217,6 +217,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla 
		audit_log_format(ab, " tcontext=%s", scontext);

		kfree(scontext);

	}



	BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);

	audit_log_format(ab, " tclass=%s", class_to_string[tclass]);

}

security/selinux/include/av_perm_to_string.h

+0 −102
Original line number Diff line number Diff line
@@ -128,96 +128,6 @@ 
   S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")

   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")

   S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")

   S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")

   S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")

   S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")

   S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")

   S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")

   S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")

   S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")

   S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")

   S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")

   S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")

   S_(SECCLASS_GC, GC__CREATE, "create")

   S_(SECCLASS_GC, GC__FREE, "free")

   S_(SECCLASS_GC, GC__GETATTR, "getattr")

   S_(SECCLASS_GC, GC__SETATTR, "setattr")

   S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")

   S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")

   S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")

   S_(SECCLASS_WINDOW, WINDOW__MAP, "map")

   S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")

   S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")

   S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")

   S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")

   S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")

   S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")

   S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")

   S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")

   S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")

   S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")

   S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")

   S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")

   S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")

   S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")

   S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")

   S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")

   S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")

   S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")

   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")

   S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")

   S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")

   S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")

   S_(SECCLASS_FONT, FONT__LOAD, "load")

   S_(SECCLASS_FONT, FONT__FREE, "free")

   S_(SECCLASS_FONT, FONT__GETATTR, "getattr")

   S_(SECCLASS_FONT, FONT__USE, "use")

   S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")

   S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")

   S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")

   S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")

   S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")

   S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")

   S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")

   S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")

   S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")

   S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")

   S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")

   S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")

   S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")

   S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")

   S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")

   S_(SECCLASS_CURSOR, CURSOR__FREE, "free")

   S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")

   S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")

   S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")

   S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")

   S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")

   S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")

   S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")

   S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")

   S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")

   S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")

   S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")

   S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")

   S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")

   S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")

   S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")

   S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")

   S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")

   S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")

   S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")

   S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")

   S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")

   S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")

   S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")

   S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")

   S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")

   S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")

   S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")

   S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")

   S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")

   S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")

   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")

   S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")

   S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
@@ -232,16 +142,6 @@ 
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")

   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")

   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")

   S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")

   S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")

   S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")

   S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")

   S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")

   S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")

   S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")

   S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")

   S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")

   S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")

   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
@@ -256,7 +156,5 @@ 
   S_(SECCLASS_KEY, KEY__LINK, "link")

   S_(SECCLASS_KEY, KEY__SETATTR, "setattr")

   S_(SECCLASS_KEY, KEY__CREATE, "create")

   S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")

   S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")

   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")

   S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")