[RFC PATCH 0/1] selinux: Add support for new key permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've been running this patch on my system for a few weeks now with no
problems, therefore I conclude that the key service only passes one
permission at a time.

Listed below is the output from the kernel logs regarding the permission
translations.

key_perms polcap = 0
entry_perm: 0x0001 exit_perm: 0x0001 view
entry_perm: 0x0002 exit_perm: 0x0002 read
entry_perm: 0x0004 exit_perm: 0x0004 write
entry_perm: 0x0008 exit_perm: 0x0008 search
entry_perm: 0x0010 exit_perm: 0x0010 link
entry_perm: 0x0020 exit_perm: 0x0020 setsec
entry_perm: 0x0040 exit_perm: 0x0008 inval/search
entry_perm: 0x0080 exit_perm: 0x0004 revoke/write
entry_perm: 0x0100 exit_perm: 0x0008 join/search
entry_perm: 0x0200 exit_perm: 0x0004 clear/write
entry_perm: 0x0400 exit_perm: 0x0010 parent_join/link

key_perms polcap = 1
entry_perm: 0x0001 exit_perm: 0x0001 view
entry_perm: 0x0002 exit_perm: 0x0002 read
entry_perm: 0x0004 exit_perm: 0x0004 write
entry_perm: 0x0008 exit_perm: 0x0008 search
entry_perm: 0x0010 exit_perm: 0x0010 link
entry_perm: 0x0020 exit_perm: 0x0020 setsec
entry_perm: 0x0040 exit_perm: 0x0080 inval
entry_perm: 0x0080 exit_perm: 0x0100 revoke
entry_perm: 0x0100 exit_perm: 0x0200 join
entry_perm: 0x0200 exit_perm: 0x0400 clear
entry_perm: 0x0400 exit_perm: 0x0200 parent_join/join

<---     key.h       ---->   <-- av_permissions.h -->
KEY_NEED_VIEW        0x001   KEY__VIEW    0x00000001U
KEY_NEED_READ        0x002   KEY__READ    0x00000002U
KEY_NEED_WRITE       0x004   KEY__WRITE   0x00000004U
KEY_NEED_SEARCH      0x008   KEY__SEARCH  0x00000008U
KEY_NEED_LINK        0x010   KEY__LINK    0x00000010U
KEY_NEED_SETSEC      0x020   KEY__SETATTR 0x00000020U
KEY_NEED_INVAL       0x040   KEY__INVAL   0x00000080U
KEY_NEED_REVOKE      0x080   KEY__REVOKE  0x00000100U
KEY_NEED_JOIN        0x100   KEY__JOIN    0x00000200U
KEY_NEED_CLEAR       0x200   KEY__CLEAR   0x00000400U
KEY_NEED_PARENT_JOIN 0x400   KEY__JOIN    0x00000200U

Richard Haines (1):
  selinux: Add support for new key permissions

 security/selinux/hooks.c            | 123 ++++++++++++++++------------
 security/selinux/include/security.h |  10 +--
 security/selinux/ss/services.c      |   4 +-
 3 files changed, 76 insertions(+), 61 deletions(-)

-- 
2.24.1
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux