diff options
author | Eric Paris <eparis@redhat.com> | 2007-09-21 14:37:10 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-10-17 08:59:33 +1000 |
commit | 3f12070e27b4a213d62607d2bff139793089a77d (patch) | |
tree | b6b614737f916c7c3102f66e6ad9e682b9c9bf04 /security/selinux/include | |
parent | 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb (diff) |
SELinux: policy selectable handling of unknown classes and perms
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes. The three choices for the
policy flags are
0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access
The policy's choice is exported through 2 booleans in
selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/security.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 83bdd4d2a29..39337afffec 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -90,6 +90,8 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); int security_get_classes(char ***classes, int *nclasses); int security_get_permissions(char *class, char ***perms, int *nperms); +int security_get_reject_unknown(void); +int security_get_allow_unknown(void); #define SECURITY_FS_USE_XATTR 1 /* use xattr */ #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |