Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad

Authored by Harry Ciao
Committed by Eric Paris
1 parent 0b24dcb7f2
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

SELinux: Auto-generate security_is_socket_class 

The security_is_socket_class() is auto-generated by genheaders based
on classmap.h to reduce maintenance effort when a new class is defined
in SELinux kernel. The name for any socket class should be suffixed by
"socket" and doesn't contain more than one substr of "socket".

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>

Showing 2 changed files with 24 additions and 0 deletions Side-by-side Diff

scripts/selinux/genheaders/genheaders.c
Diff comments   View file @ 4bc6c2d
... ... @@ -43,6 +43,8 @@
43 43 int i, j, k;
44 44 int isids_len;
45 45 FILE *fout;
  46 + const char *needle = "SOCKET";
  47 + char *substr;
46 48  
47 49 progname = argv[0];
48 50  
... ... @@ -88,6 +90,24 @@
88 90 fprintf(fout, "%2d\n", i);
89 91 }
90 92 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
  93 + fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
  94 + fprintf(fout, "{\n");
  95 + fprintf(fout, "\tbool sock = false;\n\n");
  96 + fprintf(fout, "\tswitch (kern_tclass) {\n");
  97 + for (i = 0; secclass_map[i].name; i++) {
  98 + struct security_class_mapping *map = &secclass_map[i];
  99 + substr = strstr(map->name, needle);
  100 + if (substr && strcmp(substr, needle) == 0)
  101 + fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
  102 + }
  103 + fprintf(fout, "\t\tsock = true;\n");
  104 + fprintf(fout, "\t\tbreak;\n");
  105 + fprintf(fout, "\tdefault:\n");
  106 + fprintf(fout, "\t\tbreak;\n");
  107 + fprintf(fout, "\t}\n\n");
  108 + fprintf(fout, "\treturn sock;\n");
  109 + fprintf(fout, "}\n");
  110 +
91 111 fprintf(fout, "\n#endif\n");
92 112 fclose(fout);
93 113  
security/selinux/include/classmap.h
Diff comments   View file @ 4bc6c2d
... ... @@ -12,6 +12,10 @@
12 12 #define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
13 13 "write", "associate", "unix_read", "unix_write"
14 14  
  15 +/*
  16 + * Note: The name for any socket class should be suffixed by "socket",
  17 + * and doesn't contain more than one substr of "socket".
  18 + */
15 19 struct security_class_mapping secclass_map[] = {
16 20 { "security",
17 21 { "compute_av", "compute_create", "compute_member",