aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2017-05-17 11:31:48 -0400
committerSven Vermeulen <swift@gentoo.org>2017-05-18 19:01:00 +0200
commit09879cfc8abb8884cd11fe9ee3125e866190e207 (patch)
tree1b7f0cc5992ee277e80f0f2e6a9d46278c3eab78 /policy/flask
parentrefpolicy: Define getrlimit permission for class process (diff)
downloadhardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.tar.gz
hardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.tar.bz2
hardened-refpolicy-09879cfc8abb8884cd11fe9ee3125e866190e207.zip
refpolicy: Define smc_socket security class
Linux kernel commit da69a5306ab9 ("selinux: support distinctions among all network address families") triggers a build error if a new address family is added without defining a corresponding SELinux security class. As a result, the smc_socket class was added to the kernel to resolve a build failure as part of merge commit 3051bf36c25d that introduced AF_SMC circa Linux 4.11. Define this security class and its access vector, note that it is enabled as part of the extended_socket_class policy capability, and add it to the socket_class_set macro. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'policy/flask')
-rw-r--r--policy/flask/access_vectors3
-rw-r--r--policy/flask/security_classes1
2 files changed, 4 insertions, 0 deletions
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 6204e687..7652a313 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -1059,3 +1059,6 @@ inherits socket
class qipcrtr_socket
inherits socket
+
+class smc_socket
+inherits socket
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 18f18fd8..18c4f974 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -182,5 +182,6 @@ class nfc_socket
class vsock_socket
class kcm_socket
class qipcrtr_socket
+class smc_socket
# FLASK