|
 |
3578778 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.71/include/selinux/av_permissions.h
|
|
|
3578778 |
--- nsalibselinux/include/selinux/av_permissions.h 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/include/selinux/av_permissions.h 2008-09-24 07:41:57.000000000 -0400
|
|
|
3578778 |
@@ -85,6 +85,7 @@
|
|
|
3578778 |
#define DIR__REPARENT 0x00080000UL
|
|
|
3578778 |
#define DIR__SEARCH 0x00100000UL
|
|
|
3578778 |
#define DIR__RMDIR 0x00200000UL
|
|
|
3578778 |
+#define DIR__OPEN 0x00400000UL
|
|
|
3578778 |
#define FILE__IOCTL 0x00000001UL
|
|
|
3578778 |
#define FILE__READ 0x00000002UL
|
|
|
3578778 |
#define FILE__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -105,6 +106,7 @@
|
|
|
3578778 |
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
|
|
|
3578778 |
#define FILE__ENTRYPOINT 0x00040000UL
|
|
|
3578778 |
#define FILE__EXECMOD 0x00080000UL
|
|
|
3578778 |
+#define FILE__OPEN 0x00100000UL
|
|
|
3578778 |
#define LNK_FILE__IOCTL 0x00000001UL
|
|
|
3578778 |
#define LNK_FILE__READ 0x00000002UL
|
|
|
3578778 |
#define LNK_FILE__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -142,6 +144,7 @@
|
|
|
3578778 |
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
|
|
|
3578778 |
#define CHR_FILE__ENTRYPOINT 0x00040000UL
|
|
|
3578778 |
#define CHR_FILE__EXECMOD 0x00080000UL
|
|
|
3578778 |
+#define CHR_FILE__OPEN 0x00100000UL
|
|
|
3578778 |
#define BLK_FILE__IOCTL 0x00000001UL
|
|
|
3578778 |
#define BLK_FILE__READ 0x00000002UL
|
|
|
3578778 |
#define BLK_FILE__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -159,6 +162,7 @@
|
|
|
3578778 |
#define BLK_FILE__SWAPON 0x00004000UL
|
|
|
3578778 |
#define BLK_FILE__QUOTAON 0x00008000UL
|
|
|
3578778 |
#define BLK_FILE__MOUNTON 0x00010000UL
|
|
|
3578778 |
+#define BLK_FILE__OPEN 0x00020000UL
|
|
|
3578778 |
#define SOCK_FILE__IOCTL 0x00000001UL
|
|
|
3578778 |
#define SOCK_FILE__READ 0x00000002UL
|
|
|
3578778 |
#define SOCK_FILE__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -193,6 +197,7 @@
|
|
|
3578778 |
#define FIFO_FILE__SWAPON 0x00004000UL
|
|
|
3578778 |
#define FIFO_FILE__QUOTAON 0x00008000UL
|
|
|
3578778 |
#define FIFO_FILE__MOUNTON 0x00010000UL
|
|
|
3578778 |
+#define FIFO_FILE__OPEN 0x00020000UL
|
|
|
3578778 |
#define FD__USE 0x00000001UL
|
|
|
3578778 |
#define SOCKET__IOCTL 0x00000001UL
|
|
|
3578778 |
#define SOCKET__READ 0x00000002UL
|
|
|
3578778 |
@@ -547,91 +552,102 @@
|
|
|
3578778 |
#define PASSWD__CHSH 0x00000004UL
|
|
|
3578778 |
#define PASSWD__ROOTOK 0x00000008UL
|
|
|
3578778 |
#define PASSWD__CRONTAB 0x00000010UL
|
|
|
3578778 |
-#define DRAWABLE__CREATE 0x00000001UL
|
|
|
3578778 |
-#define DRAWABLE__DESTROY 0x00000002UL
|
|
|
3578778 |
-#define DRAWABLE__DRAW 0x00000004UL
|
|
|
3578778 |
-#define DRAWABLE__COPY 0x00000008UL
|
|
|
3578778 |
-#define DRAWABLE__GETATTR 0x00000010UL
|
|
|
3578778 |
-#define GC__CREATE 0x00000001UL
|
|
|
3578778 |
-#define GC__FREE 0x00000002UL
|
|
|
3578778 |
-#define GC__GETATTR 0x00000004UL
|
|
|
3578778 |
-#define GC__SETATTR 0x00000008UL
|
|
|
3578778 |
-#define WINDOW__ADDCHILD 0x00000001UL
|
|
|
3578778 |
-#define WINDOW__CREATE 0x00000002UL
|
|
|
3578778 |
-#define WINDOW__DESTROY 0x00000004UL
|
|
|
3578778 |
-#define WINDOW__MAP 0x00000008UL
|
|
|
3578778 |
-#define WINDOW__UNMAP 0x00000010UL
|
|
|
3578778 |
-#define WINDOW__CHSTACK 0x00000020UL
|
|
|
3578778 |
-#define WINDOW__CHPROPLIST 0x00000040UL
|
|
|
3578778 |
-#define WINDOW__CHPROP 0x00000080UL
|
|
|
3578778 |
-#define WINDOW__LISTPROP 0x00000100UL
|
|
|
3578778 |
-#define WINDOW__GETATTR 0x00000200UL
|
|
|
3578778 |
-#define WINDOW__SETATTR 0x00000400UL
|
|
|
3578778 |
-#define WINDOW__SETFOCUS 0x00000800UL
|
|
|
3578778 |
-#define WINDOW__MOVE 0x00001000UL
|
|
|
3578778 |
-#define WINDOW__CHSELECTION 0x00002000UL
|
|
|
3578778 |
-#define WINDOW__CHPARENT 0x00004000UL
|
|
|
3578778 |
-#define WINDOW__CTRLLIFE 0x00008000UL
|
|
|
3578778 |
-#define WINDOW__ENUMERATE 0x00010000UL
|
|
|
3578778 |
-#define WINDOW__TRANSPARENT 0x00020000UL
|
|
|
3578778 |
-#define WINDOW__MOUSEMOTION 0x00040000UL
|
|
|
3578778 |
-#define WINDOW__CLIENTCOMEVENT 0x00080000UL
|
|
|
3578778 |
-#define WINDOW__INPUTEVENT 0x00100000UL
|
|
|
3578778 |
-#define WINDOW__DRAWEVENT 0x00200000UL
|
|
|
3578778 |
-#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
|
|
|
3578778 |
-#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
|
|
|
3578778 |
-#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
|
|
|
3578778 |
-#define WINDOW__EXTENSIONEVENT 0x02000000UL
|
|
|
3578778 |
-#define FONT__LOAD 0x00000001UL
|
|
|
3578778 |
-#define FONT__FREE 0x00000002UL
|
|
|
3578778 |
-#define FONT__GETATTR 0x00000004UL
|
|
|
3578778 |
-#define FONT__USE 0x00000008UL
|
|
|
3578778 |
-#define COLORMAP__CREATE 0x00000001UL
|
|
|
3578778 |
-#define COLORMAP__FREE 0x00000002UL
|
|
|
3578778 |
-#define COLORMAP__INSTALL 0x00000004UL
|
|
|
3578778 |
-#define COLORMAP__UNINSTALL 0x00000008UL
|
|
|
3578778 |
-#define COLORMAP__LIST 0x00000010UL
|
|
|
3578778 |
-#define COLORMAP__READ 0x00000020UL
|
|
|
3578778 |
-#define COLORMAP__STORE 0x00000040UL
|
|
|
3578778 |
-#define COLORMAP__GETATTR 0x00000080UL
|
|
|
3578778 |
-#define COLORMAP__SETATTR 0x00000100UL
|
|
|
3578778 |
-#define PROPERTY__CREATE 0x00000001UL
|
|
|
3578778 |
-#define PROPERTY__FREE 0x00000002UL
|
|
|
3578778 |
-#define PROPERTY__READ 0x00000004UL
|
|
|
3578778 |
-#define PROPERTY__WRITE 0x00000008UL
|
|
|
3578778 |
-#define CURSOR__CREATE 0x00000001UL
|
|
|
3578778 |
-#define CURSOR__CREATEGLYPH 0x00000002UL
|
|
|
3578778 |
-#define CURSOR__FREE 0x00000004UL
|
|
|
3578778 |
-#define CURSOR__ASSIGN 0x00000008UL
|
|
|
3578778 |
-#define CURSOR__SETATTR 0x00000010UL
|
|
|
3578778 |
-#define XCLIENT__KILL 0x00000001UL
|
|
|
3578778 |
-#define XINPUT__LOOKUP 0x00000001UL
|
|
|
3578778 |
-#define XINPUT__GETATTR 0x00000002UL
|
|
|
3578778 |
-#define XINPUT__SETATTR 0x00000004UL
|
|
|
3578778 |
-#define XINPUT__SETFOCUS 0x00000008UL
|
|
|
3578778 |
-#define XINPUT__WARPPOINTER 0x00000010UL
|
|
|
3578778 |
-#define XINPUT__ACTIVEGRAB 0x00000020UL
|
|
|
3578778 |
-#define XINPUT__PASSIVEGRAB 0x00000040UL
|
|
|
3578778 |
-#define XINPUT__UNGRAB 0x00000080UL
|
|
|
3578778 |
-#define XINPUT__BELL 0x00000100UL
|
|
|
3578778 |
-#define XINPUT__MOUSEMOTION 0x00000200UL
|
|
|
3578778 |
-#define XINPUT__RELABELINPUT 0x00000400UL
|
|
|
3578778 |
-#define XSERVER__SCREENSAVER 0x00000001UL
|
|
|
3578778 |
-#define XSERVER__GETHOSTLIST 0x00000002UL
|
|
|
3578778 |
-#define XSERVER__SETHOSTLIST 0x00000004UL
|
|
|
3578778 |
-#define XSERVER__GETFONTPATH 0x00000008UL
|
|
|
3578778 |
-#define XSERVER__SETFONTPATH 0x00000010UL
|
|
|
3578778 |
-#define XSERVER__GETATTR 0x00000020UL
|
|
|
3578778 |
-#define XSERVER__GRAB 0x00000040UL
|
|
|
3578778 |
-#define XSERVER__UNGRAB 0x00000080UL
|
|
|
3578778 |
-#define XEXTENSION__QUERY 0x00000001UL
|
|
|
3578778 |
-#define XEXTENSION__USE 0x00000002UL
|
|
|
3578778 |
-#define PAX__PAGEEXEC 0x00000001UL
|
|
|
3578778 |
-#define PAX__EMUTRAMP 0x00000002UL
|
|
|
3578778 |
-#define PAX__MPROTECT 0x00000004UL
|
|
|
3578778 |
-#define PAX__RANDMMAP 0x00000008UL
|
|
|
3578778 |
-#define PAX__RANDEXEC 0x00000010UL
|
|
|
3578778 |
-#define PAX__SEGMEXEC 0x00000020UL
|
|
|
3578778 |
+#define X_DRAWABLE__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_DRAWABLE__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_DRAWABLE__READ 0x00000004UL
|
|
|
3578778 |
+#define X_DRAWABLE__WRITE 0x00000008UL
|
|
|
3578778 |
+#define X_DRAWABLE__BLEND 0x00000010UL
|
|
|
3578778 |
+#define X_DRAWABLE__GETATTR 0x00000020UL
|
|
|
3578778 |
+#define X_DRAWABLE__SETATTR 0x00000040UL
|
|
|
3578778 |
+#define X_DRAWABLE__LIST_CHILD 0x00000080UL
|
|
|
3578778 |
+#define X_DRAWABLE__ADD_CHILD 0x00000100UL
|
|
|
3578778 |
+#define X_DRAWABLE__REMOVE_CHILD 0x00000200UL
|
|
|
3578778 |
+#define X_DRAWABLE__LIST_PROPERTY 0x00000400UL
|
|
|
3578778 |
+#define X_DRAWABLE__GET_PROPERTY 0x00000800UL
|
|
|
3578778 |
+#define X_DRAWABLE__SET_PROPERTY 0x00001000UL
|
|
|
3578778 |
+#define X_DRAWABLE__MANAGE 0x00002000UL
|
|
|
3578778 |
+#define X_DRAWABLE__OVERRIDE 0x00004000UL
|
|
|
3578778 |
+#define X_DRAWABLE__SHOW 0x00008000UL
|
|
|
3578778 |
+#define X_DRAWABLE__HIDE 0x00010000UL
|
|
|
3578778 |
+#define X_DRAWABLE__SEND 0x00020000UL
|
|
|
3578778 |
+#define X_DRAWABLE__RECEIVE 0x00040000UL
|
|
|
3578778 |
+#define X_SCREEN__GETATTR 0x00000001UL
|
|
|
3578778 |
+#define X_SCREEN__SETATTR 0x00000002UL
|
|
|
3578778 |
+#define X_SCREEN__HIDE_CURSOR 0x00000004UL
|
|
|
3578778 |
+#define X_SCREEN__SHOW_CURSOR 0x00000008UL
|
|
|
3578778 |
+#define X_SCREEN__SAVER_GETATTR 0x00000010UL
|
|
|
3578778 |
+#define X_SCREEN__SAVER_SETATTR 0x00000020UL
|
|
|
3578778 |
+#define X_SCREEN__SAVER_HIDE 0x00000040UL
|
|
|
3578778 |
+#define X_SCREEN__SAVER_SHOW 0x00000080UL
|
|
|
3578778 |
+#define X_GC__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_GC__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_GC__GETATTR 0x00000004UL
|
|
|
3578778 |
+#define X_GC__SETATTR 0x00000008UL
|
|
|
3578778 |
+#define X_GC__USE 0x00000010UL
|
|
|
3578778 |
+#define X_FONT__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_FONT__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_FONT__GETATTR 0x00000004UL
|
|
|
3578778 |
+#define X_FONT__ADD_GLYPH 0x00000008UL
|
|
|
3578778 |
+#define X_FONT__REMOVE_GLYPH 0x00000010UL
|
|
|
3578778 |
+#define X_FONT__USE 0x00000020UL
|
|
|
3578778 |
+#define X_COLORMAP__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_COLORMAP__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_COLORMAP__READ 0x00000004UL
|
|
|
3578778 |
+#define X_COLORMAP__WRITE 0x00000008UL
|
|
|
3578778 |
+#define X_COLORMAP__GETATTR 0x00000010UL
|
|
|
3578778 |
+#define X_COLORMAP__ADD_COLOR 0x00000020UL
|
|
|
3578778 |
+#define X_COLORMAP__REMOVE_COLOR 0x00000040UL
|
|
|
3578778 |
+#define X_COLORMAP__INSTALL 0x00000080UL
|
|
|
3578778 |
+#define X_COLORMAP__UNINSTALL 0x00000100UL
|
|
|
3578778 |
+#define X_COLORMAP__USE 0x00000200UL
|
|
|
3578778 |
+#define X_PROPERTY__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_PROPERTY__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_PROPERTY__READ 0x00000004UL
|
|
|
3578778 |
+#define X_PROPERTY__WRITE 0x00000008UL
|
|
|
3578778 |
+#define X_PROPERTY__APPEND 0x00000010UL
|
|
|
3578778 |
+#define X_PROPERTY__GETATTR 0x00000020UL
|
|
|
3578778 |
+#define X_PROPERTY__SETATTR 0x00000040UL
|
|
|
3578778 |
+#define X_SELECTION__READ 0x00000001UL
|
|
|
3578778 |
+#define X_SELECTION__WRITE 0x00000002UL
|
|
|
3578778 |
+#define X_SELECTION__GETATTR 0x00000004UL
|
|
|
3578778 |
+#define X_SELECTION__SETATTR 0x00000008UL
|
|
|
3578778 |
+#define X_CURSOR__CREATE 0x00000001UL
|
|
|
3578778 |
+#define X_CURSOR__DESTROY 0x00000002UL
|
|
|
3578778 |
+#define X_CURSOR__READ 0x00000004UL
|
|
|
3578778 |
+#define X_CURSOR__WRITE 0x00000008UL
|
|
|
3578778 |
+#define X_CURSOR__GETATTR 0x00000010UL
|
|
|
3578778 |
+#define X_CURSOR__SETATTR 0x00000020UL
|
|
|
3578778 |
+#define X_CURSOR__USE 0x00000040UL
|
|
|
3578778 |
+#define X_CLIENT__DESTROY 0x00000001UL
|
|
|
3578778 |
+#define X_CLIENT__GETATTR 0x00000002UL
|
|
|
3578778 |
+#define X_CLIENT__SETATTR 0x00000004UL
|
|
|
3578778 |
+#define X_CLIENT__MANAGE 0x00000008UL
|
|
|
3578778 |
+#define X_DEVICE__GETATTR 0x00000001UL
|
|
|
3578778 |
+#define X_DEVICE__SETATTR 0x00000002UL
|
|
|
3578778 |
+#define X_DEVICE__USE 0x00000004UL
|
|
|
3578778 |
+#define X_DEVICE__READ 0x00000008UL
|
|
|
3578778 |
+#define X_DEVICE__WRITE 0x00000010UL
|
|
|
3578778 |
+#define X_DEVICE__GETFOCUS 0x00000020UL
|
|
|
3578778 |
+#define X_DEVICE__SETFOCUS 0x00000040UL
|
|
|
3578778 |
+#define X_DEVICE__BELL 0x00000080UL
|
|
|
3578778 |
+#define X_DEVICE__FORCE_CURSOR 0x00000100UL
|
|
|
3578778 |
+#define X_DEVICE__FREEZE 0x00000200UL
|
|
|
3578778 |
+#define X_DEVICE__GRAB 0x00000400UL
|
|
|
3578778 |
+#define X_DEVICE__MANAGE 0x00000800UL
|
|
|
3578778 |
+#define X_SERVER__GETATTR 0x00000001UL
|
|
|
3578778 |
+#define X_SERVER__SETATTR 0x00000002UL
|
|
|
3578778 |
+#define X_SERVER__RECORD 0x00000004UL
|
|
|
3578778 |
+#define X_SERVER__DEBUG 0x00000008UL
|
|
|
3578778 |
+#define X_SERVER__GRAB 0x00000010UL
|
|
|
3578778 |
+#define X_SERVER__MANAGE 0x00000020UL
|
|
|
3578778 |
+#define X_EXTENSION__QUERY 0x00000001UL
|
|
|
3578778 |
+#define X_EXTENSION__USE 0x00000002UL
|
|
|
3578778 |
+#define X_RESOURCE__READ 0x00000001UL
|
|
|
3578778 |
+#define X_RESOURCE__WRITE 0x00000002UL
|
|
|
3578778 |
+#define X_EVENT__SEND 0x00000001UL
|
|
|
3578778 |
+#define X_EVENT__RECEIVE 0x00000002UL
|
|
|
3578778 |
+#define X_SYNTHETIC_EVENT__SEND 0x00000001UL
|
|
|
3578778 |
+#define X_SYNTHETIC_EVENT__RECEIVE 0x00000002UL
|
|
|
3578778 |
#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
|
|
|
3578778 |
#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
|
|
|
3578778 |
#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -798,6 +814,7 @@
|
|
|
3578778 |
#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
|
|
|
3578778 |
#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
|
|
|
3578778 |
#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
|
|
|
3578778 |
+#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL
|
|
|
3578778 |
#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
|
|
|
3578778 |
#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
|
|
|
3578778 |
#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
|
|
|
3578778 |
@@ -1004,3 +1021,6 @@
|
|
|
3578778 |
#define DB_BLOB__IMPORT 0x00000100UL
|
|
|
3578778 |
#define DB_BLOB__EXPORT 0x00000200UL
|
|
|
3578778 |
#define PEER__RECV 0x00000001UL
|
|
|
3578778 |
+#define X_APPLICATION_DATA__PASTE 0x00000001UL
|
|
|
3578778 |
+#define X_APPLICATION_DATA__PASTE_AFTER_CONFIRM 0x00000002UL
|
|
|
3578778 |
+#define X_APPLICATION_DATA__COPY 0x00000004UL
|
|
|
3578778 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.71/include/selinux/flask.h
|
|
|
3578778 |
--- nsalibselinux/include/selinux/flask.h 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/include/selinux/flask.h 2008-09-24 07:41:57.000000000 -0400
|
|
|
3578778 |
@@ -35,18 +35,18 @@
|
|
|
3578778 |
#define SECCLASS_SHM 28
|
|
|
3578778 |
#define SECCLASS_IPC 29
|
|
|
3578778 |
#define SECCLASS_PASSWD 30
|
|
|
3578778 |
-#define SECCLASS_DRAWABLE 31
|
|
|
3578778 |
-#define SECCLASS_WINDOW 32
|
|
|
3578778 |
-#define SECCLASS_GC 33
|
|
|
3578778 |
-#define SECCLASS_FONT 34
|
|
|
3578778 |
-#define SECCLASS_COLORMAP 35
|
|
|
3578778 |
-#define SECCLASS_PROPERTY 36
|
|
|
3578778 |
-#define SECCLASS_CURSOR 37
|
|
|
3578778 |
-#define SECCLASS_XCLIENT 38
|
|
|
3578778 |
-#define SECCLASS_XINPUT 39
|
|
|
3578778 |
-#define SECCLASS_XSERVER 40
|
|
|
3578778 |
-#define SECCLASS_XEXTENSION 41
|
|
|
3578778 |
-#define SECCLASS_PAX 42
|
|
|
3578778 |
+#define SECCLASS_X_DRAWABLE 31
|
|
|
3578778 |
+#define SECCLASS_X_SCREEN 32
|
|
|
3578778 |
+#define SECCLASS_X_GC 33
|
|
|
3578778 |
+#define SECCLASS_X_FONT 34
|
|
|
3578778 |
+#define SECCLASS_X_COLORMAP 35
|
|
|
3578778 |
+#define SECCLASS_X_PROPERTY 36
|
|
|
3578778 |
+#define SECCLASS_X_SELECTION 37
|
|
|
3578778 |
+#define SECCLASS_X_CURSOR 38
|
|
|
3578778 |
+#define SECCLASS_X_CLIENT 39
|
|
|
3578778 |
+#define SECCLASS_X_DEVICE 40
|
|
|
3578778 |
+#define SECCLASS_X_SERVER 41
|
|
|
3578778 |
+#define SECCLASS_X_EXTENSION 42
|
|
|
3578778 |
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
|
|
|
3578778 |
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
|
|
|
3578778 |
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
|
|
|
3578778 |
@@ -74,6 +74,10 @@
|
|
|
3578778 |
#define SECCLASS_DB_BLOB 67
|
|
|
3578778 |
#define SECCLASS_PEER 68
|
|
|
3578778 |
#define SECCLASS_CAPABILITY2 69
|
|
|
3578778 |
+#define SECCLASS_X_RESOURCE 70
|
|
|
3578778 |
+#define SECCLASS_X_EVENT 71
|
|
|
3578778 |
+#define SECCLASS_X_SYNTHETIC_EVENT 72
|
|
|
3578778 |
+#define SECCLASS_X_APPLICATION_DATA 73
|
|
|
3578778 |
|
|
|
3578778 |
/*
|
|
|
3578778 |
* Security identifier indices for initial entities
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_get_initial_sid.3 libselinux-2.0.71/man/man3/avc_get_initial_sid.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/avc_get_initial_sid.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/avc_get_initial_sid.3 2008-09-24 08:44:16.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/avc_context_to_sid.3
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3
|
|
|
ac4e772 |
--- nsalibselinux/man/man3/fgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/fgetfilecon.3 2008-09-24 07:41:57.000000000 -0400
|
|
|
ac4e772 |
@@ -0,0 +1 @@
|
|
|
ac4e772 |
+.so man3/getfilecon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_type.3 libselinux-2.0.71/man/man3/get_default_type.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/get_default_type.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/get_default_type.3 2008-09-24 08:40:51.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/get_ordered_context_list.3
|
|
|
15c5a62 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3
|
|
|
15c5a62 |
--- nsalibselinux/man/man3/getkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/getkeycreatecon.3 2008-09-24 07:41:57.000000000 -0400
|
|
|
15c5a62 |
@@ -0,0 +1,38 @@
|
|
|
15c5a62 |
+.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
|
|
|
15c5a62 |
+.SH "NAME"
|
|
|
15c5a62 |
+getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "SYNOPSIS"
|
|
|
15c5a62 |
+.B #include <selinux/selinux.h>
|
|
|
15c5a62 |
+.sp
|
|
|
15c5a62 |
+.BI "int getkeycreatecon(security_context_t *" con );
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.BI "int setkeycreatecon(security_context_t "context );
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "DESCRIPTION"
|
|
|
15c5a62 |
+.B getkeycreatecon
|
|
|
15c5a62 |
+retrieves the context used for creating a new kernel keyring.
|
|
|
15c5a62 |
+This returned context should be freed with freecon if non-NULL.
|
|
|
15c5a62 |
+getkeycreatecon sets *con to NULL if no keycreate context has been explicitly
|
|
|
15c5a62 |
+set by the program (i.e. using the default policy behavior).
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.B setkeycreatecon
|
|
|
15c5a62 |
+sets the context used for creating a new kernel keyring.
|
|
|
15c5a62 |
+NULL can be passed to
|
|
|
15c5a62 |
+setkeycreatecon to reset to the default policy behavior.
|
|
|
15c5a62 |
+The keycreate context is automatically reset after the next execve, so a
|
|
|
15c5a62 |
+program doesn't need to explicitly sanitize it upon startup.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+setkeycreatecon can be applied prior to library
|
|
|
15c5a62 |
+functions that internally perform an file creation,
|
|
|
15c5a62 |
+in order to set an file context on the objects.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+Note: Signal handlers that perform an setkeycreate must take care to
|
|
|
15c5a62 |
+save, reset, and restore the keycreate context to avoid unexpected behavior.
|
|
|
15c5a62 |
+.SH "RETURN VALUE"
|
|
|
15c5a62 |
+On error -1 is returned.
|
|
|
15c5a62 |
+On success 0 is returned.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "SEE ALSO"
|
|
|
15c5a62 |
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getsockcreatecon.3 libselinux-2.0.71/man/man3/getsockcreatecon.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/getsockcreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/getsockcreatecon.3 2008-09-24 08:49:48.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1,38 @@
|
|
|
63093bd |
+.TH "getsockcreatecon" "3" "24 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
|
|
|
63093bd |
+.SH "NAME"
|
|
|
63093bd |
+getsockcreatecon, setsockcreatecon \- get or set the SELinux security context used for creating a new labeled sockets.
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "SYNOPSIS"
|
|
|
63093bd |
+.B #include <selinux/selinux.h>
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+.BI "int getsockcreatecon(security_context_t *" con );
|
|
|
63093bd |
+
|
|
|
63093bd |
+.BI "int setsockcreatecon(security_context_t "context );
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "DESCRIPTION"
|
|
|
63093bd |
+.B getsockcreatecon
|
|
|
63093bd |
+retrieves the context used for creating a new labeled network socket.
|
|
|
63093bd |
+This returned context should be freed with freecon if non-NULL.
|
|
|
63093bd |
+getsockcreatecon sets *con to NULL if no sockcreate context has been explicitly
|
|
|
63093bd |
+set by the program (i.e. using the default policy behavior).
|
|
|
63093bd |
+
|
|
|
63093bd |
+.B setsockcreatecon
|
|
|
63093bd |
+sets the context used for creating a new labeled network sockets
|
|
|
63093bd |
+NULL can be passed to
|
|
|
63093bd |
+setsockcreatecon to reset to the default policy behavior.
|
|
|
63093bd |
+The sockcreate context is automatically reset after the next execve, so a
|
|
|
63093bd |
+program doesn't need to explicitly sanitize it upon startup.
|
|
|
63093bd |
+
|
|
|
63093bd |
+setsockcreatecon can be applied prior to library
|
|
|
63093bd |
+functions that internally perform an file creation,
|
|
|
63093bd |
+in order to set an file context on the objects.
|
|
|
63093bd |
+
|
|
|
63093bd |
+
|
|
|
63093bd |
+Note: Signal handlers that perform an setsockcreate must take care to
|
|
|
63093bd |
+save, reset, and restore the sockcreate context to avoid unexpected behavior.
|
|
|
63093bd |
+.SH "RETURN VALUE"
|
|
|
63093bd |
+On error -1 is returned.
|
|
|
63093bd |
+On success 0 is returned.
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "SEE ALSO"
|
|
|
63093bd |
+.BR selinux "(8), " freecon "(3), " getcon "(3)
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_enabled.3 libselinux-2.0.71/man/man3/is_selinux_enabled.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/is_selinux_enabled.3 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/is_selinux_enabled.3 2008-09-24 07:48:20.000000000 -0400
|
|
|
63093bd |
@@ -1,14 +1,22 @@
|
|
|
63093bd |
.TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
|
|
|
63093bd |
.SH "NAME"
|
|
|
63093bd |
is_selinux_enabled \- check whether SELinux is enabled
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "NAME"
|
|
|
63093bd |
+is_selinux_mls_enabled \- check whether SELinux is enabled for (Multi Level Securty) MLS
|
|
|
63093bd |
.SH "SYNOPSIS"
|
|
|
63093bd |
.B #include <selinux/selinux.h>
|
|
|
63093bd |
.sp
|
|
|
63093bd |
.B int is_selinux_enabled();
|
|
|
63093bd |
|
|
|
63093bd |
+.B int is_selinux_mls_enabled();
|
|
|
63093bd |
+
|
|
|
63093bd |
.SH "DESCRIPTION"
|
|
|
63093bd |
.B is_selinux_enabled
|
|
|
63093bd |
-returns 1 if SELinux is running or 0 if it is not. May change soon.
|
|
|
63093bd |
+returns 1 if SELinux is running or 0 if it is not.
|
|
|
63093bd |
+
|
|
|
63093bd |
+.B is_selinux_mls_enabled
|
|
|
63093bd |
+returns 1 if SELinux is running in MLS mode or 0 if it is not.
|
|
|
63093bd |
|
|
|
63093bd |
.SH "SEE ALSO"
|
|
|
63093bd |
.BR selinux "(8)"
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_selinux_mls_enabled.3 libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/is_selinux_mls_enabled.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/is_selinux_mls_enabled.3 2008-09-24 07:47:56.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/is_selinux_enabled.3
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3
|
|
|
ac4e772 |
--- nsalibselinux/man/man3/lgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/lgetfilecon.3 2008-09-24 07:41:57.000000000 -0400
|
|
|
ac4e772 |
@@ -0,0 +1 @@
|
|
|
ac4e772 |
+.so man3/getfilecon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.71/man/man3/matchpathcon.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/matchpathcon.3 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/matchpathcon.3 2008-09-26 09:56:50.000000000 -0400
|
|
|
63093bd |
@@ -18,6 +18,11 @@
|
|
|
63093bd |
|
|
|
63093bd |
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
|
|
|
63093bd |
|
|
|
63093bd |
+.BI "int selinux_file_context_cmp(const security_context_t a,
|
|
|
63093bd |
+ const security_context_t b);"
|
|
|
63093bd |
+
|
|
|
63093bd |
+.BI "int selinux_file_context_verify(const char *path, mode_t mode);"
|
|
|
63093bd |
+
|
|
|
63093bd |
.SH "DESCRIPTION"
|
|
|
63093bd |
.B matchpathcon_init
|
|
|
63093bd |
loads the file contexts configuration specified by
|
|
|
63093bd |
@@ -111,6 +116,12 @@
|
|
|
63093bd |
.B MATCHPATHCON_BASEONLY
|
|
|
63093bd |
flag is set, then only the base file contexts configuration file
|
|
|
63093bd |
will be processed, not any dynamically generated entries or local customizations.
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+.B selinux_file_context_cmp
|
|
|
63093bd |
+compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+.B selinux_file_context_verify
|
|
|
63093bd |
+compares the file context on disk to the system default.
|
|
|
63093bd |
|
|
|
63093bd |
.sp
|
|
|
63093bd |
.SH "RETURN VALUE"
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_fini.3 libselinux-2.0.71/man/man3/matchpathcon_fini.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/matchpathcon_fini.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/matchpathcon_fini.3 2008-09-24 08:38:17.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/matchpathcon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon_init.3 libselinux-2.0.71/man/man3/matchpathcon_init.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/matchpathcon_init.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/matchpathcon_init.3 2008-09-24 08:38:00.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/matchpathcon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.71/man/man3/selinux_binary_policy_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_binary_policy_path.3 2008-09-24 08:18:47.000000000 -0400
|
|
|
63093bd |
@@ -1,6 +1,6 @@
|
|
|
63093bd |
.TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
|
|
|
63093bd |
.SH "NAME"
|
|
|
63093bd |
-selinux_policy_root, selinux_binary_policy_path,
|
|
|
63093bd |
+selinux_path, selinux_policy_root, selinux_binary_policy_path,
|
|
|
63093bd |
selinux_failsafe_context_path, selinux_removable_context_path,
|
|
|
63093bd |
selinux_default_context_path, selinux_user_contexts_path,
|
|
|
63093bd |
selinux_file_context_path, selinux_media_context_path,
|
|
|
63093bd |
@@ -11,6 +11,8 @@
|
|
|
63093bd |
.B #include <selinux/selinux.h>
|
|
|
63093bd |
.sp
|
|
|
63093bd |
|
|
|
63093bd |
+extern const char *selinux_path(void);
|
|
|
63093bd |
+
|
|
|
63093bd |
extern const char *selinux_policy_root(void);
|
|
|
63093bd |
|
|
|
63093bd |
extern const char *selinux_binary_policy_path(void);
|
|
|
63093bd |
@@ -23,6 +25,10 @@
|
|
|
63093bd |
|
|
|
63093bd |
extern const char *selinux_user_contexts_path(void);
|
|
|
63093bd |
|
|
|
63093bd |
+extern const char *selinux_usersconf_path(void);
|
|
|
63093bd |
+
|
|
|
63093bd |
+extern const char *selinux_x_context_path(void);
|
|
|
63093bd |
+
|
|
|
63093bd |
extern const char *selinux_file_context_path(void);
|
|
|
63093bd |
|
|
|
63093bd |
extern const char *selinux_media_context_path(void);
|
|
|
63093bd |
@@ -40,10 +46,14 @@
|
|
|
63093bd |
directories and files based on the settings in /etc/selinux/config.
|
|
|
63093bd |
|
|
|
63093bd |
.sp
|
|
|
63093bd |
+selinux_path() - top-level SELinux configuration directory
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
selinux_policy_root() - top-level policy directory
|
|
|
63093bd |
.sp
|
|
|
63093bd |
selinux_binary_policy_path() - binary policy file loaded into kernel
|
|
|
63093bd |
.sp
|
|
|
63093bd |
+selinux_default_type_path - context file mapping roles to default types.
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
selinux_failsafe_context_path() - failsafe context for emergency logins
|
|
|
63093bd |
.sp
|
|
|
63093bd |
selinux_removable_context_path() - filesystem context for removable media
|
|
|
63093bd |
@@ -52,7 +62,17 @@
|
|
|
63093bd |
.sp
|
|
|
63093bd |
selinux_user_contexts_path() - directory containing per-user default contexts
|
|
|
63093bd |
.sp
|
|
|
63093bd |
-selinux_file_context_path() - file contexts configuration
|
|
|
63093bd |
+selinux_usersconf_path() - file containing mapping between Linux Users and SELinux users
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+selinux_x_context_path() - file containing configuration for XSELinux extension
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+selinux_netfilter_context_path - default netfilter context
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+selinux_file_context_path() - default sysstem file contexts configuration
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+selinux_file_context_local_path() - local customization file contexts configuration
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+selinux_file_context_homedir_path() - home directory file contexts configuration
|
|
|
63093bd |
.sp
|
|
|
63093bd |
selinux_media_context_path() - file contexts for media device nodes
|
|
|
63093bd |
.sp
|
|
|
63093bd |
@@ -67,4 +87,3 @@
|
|
|
63093bd |
|
|
|
63093bd |
.SH "SEE ALSO"
|
|
|
63093bd |
.BR selinux "(8)"
|
|
|
63093bd |
-
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_default_type_path.3 libselinux-2.0.71/man/man3/selinux_default_type_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_default_type_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_default_type_path.3 2008-09-24 08:19:09.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_cmp.3 libselinux-2.0.71/man/man3/selinux_file_context_cmp.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_file_context_cmp.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 2008-09-26 09:57:51.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/matchpathcon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_homedir_path.3 libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_file_context_homedir_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_file_context_homedir_path.3 2008-09-24 08:17:07.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_local_path.3 libselinux-2.0.71/man/man3/selinux_file_context_local_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_file_context_local_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_file_context_local_path.3 2008-09-24 08:17:14.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_verify.3 libselinux-2.0.71/man/man3/selinux_file_context_verify.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_file_context_verify.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3 2008-09-26 09:57:30.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/matchpathcon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getpolicytype.3 libselinux-2.0.71/man/man3/selinux_getpolicytype.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_getpolicytype.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_getpolicytype.3 2008-09-24 07:42:23.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1,21 @@
|
|
|
63093bd |
+.TH "selinux_getpolicytype" "3" "24 Sep 2008" "dwalsh@redhat.com" "SELinux API documentation"
|
|
|
63093bd |
+.SH "NAME"
|
|
|
63093bd |
+selinux_getpolicytype \- get the type of SELinux policy running on the system
|
|
|
63093bd |
+.SH "SYNOPSIS"
|
|
|
63093bd |
+.B #include <selinux/selinux.h>
|
|
|
63093bd |
+.sp
|
|
|
63093bd |
+.B int selinux_getpolicytype();
|
|
|
63093bd |
+
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "DESCRIPTION"
|
|
|
63093bd |
+.B selinux_getpolicytype
|
|
|
63093bd |
+Reads the contents of the /etc/selinux/config file to determine the SELinux policy used on the system.
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "RETURN VALUE"
|
|
|
63093bd |
+On success, zero is returned.
|
|
|
63093bd |
+On failure, -1 is returned.
|
|
|
63093bd |
+
|
|
|
63093bd |
+.SH "SEE ALSO"
|
|
|
63093bd |
+.BR selinux "(8)"
|
|
|
63093bd |
+
|
|
|
63093bd |
+
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_homedir_context_path.3 libselinux-2.0.71/man/man3/selinux_homedir_context_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_homedir_context_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_homedir_context_path.3 2008-09-24 08:36:35.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_netfilter_context_path.3 libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_netfilter_context_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_netfilter_context_path.3 2008-09-24 08:36:44.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_path.3 libselinux-2.0.71/man/man3/selinux_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_path.3 2008-09-24 08:02:28.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_usersconf_path.3 libselinux-2.0.71/man/man3/selinux_usersconf_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_usersconf_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_usersconf_path.3 2008-09-24 08:36:00.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_x_context_path.3 libselinux-2.0.71/man/man3/selinux_x_context_path.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/selinux_x_context_path.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/selinux_x_context_path.3 2008-09-24 08:36:08.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/selinux_binary_policy_path.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/set_matchpathcon_flags.3 libselinux-2.0.71/man/man3/set_matchpathcon_flags.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/set_matchpathcon_flags.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/set_matchpathcon_flags.3 2008-09-24 08:42:03.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/matchpathcon.3
|
|
|
15c5a62 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3
|
|
|
15c5a62 |
--- nsalibselinux/man/man3/setkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/setkeycreatecon.3 2008-09-24 07:41:57.000000000 -0400
|
|
|
15c5a62 |
@@ -0,0 +1 @@
|
|
|
15c5a62 |
+.so man3/getkeycreatecon.3
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setsockcreatecon.3 libselinux-2.0.71/man/man3/setsockcreatecon.3
|
|
|
63093bd |
--- nsalibselinux/man/man3/setsockcreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man3/setsockcreatecon.3 2008-09-24 08:46:55.000000000 -0400
|
|
|
63093bd |
@@ -0,0 +1 @@
|
|
|
63093bd |
+.so man3/getsockcreatecon.3
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
|
|
|
792921f |
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-24 07:41:57.000000000 -0400
|
|
|
792921f |
@@ -0,0 +1,18 @@
|
|
|
792921f |
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
792921f |
+.SH "NAME"
|
|
|
792921f |
+selinuxconlist \- list all SELinux context reachable for user
|
|
|
792921f |
+.SH "SYNOPSIS"
|
|
|
792921f |
+.B selinuxconlist [-l level] user [context]
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "DESCRIPTION"
|
|
|
792921f |
+.B selinuxconlist
|
|
|
792921f |
+reports the list of context reachable for user from the current context or specified context
|
|
|
792921f |
+
|
|
|
792921f |
+.B \-l level
|
|
|
792921f |
+mcs/mls level
|
|
|
792921f |
+
|
|
|
792921f |
+.SH AUTHOR
|
|
|
792921f |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SEE ALSO"
|
|
|
792921f |
+secon(8), selinuxdefcon(8)
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
|
|
|
792921f |
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
63093bd |
+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-24 07:41:57.000000000 -0400
|
|
|
792921f |
@@ -0,0 +1,19 @@
|
|
|
792921f |
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
792921f |
+.SH "NAME"
|
|
|
792921f |
+selinuxdefcon \- list default SELinux context for user
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SYNOPSIS"
|
|
|
792921f |
+.B selinuxdefcon [-l level] user [fromcon]
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "DESCRIPTION"
|
|
|
792921f |
+.B seconlist
|
|
|
792921f |
+reports the default context for the specified user from current context or specified context
|
|
|
792921f |
+
|
|
|
792921f |
+.B \-l level
|
|
|
792921f |
+mcs/mls level
|
|
|
792921f |
+
|
|
|
792921f |
+.SH AUTHOR
|
|
|
792921f |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SEE ALSO"
|
|
|
792921f |
+secon(8), selinuxconlist(8)
|
|
|
3578778 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/av_perm_to_string.h libselinux-2.0.71/src/av_perm_to_string.h
|
|
|
3578778 |
--- nsalibselinux/src/av_perm_to_string.h 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/src/av_perm_to_string.h 2008-09-24 07:41:57.000000000 -0400
|
|
|
3578778 |
@@ -14,12 +14,17 @@
|
|
|
3578778 |
S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
|
|
|
3578778 |
S_(SECCLASS_DIR, DIR__SEARCH, "search")
|
|
|
3578778 |
S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
|
|
|
3578778 |
+ S_(SECCLASS_DIR, DIR__OPEN, "open")
|
|
|
3578778 |
S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
|
|
|
3578778 |
S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
|
|
|
3578778 |
S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
|
|
|
3578778 |
+ S_(SECCLASS_FILE, FILE__OPEN, "open")
|
|
|
3578778 |
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
|
|
|
3578778 |
S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
|
|
|
3578778 |
S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
|
|
|
3578778 |
+ S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open")
|
|
|
3578778 |
+ S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open")
|
|
|
3578778 |
+ S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open")
|
|
|
3578778 |
S_(SECCLASS_FD, FD__USE, "use")
|
|
|
3578778 |
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
|
|
|
3578778 |
S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
|
|
|
3578778 |
@@ -140,91 +145,102 @@
|
|
|
3578778 |
S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
|
|
|
3578778 |
S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
|
|
|
3578778 |
S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
|
|
|
3578778 |
- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
|
|
|
3578778 |
- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
|
|
|
3578778 |
- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
|
|
|
3578778 |
- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_GC, GC__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_GC, GC__FREE, "free")
|
|
|
3578778 |
- S_(SECCLASS_GC, GC__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_GC, GC__SETATTR, "setattr")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
|
|
|
3578778 |
- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
|
|
|
3578778 |
- S_(SECCLASS_FONT, FONT__LOAD, "load")
|
|
|
3578778 |
- S_(SECCLASS_FONT, FONT__FREE, "free")
|
|
|
3578778 |
- S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_FONT, FONT__USE, "use")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
|
|
|
3578778 |
- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
|
|
|
3578778 |
- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
|
|
|
3578778 |
- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
|
|
|
3578778 |
- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
|
|
|
3578778 |
- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
|
|
|
3578778 |
- S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
|
|
|
3578778 |
- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
|
|
|
3578778 |
- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
|
|
|
3578778 |
- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
|
|
|
3578778 |
- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
|
|
|
3578778 |
- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
|
|
|
3578778 |
- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
|
|
|
3578778 |
- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
|
|
|
3578778 |
- S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__BLEND, "blend")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__LIST_CHILD, "list_child")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__ADD_CHILD, "add_child")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__REMOVE_CHILD, "remove_child")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__LIST_PROPERTY, "list_property")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__GET_PROPERTY, "get_property")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SET_PROPERTY, "set_property")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__MANAGE, "manage")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__OVERRIDE, "override")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SHOW, "show")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__HIDE, "hide")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__SEND, "send")
|
|
|
3578778 |
+ S_(SECCLASS_X_DRAWABLE, X_DRAWABLE__RECEIVE, "receive")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__HIDE_CURSOR, "hide_cursor")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SHOW_CURSOR, "show_cursor")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_GETATTR, "saver_getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_SETATTR, "saver_setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_HIDE, "saver_hide")
|
|
|
3578778 |
+ S_(SECCLASS_X_SCREEN, X_SCREEN__SAVER_SHOW, "saver_show")
|
|
|
3578778 |
+ S_(SECCLASS_X_GC, X_GC__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_GC, X_GC__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_GC, X_GC__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_GC, X_GC__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_GC, X_GC__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__ADD_GLYPH, "add_glyph")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__REMOVE_GLYPH, "remove_glyph")
|
|
|
3578778 |
+ S_(SECCLASS_X_FONT, X_FONT__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__ADD_COLOR, "add_color")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__REMOVE_COLOR, "remove_color")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__INSTALL, "install")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__UNINSTALL, "uninstall")
|
|
|
3578778 |
+ S_(SECCLASS_X_COLORMAP, X_COLORMAP__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__APPEND, "append")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_PROPERTY, X_PROPERTY__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SELECTION, X_SELECTION__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_SELECTION, X_SELECTION__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_SELECTION, X_SELECTION__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SELECTION, X_SELECTION__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__CREATE, "create")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_CURSOR, X_CURSOR__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_CLIENT, X_CLIENT__DESTROY, "destroy")
|
|
|
3578778 |
+ S_(SECCLASS_X_CLIENT, X_CLIENT__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_CLIENT, X_CLIENT__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_CLIENT, X_CLIENT__MANAGE, "manage")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__GETFOCUS, "getfocus")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__SETFOCUS, "setfocus")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__BELL, "bell")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__FORCE_CURSOR, "force_cursor")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__FREEZE, "freeze")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__GRAB, "grab")
|
|
|
3578778 |
+ S_(SECCLASS_X_DEVICE, X_DEVICE__MANAGE, "manage")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__GETATTR, "getattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__SETATTR, "setattr")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__RECORD, "record")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__DEBUG, "debug")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__GRAB, "grab")
|
|
|
3578778 |
+ S_(SECCLASS_X_SERVER, X_SERVER__MANAGE, "manage")
|
|
|
3578778 |
+ S_(SECCLASS_X_EXTENSION, X_EXTENSION__QUERY, "query")
|
|
|
3578778 |
+ S_(SECCLASS_X_EXTENSION, X_EXTENSION__USE, "use")
|
|
|
3578778 |
+ S_(SECCLASS_X_RESOURCE, X_RESOURCE__READ, "read")
|
|
|
3578778 |
+ S_(SECCLASS_X_RESOURCE, X_RESOURCE__WRITE, "write")
|
|
|
3578778 |
+ S_(SECCLASS_X_EVENT, X_EVENT__SEND, "send")
|
|
|
3578778 |
+ S_(SECCLASS_X_EVENT, X_EVENT__RECEIVE, "receive")
|
|
|
3578778 |
+ S_(SECCLASS_X_SYNTHETIC_EVENT, X_SYNTHETIC_EVENT__SEND, "send")
|
|
|
3578778 |
+ S_(SECCLASS_X_SYNTHETIC_EVENT, X_SYNTHETIC_EVENT__RECEIVE, "receive")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
|
|
|
3578778 |
@@ -237,6 +253,7 @@
|
|
|
3578778 |
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
|
|
|
3578778 |
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
|
|
|
3578778 |
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
|
|
|
3578778 |
S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
|
|
|
3578778 |
@@ -303,3 +320,6 @@
|
|
|
3578778 |
S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import")
|
|
|
3578778 |
S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export")
|
|
|
3578778 |
S_(SECCLASS_PEER, PEER__RECV, "recv")
|
|
|
3578778 |
+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__PASTE, "paste")
|
|
|
3578778 |
+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__PASTE_AFTER_CONFIRM, "paste_after_confirm")
|
|
|
3578778 |
+ S_(SECCLASS_X_APPLICATION_DATA, X_APPLICATION_DATA__COPY, "copy")
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
|
|
|
ac4e772 |
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/src/callbacks.c 2008-09-24 07:41:57.000000000 -0400
|
|
|
d0a06b2 |
@@ -16,6 +16,7 @@
|
|
|
ee77868 |
{
|
|
|
d0a06b2 |
int rc;
|
|
|
d0a06b2 |
va_list ap;
|
|
|
d0a06b2 |
+ if (is_selinux_enabled() == 0) return 0;
|
|
|
d0a06b2 |
va_start(ap, fmt);
|
|
|
d0a06b2 |
rc = vfprintf(stderr, fmt, ap);
|
|
|
d0a06b2 |
va_end(ap);
|
|
|
3578778 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/class_to_string.h libselinux-2.0.71/src/class_to_string.h
|
|
|
3578778 |
--- nsalibselinux/src/class_to_string.h 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/src/class_to_string.h 2008-09-24 07:41:57.000000000 -0400
|
|
|
3578778 |
@@ -33,18 +33,18 @@
|
|
|
3578778 |
S_("shm")
|
|
|
3578778 |
S_("ipc")
|
|
|
3578778 |
S_("passwd")
|
|
|
3578778 |
- S_("drawable")
|
|
|
3578778 |
- S_("window")
|
|
|
3578778 |
- S_("gc")
|
|
|
3578778 |
- S_("font")
|
|
|
3578778 |
- S_("colormap")
|
|
|
3578778 |
- S_("property")
|
|
|
3578778 |
- S_("cursor")
|
|
|
3578778 |
- S_("xclient")
|
|
|
3578778 |
- S_("xinput")
|
|
|
3578778 |
- S_("xserver")
|
|
|
3578778 |
- S_("xextension")
|
|
|
3578778 |
- S_("pax")
|
|
|
3578778 |
+ S_("x_drawable")
|
|
|
3578778 |
+ S_("x_screen")
|
|
|
3578778 |
+ S_("x_gc")
|
|
|
3578778 |
+ S_("x_font")
|
|
|
3578778 |
+ S_("x_colormap")
|
|
|
3578778 |
+ S_("x_property")
|
|
|
3578778 |
+ S_("x_selection")
|
|
|
3578778 |
+ S_("x_cursor")
|
|
|
3578778 |
+ S_("x_client")
|
|
|
3578778 |
+ S_("x_device")
|
|
|
3578778 |
+ S_("x_server")
|
|
|
3578778 |
+ S_("x_extension")
|
|
|
3578778 |
S_("netlink_route_socket")
|
|
|
3578778 |
S_("netlink_firewall_socket")
|
|
|
3578778 |
S_("netlink_tcpdiag_socket")
|
|
|
3578778 |
@@ -72,3 +72,7 @@
|
|
|
3578778 |
S_("db_blob")
|
|
|
3578778 |
S_("peer")
|
|
|
3578778 |
S_("capability2")
|
|
|
3578778 |
+ S_("x_resource")
|
|
|
3578778 |
+ S_("x_event")
|
|
|
3578778 |
+ S_("x_synthetic_event")
|
|
|
3578778 |
+ S_("x_application_data")
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
|
|
|
ac4e772 |
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-24 07:41:57.000000000 -0400
|
|
|
71cd138 |
@@ -2,6 +2,7 @@
|
|
|
71cd138 |
#include <string.h>
|
|
|
71cd138 |
#include <errno.h>
|
|
|
71cd138 |
#include <stdio.h>
|
|
|
71cd138 |
+#include <syslog.h>
|
|
|
71cd138 |
#include "selinux_internal.h"
|
|
|
71cd138 |
#include "label_internal.h"
|
|
|
71cd138 |
#include "callbacks.h"
|
|
|
0fa749d |
@@ -57,7 +58,7 @@
|
|
|
71cd138 |
{
|
|
|
71cd138 |
va_list ap;
|
|
|
71cd138 |
va_start(ap, fmt);
|
|
|
71cd138 |
- vfprintf(stderr, fmt, ap);
|
|
|
0fa749d |
+ vsyslog(LOG_ERR, fmt, ap);
|
|
|
71cd138 |
va_end(ap);
|
|
|
71cd138 |
}
|
|
|
71cd138 |
|
|
|
63093bd |
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c
|
|
|
63093bd |
--- nsalibselinux/utils/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
63093bd |
+++ libselinux-2.0.71/utils/matchpathcon.c 2008-09-26 09:42:51.000000000 -0400
|
|
|
63093bd |
@@ -106,12 +106,12 @@
|
|
|
63093bd |
|
|
|
63093bd |
if (verify) {
|
|
|
63093bd |
if (quiet) {
|
|
|
63093bd |
- if (selinux_file_context_verify(argv[i], 0))
|
|
|
63093bd |
+ if (selinux_file_context_verify(argv[i], mode))
|
|
|
63093bd |
continue;
|
|
|
63093bd |
else
|
|
|
63093bd |
exit(1);
|
|
|
63093bd |
}
|
|
|
63093bd |
- if (selinux_file_context_verify(argv[i], 0)) {
|
|
|
63093bd |
+ if (selinux_file_context_verify(argv[i], mode)) {
|
|
|
63093bd |
printf("%s verified.\n", argv[i]);
|
|
|
63093bd |
} else {
|
|
|
63093bd |
security_context_t con;
|