linux/security
Stephen Smalley 19439d05b8 selinux: change the handling of unknown classes
If allow_unknown==deny, SELinux treats an undefined kernel security
class as an error condition rather than as a typical permission denial
and thus does not allow permissions on undefined classes even when in
permissive mode.  Change the SELinux logic so that this case is handled
as a typical permission denial, subject to the usual permissive mode and
permissive domain handling.

Also drop the 'requested' argument from security_compute_av() and
helpers as it is a legacy of the original security server interface and
is unused.

Changes:
- Handle permissive domains consistently by moving up the test for a
permissive domain.
- Make security_compute_av_user() consistent with security_compute_av();
the only difference now is that security_compute_av() performs mapping
between the kernel-private class and permission indices and the policy
values.  In the userspace case, this mapping is handled by libselinux.
- Moved avd_init inside the policy lock.

Based in part on a patch by Paul Moore <paul.moore@hp.com>.

Reported-by: Andrew Worsley <amworsley@gmail.com>
Signed-off-by:  Stephen D. Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2010-01-18 09:54:26 +11:00
..
integrity/ima Merge branch 'master' into next 2009-12-03 12:03:40 +05:30
keys sysctl: Drop & in front of every proc_handler. 2009-11-18 08:37:40 -08:00
selinux selinux: change the handling of unknown classes 2010-01-18 09:54:26 +11:00
smack net: rename skb->iif to skb->skb_iif 2009-11-20 15:35:04 -08:00
tomoyo TOMOYO: Remove memory pool for list elements. 2010-01-11 09:27:40 +11:00
capability.c security: report the module name to security_module_request 2009-11-10 09:33:46 +11:00
commoncap.c remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
device_cgroup.c cgroups: let ss->can_attach and ss->attach do whole threadgroups at a time 2009-09-24 07:20:58 -07:00
inode.c securityfs: securityfs_remove should handle IS_ERR pointers 2009-05-12 11:06:11 +10:00
Kconfig remove CONFIG_SECURITY_FILE_CAPABILITIES compile option 2009-11-24 15:06:47 +11:00
lsm_audit.c Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-12-05 15:22:26 -08:00
Makefile security: remove root_plug 2009-10-20 14:26:16 +09:00
min_addr.c sysctl: require CAP_SYS_RAWIO to set mmap_min_addr 2009-11-09 08:34:22 +11:00
security.c security: correct error returns for get/set security with private inodes 2010-01-15 08:23:57 +11:00