• KaiGai Kohei's avatar
    Permissive domain in userspace object manager · 8a6f83af
    KaiGai Kohei authored
    This patch enables applications to handle permissive domain correctly.
    Since the v2.6.26 kernel, SELinux has supported an idea of permissive
    domain which allows certain processes to work as if permissive mode,
    even if the global setting is enforcing mode.
    However, we don't have an application program interface to inform
    what domains are permissive one, and what domains are not.
    It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL
    and so on) cannot handle permissive domain correctly.
    This patch add the sixth field (flags) on the reply of the /selinux/access
    interface which is used to make an access control decision from userspace.
    If the first bit of the flags field is positive, it means the required
    access control decision is on permissive domain, so application should
    allow any required actions, as the kernel doing.
    This patch also has a side benefit. The av_decision.flags is set at
    context_struct_compute_av(). It enables to check required permissions
    without read_lock(&policy_rwlock).
    Signed-off-by: default avatarKaiGai Kohei <kaigai@ak.jp.nec.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Acked-by: default avatarEric Paris <eparis@redhat.com>
     security/selinux/avc.c              |    2 +-
     security/selinux/include/security.h |    4 +++-
     security/selinux/selinuxfs.c        |    4 ++--
     security/selinux/ss/services.c      |   30 +++++-------------------------
     4 files changed, 11 insertions(+), 29 deletions(-)
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
selinuxfs.c 37.8 KB