SELinux: policy selectable handling of unknown classes and perms Allow policy to select, in much the same way as it selects MLS support, how the kernel should handle access decisions which contain either unknown classes or unknown permissions in known classes. The three choices for the policy flags are 0 - Deny unknown security access. (default) 2 - reject loading policy if it does not contain all definitions 4 - allow unknown security access The policy's choice is exported through 2 booleans in selinuxfs. /selinux/deny_unknown and /selinux/reject_unknown. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 3f12070e27b4a213d62607d2bff139793089a77d [log] [tgz]
author: Eric Paris <eparis@redhat.com> Fri Sep 21 14:37:10 2007 -0400
committer: James Morris <jmorris@namei.org> Wed Oct 17 08:59:33 2007 +1000
tree: b6b614737f916c7c3102f66e6ad9e682b9c9bf04
parent: 788e7dd4c22e6f41b3a118fd8c291f831f6fddbb [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 83bdd4d..39337af 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -90,6 +90,8 @@
 
 int security_get_classes(char ***classes, int *nclasses);
 int security_get_permissions(char *class, char ***perms, int *nperms);
+int security_get_reject_unknown(void);
+int security_get_allow_unknown(void);
 
 #define SECURITY_FS_USE_XATTR		1 /* use xattr */
 #define SECURITY_FS_USE_TRANS		2 /* use transition SIDs, e.g. devpts/tmpfs */
commit	3f12070e27b4a213d62607d2bff139793089a77d	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Fri Sep 21 14:37:10 2007 -0400
committer	James Morris <jmorris@namei.org>	Wed Oct 17 08:59:33 2007 +1000
tree	b6b614737f916c7c3102f66e6ad9e682b9c9bf04
parent	788e7dd4c22e6f41b3a118fd8c291f831f6fddbb [diff] [blame]