SELinux: Add class support to the role_trans structure If kernel policy version is >= 26, then the binary representation of the role_trans structure supports specifying the class for the current subject or the newly created object. If kernel policy version is < 26, then the class field would be default to the process class. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com>

commit: 8023976cf4627d9f1d82ad468ec40e32eb87d211 [log] [tgz]
author: Harry Ciao <qingtao.cao@windriver.com> Fri Mar 25 13:51:56 2011 +0800
committer: Eric Paris <eparis@redhat.com> Mon Mar 28 14:20:58 2011 -0400
tree: 82af1157ffbb00be2a8d2357a8c2fd88826233b1
parent: fe3fa43039d47ee4e22caf460b79b62a14937f79 [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 348eb00..bfc5218 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -30,13 +30,14 @@
 #define POLICYDB_VERSION_PERMISSIVE	23
 #define POLICYDB_VERSION_BOUNDARY	24
 #define POLICYDB_VERSION_FILENAME_TRANS	25
+#define POLICYDB_VERSION_ROLETRANS	26
 
 /* Range of policy versions we understand*/
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
 #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
 #define POLICYDB_VERSION_MAX	CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
 #else
-#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_FILENAME_TRANS
+#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_ROLETRANS
 #endif
 
 /* Mask for just the mount related flags */
commit	8023976cf4627d9f1d82ad468ec40e32eb87d211	[log] [tgz]
author	Harry Ciao <qingtao.cao@windriver.com>	Fri Mar 25 13:51:56 2011 +0800
committer	Eric Paris <eparis@redhat.com>	Mon Mar 28 14:20:58 2011 -0400
tree	82af1157ffbb00be2a8d2357a8c2fd88826233b1
parent	fe3fa43039d47ee4e22caf460b79b62a14937f79 [diff] [blame]