Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / b0c636b99997c8594da6a46e166ce4fcf6956fda
commitb0c636b99997c8594da6a46e166ce4fcf6956fda[log] [tgz]
authorEric Paris <eparis@redhat.com>Thu Feb 28 12:58:40 2008 -0500
committerJames Morris <jmorris@namei.org>Fri Apr 18 20:26:06 2008 +1000
tree16308f0324846cd8c19180b6a45793268dd16f50
parentd4ee4231a3a8731576ef0e0a7e1225e4fde1e659 [diff]
SELinux: create new open permission

Adds a new open permission inside SELinux when 'opening' a file.  The idea
is that opening a file and reading/writing to that file are not the same
thing.  Its different if a program had its stdout redirected to /tmp/output
than if the program tried to directly open /tmp/output. This should allow
policy writers to more liberally give read/write permissions across the
policy while still blocking many design and programing flaws SELinux is so
good at catching today.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
6 files changed
tree: 16308f0324846cd8c19180b6a45793268dd16f50
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. samples/
  15. scripts/
  16. security/
  17. sound/
  18. usr/
  19. virt/
  20. .gitignore
  21. .mailmap
  22. COPYING
  23. CREDITS
  24. Kbuild
  25. MAINTAINERS
  26. Makefile
  27. README
  28. REPORTING-BUGS