[RFC PATCH v2 5/5] selinux: introduce kdbus access controls
Nicolas Iooss
nicolas.iooss at m4x.org
Tue Oct 6 18:55:33 UTC 2015
On 10/05/2015 10:41 PM, Paul Moore wrote:
> Add the SELinux access control implementation for the new kdbus LSM
> hooks using the new kdbus object class and the following permissions:
>
[[SNIP]]
> diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
> index eccd61b..31e4435 100644
> --- a/security/selinux/include/classmap.h
> +++ b/security/selinux/include/classmap.h
> @@ -153,5 +153,9 @@ struct security_class_mapping secclass_map[] = {
> { COMMON_SOCK_PERMS, "attach_queue", NULL } },
> { "binder", { "impersonate", "call", "set_context_mgr", "transfer",
> NULL } },
> + { "kdbus", { "impersonate", "fakecreds", "fakepids", "owner",
> + "privileged", "activator", "monitor", "policy_holder",
> + "connect", "own", "talk", "see", "see_name",
> + "see_notification" } },
> { NULL }
> };
Hello,
Out of curiosity, why is the new list of permissions not
NULL-terminated? As far as I can tell, as the field "perms" of struct
security_class_mapping is a fixed-size vector, it doesn't matter here
(the C compiler would always pad with NULL pointers), but then I am
wondering why all the other lists of perms are NULL-terminated in
classmap.h.
Thanks,
Nicolas
More information about the Linux-audit
mailing list