Re: [RFC PATCH v2 5/5] selinux: introduce kdbus access controls
On 10/05/2015 10:41 PM, Paul Moore wrote:
Add the SELinux access control implementation for the new kdbus LSM
hooks using the new kdbus object class and the following permissions:
[[SNIP]]
diff --git a/security/selinux/include/classmap.h
b/security/selinux/include/classmap.h
index eccd61b..31e4435 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -153,5 +153,9 @@ struct security_class_mapping secclass_map[] = {
{ COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ "binder", { "impersonate", "call",
"set_context_mgr", "transfer",
NULL } },
+ { "kdbus", { "impersonate", "fakecreds",
"fakepids", "owner",
+ "privileged", "activator", "monitor",
"policy_holder",
+ "connect", "own", "talk", "see",
"see_name",
+ "see_notification" } },
{ NULL }
};
Hello,
Out of curiosity, why is the new list of permissions not
NULL-terminated? As far as I can tell, as the field "perms" of struct
security_class_mapping is a fixed-size vector, it doesn't matter here
(the C compiler would always pad with NULL pointers), but then I am
wondering why all the other lists of perms are NULL-terminated in
classmap.h.
Thanks,
Nicolas