summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorHarry Ciao <qingtao.cao@windriver.com>2011-03-02 06:46:08 +0100
committerEric Paris <eparis@redhat.com>2011-03-03 21:19:43 +0100
commit4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad (patch)
tree9ed72f305050b876d846b44ccf13f63fcbab1ff4 /security
parentRevert "selinux: simplify ioctl checking" (diff)
downloadlinux-4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad.tar.xz
linux-4bc6c2d5d8386800fde23a8e78cd4f04a0ade0ad.zip
SELinux: Auto-generate security_is_socket_class
The security_is_socket_class() is auto-generated by genheaders based on classmap.h to reduce maintenance effort when a new class is defined in SELinux kernel. The name for any socket class should be suffixed by "socket" and doesn't contain more than one substr of "socket". Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/include/classmap.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 4227e5fa7861..b8c53723e09b 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -12,6 +12,10 @@
#define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
"write", "associate", "unix_read", "unix_write"
+/*
+ * Note: The name for any socket class should be suffixed by "socket",
+ * and doesn't contain more than one substr of "socket".
+ */
struct security_class_mapping secclass_map[] = {
{ "security",
{ "compute_av", "compute_create", "compute_member",