Stephen Smalley 09ebf2b59a refpolicy: Define extended_socket_class policy capability and socket classes ... Add a (default disabled) definition for the extended_socket_class policy capability used to enable the use of separate socket security classes for all network address families rather than the generic socket class. The capability also enables the use of separate security classes for ICMP and SCTP sockets, which were previously mapped to rawip_socket class. Add definitions for the new socket classes and access vectors enabled by this capability. Add the new socket classes to the socket_class_set macro, which also covers allowing access by unconfined domains. Allowing access by other domains to the new socket security classes is left to future commits. The kernel support will be included in Linux 4.11+. Building policy with this capability enabled will require libsepol 2.7+. This change leaves the capability disabled by default. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>		2016-12-08 18:07:42 -05:00
..
Makefile	trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes.	2007-10-16 18:30:23 +00:00
access_vectors	refpolicy: Define extended_socket_class policy capability and socket classes	2016-12-08 18:07:42 -05:00
flask.py	Refactoring code to support python3	2012-06-26 09:08:48 -04:00
initial_sids	remove trailing whitespaces	2016-12-06 13:45:13 +01:00
security_classes	refpolicy: Define extended_socket_class policy capability and socket classes	2016-12-08 18:07:42 -05:00