selinux/libsepol/include/sepol/policydb/polcaps.h

#ifndef _SEPOL_POLICYDB_POLCAPS_H_
#define _SEPOL_POLICYDB_POLCAPS_H_

#ifdef __cplusplus
extern "C" {
#endif

/* Policy capabilities */
enum {
	POLICYDB_CAPABILITY_NETPEER,
	POLICYDB_CAPABILITY_OPENPERM,
	POLICYDB_CAPABILITY_EXTSOCKCLASS,
	POLICYDB_CAPABILITY_ALWAYSNETWORK,
	POLICYDB_CAPABILITY_CGROUPSECLABEL,
	POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
	POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
	__POLICYDB_CAPABILITY_MAX
};
#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)

/* Convert a capability name to number. */
extern int sepol_polcap_getnum(const char *name);

/* Convert a capability number to name. */
extern const char *sepol_polcap_getname(unsigned int capnum);

#ifdef __cplusplus
}
#endif

#endif /* _SEPOL_POLICYDB_POLCAPS_H_ */
initial import from svn trunk revision 2950 2008-08-19 19:30:36 +00:00			`#ifndef _SEPOL_POLICYDB_POLCAPS_H_`
			`#define _SEPOL_POLICYDB_POLCAPS_H_`

libsepol: do not #include <sys/cdefs.h> ratbert90 submitted this patch via https://github.com/SELinuxProject/selinux/issues/19. Apparently musl does not provide sys/cdefs.h, see http://wiki.musl-libc.org/wiki/FAQ#Q:_I.27m_trying_to_compile_something_against_musl_and_I_get_error_messages_about_sys.2Fcdefs.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2016-11-29 15:57:48 +00:00			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`
Allow libsepol C++ static library on device. Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2014-12-16 19:44:41 +00:00
initial import from svn trunk revision 2950 2008-08-19 19:30:36 +00:00			`/* Policy capabilities */`
			`enum {`
			`POLICYDB_CAPABILITY_NETPEER,`
			`POLICYDB_CAPABILITY_OPENPERM,`
libsepol: Define extended_socket_class policy capability Define the extended_socket_class policy capability used to enable the use of separate socket security classes for all network address families rather than the generic socket class. This also enables separate security classes for ICMP and SCTP sockets, which were previously mapped to the rawip_socket class. The legacy redhat1 policy capability that was only ever used in testing within Fedora for ptrace_child is reclaimed for this purpose; as far as I can tell, this policy capability is not enabled in any supported distro policy. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2016-12-01 16:08:06 +00:00			`POLICYDB_CAPABILITY_EXTSOCKCLASS,`
libsepol: Add always_check_network policy capability Currently the packet class in SELinux is not checked if there are no SECMARK rules in the security or mangle netfilter tables. Similarly, the peer class is not checked if there is no NetLabel or labeled IPSEC. Some systems prefer that these classes are always checked, for example, to protect the system should the netfilter rules fail to load or if the nefilter rules were maliciously flushed. Add the always_check_network policy capability which, when enabled, treats these mechanisms as enabled, even if there are no labeling rules. Signed-off-by: Chris PeBenito <cpebenito@tresys.com> Signed-off-by: Eric Paris <eparis@redhat.com> 2012-06-06 17:27:10 +00:00			`POLICYDB_CAPABILITY_ALWAYSNETWORK,`
libsepol: Define cgroup_seclabel policy capability Define the new cgroup_seclabel policy capability used to enable userspace setting of security labels on cgroup files via setfscreatecon() aka /proc/self/attr/fscreate and/or setfilecon() aka setxattr(). Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2017-02-28 15:26:48 +00:00			`POLICYDB_CAPABILITY_CGROUPSECLABEL,`
libsepol: Define nnp_nosuid_transition policy capability Define the nnp_nosuid_transition policy capability used to enable SELinux domain transitions under NNP or nosuid if the nnp_transition permission or nosuid_transition permission is allowed between the old and new contexts. When this capability is not enabled, such transitions remain limited to bounded transitions as they were prior to the introduction of this capability. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2017-07-14 16:11:40 +00:00			`POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,`
libsepol: add support for new polcap genfs_seclabel_symlinks Add support for new SELinux policy capability genfs_seclabel_symlinks. With this capability enabled symlinks on kernel filesystems will receive contexts based on genfscon statements, like directories and files, and not be restricted to the respective filesystem root sid. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2020-01-31 18:39:00 +00:00			`POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,`
initial import from svn trunk revision 2950 2008-08-19 19:30:36 +00:00			`__POLICYDB_CAPABILITY_MAX`
			`};`
			`#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)`

			`/* Convert a capability name to number. */`
			`extern int sepol_polcap_getnum(const char *name);`

			`/* Convert a capability number to name. */`
libsepol: make capability index an unsigned int When sepol_polcap_getname() is called with a negative capnum, it dereferences polcap_names[capnum] which produces a segmentation fault most of the time. For information, here is a gdb session when hll/pp loads a policy module which has been mutated by American Fuzzy Lop: Program received signal SIGSEGV, Segmentation fault. sepol_polcap_getname (capnum=capnum@entry=-4259840) at polcaps.c:34 34 return polcap_names[capnum]; => 0x00007ffff7a8da07 <sepol_polcap_getname+135>: 48 8b 04 f8 mov (%rax,%rdi,8),%rax (gdb) bt #0 sepol_polcap_getname (capnum=capnum@entry=-4259840) at polcaps.c:34 #1 0x00007ffff7a7c440 in polcaps_to_cil (pdb=0x6042e0) at module_to_cil.c:2492 #2 sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79c75e0 <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at module_to_cil.c:4039 #3 0x00007ffff7a7e695 in sepol_module_package_to_cil (fp=fp@entry=0x7ffff79c75e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at module_to_cil.c:4087 #4 0x0000000000401acc in main (argc=<optimized out>, argv=<optimized out>) at pp.c:150 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> 2017-01-04 22:02:29 +00:00			`extern const char *sepol_polcap_getname(unsigned int capnum);`
initial import from svn trunk revision 2950 2008-08-19 19:30:36 +00:00
libsepol: do not #include <sys/cdefs.h> ratbert90 submitted this patch via https://github.com/SELinuxProject/selinux/issues/19. Apparently musl does not provide sys/cdefs.h, see http://wiki.musl-libc.org/wiki/FAQ#Q:_I.27m_trying_to_compile_something_against_musl_and_I_get_error_messages_about_sys.2Fcdefs.h. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2016-11-29 15:57:48 +00:00			`#ifdef __cplusplus`
			`}`
			`#endif`

initial import from svn trunk revision 2950 2008-08-19 19:30:36 +00:00			`#endif /* _SEPOL_POLICYDB_POLCAPS_H_ */`