Add neverallow support for ioctl extended permissions

Browse Source

Neverallow rules for ioctl extended permissions will pass in two
cases:
1. If extended permissions exist for the source-target-class set
   the test will pass if the neverallow values are excluded.
2. If extended permissions do not exist for the source-target-class
   set the test will pass if the ioctl permission is not granted.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by:  Nick Kralevich <nnk@google.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>

...

This commit is contained in:

Jeff Vander Stoep 2015-09-18 12:57:56 -07:00 committed by Stephen Smalley

parent fe2ff88058

commit 99fc177b5a

10 changed files with 331 additions and 84 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Show Stats Download Patch File Download Diff File Expand all files Collapse all files