linux/security/selinux/ss
Eric Paris 3f12070e27 SELinux: policy selectable handling of unknown classes and perms
Allow policy to select, in much the same way as it selects MLS support, how
the kernel should handle access decisions which contain either unknown
classes or unknown permissions in known classes.  The three choices for the
policy flags are

0 - Deny unknown security access. (default)
2 - reject loading policy if it does not contain all definitions
4 - allow unknown security access

The policy's choice is exported through 2 booleans in
selinuxfs.  /selinux/deny_unknown and /selinux/reject_unknown.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
2007-10-17 08:59:33 +10:00
..
avtab.c SELinux: tune avtab to reduce memory usage 2007-10-17 08:59:30 +10:00
avtab.h SELinux: tune avtab to reduce memory usage 2007-10-17 08:59:30 +10:00
conditional.c SELinux: tune avtab to reduce memory usage 2007-10-17 08:59:30 +10:00
conditional.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
ebitmap.c NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
ebitmap.h NetLabel: convert to an extensibile/sparse category bitmap 2006-12-02 21:31:36 -08:00
hashtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
hashtab.h SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mls_types.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mls.c selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
mls.h selinux: Delete mls_copy_context 2007-01-08 17:32:51 -05:00
policydb.c SELinux: policy selectable handling of unknown classes and perms 2007-10-17 08:59:33 +10:00
policydb.h SELinux: policy selectable handling of unknown classes and perms 2007-10-17 08:59:33 +10:00
services.c SELinux: policy selectable handling of unknown classes and perms 2007-10-17 08:59:33 +10:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c Reassign printk levels in selinux kernel code 2007-02-26 14:43:07 -05:00
sidtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
symtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00