leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bc4d82fb94
linux/security/apparmor/include
History
John Johansen 651e28c553 apparmor: add base infastructure for socket mediation 
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.

the user space rule hav the basic form of
  NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
                 [ TYPE | PROTOCOL ]

  DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
             'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
	     'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
	     'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
	     'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
	     'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
	     'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
	     'vsock' | 'mpls' | 'ib' | 'kcm' ) ','

  TYPE = ( 'stream' | 'dgram' | 'seqpacket' |  'rdm' | 'raw' |
           'packet' )

  PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )

eg.
  network,
  network inet,

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
2017-09-22 13:00:58 -07:00
..
apparmor.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
apparmorfs.h apparmor: add policy revision file interface 2017-06-10 17:11:27 -07:00
audit.h apparmor: add base infastructure for socket mediation 2017-09-22 13:00:58 -07:00
capability.h apparmor: move capability checks to using labels 2017-06-10 17:11:40 -07:00
context.h apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
crypto.h apparmor: allow introspecting the loaded policy pre internal transform 2017-01-16 01:18:42 -08:00
domain.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
file.h apparmor: move path_link mediation to using labels 2017-06-10 17:11:44 -07:00
ipc.h apparmor: add the ability to mediate signals 2017-09-22 13:00:57 -07:00
label.h apparmor: add support for absolute root view based labels 2017-09-22 13:00:58 -07:00
lib.h apparmor: move exec domain mediation to using labels 2017-06-10 17:11:46 -07:00
match.h apparmor: fix restricted endian type warnings for dfa unpack 2017-01-16 01:18:54 -08:00
mount.h apparmor: add mount mediation 2017-09-22 13:00:57 -07:00
net.h apparmor: add base infastructure for socket mediation 2017-09-22 13:00:58 -07:00
path.h apparmor: Move path lookup to using preallocated buffers 2017-06-08 11:29:34 -07:00
perms.h apparmor: add base infastructure for socket mediation 2017-09-22 13:00:58 -07:00
policy_ns.h apparmor: switch from profiles to using labels on contexts 2017-06-10 17:11:38 -07:00
policy_unpack.h apparmor: move to per loaddata files, instead of replicating in profiles 2017-06-08 12:51:49 -07:00
policy.h apparmor: add base infastructure for socket mediation 2017-09-22 13:00:58 -07:00
procattr.h apparmor: switch getprocattr to using label_print fns() 2017-06-10 17:11:39 -07:00
resource.h apparmor: move resource checks to using labels 2017-06-10 17:11:40 -07:00
secid.h apparmor: rename sid to secid 2017-01-16 00:42:17 -08:00
sig_names.h apparmor: add the ability to mediate signals 2017-09-22 13:00:57 -07:00