[RFC PATCH v1 1/2] refpol: Add the "tun_socket" object class flask definitions

Add the new "tun_socket" class to the flask definitions. The "tun_socket" object class is used by the new TUN driver hooks which allow policy to control access to TUN/TAP devices. --- policy/flask/access_vectors | 2 ++ policy/flask/security_classes | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index ef4c063..6292db5 100644 --- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -251,6 +251,8 @@ inherits socket class unix_dgram_socket inherits socket
+class tun_socket
+inherits socket
# # Define the access vector interpretation for process-related objects diff --git a/policy/flask/security_classes b/policy/flask/security_classes index 9e1bf1a..2bd1bf6 100644 --- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -119,4 +119,6 @@ class x_application_data # userspace # kernel services that need to override task security, e.g. cachefiles class kernel_service
+class tun_socket
+
# FLASK -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

• This message: [ Message body ]
• Next message: Daniel J Walsh: "Re: Adding AV assertion to selinux policy in RHEL5"
• Previous message: Paul Moore: "[RFC PATCH v1 2/2] refpol: Policy for the new TUN driver access controls"
• In reply to: Paul Moore: "[RFC PATCH v1 0/2] Policy support for the new TUN hooks"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]