kernel_optimize_test/security/selinux
Eric Paris b0c636b999 SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file.  The idea
is that opening a file and reading/writing to that file are not the same
thing.  Its different if a program had its stdout redirected to /tmp/output
than if the program tried to directly open /tmp/output. This should allow
policy writers to more liberally give read/write permissions across the
policy while still blocking many design and programing flaws SELinux is so
good at catching today.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2008-04-18 20:26:06 +10:00
..
include SELinux: create new open permission 2008-04-18 20:26:06 +10:00
ss SELinux: create new open permission 2008-04-18 20:26:06 +10:00
avc.c d_path: Use struct path in struct avc_audit_data 2008-02-14 21:17:08 -08:00
exports.c SELinux: Enable dynamic enable/disable of the network access checks 2008-01-30 08:17:26 +11:00
hooks.c SELinux: create new open permission 2008-04-18 20:26:06 +10:00
Kconfig SELinux: Add a capabilities bitmap to SELinux policy version 22 2008-01-30 08:17:23 +11:00
Makefile SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions 2008-01-30 08:17:23 +11:00
netif.c SELinux: Add warning messages on network denial due to error 2008-01-30 08:17:30 +11:00
netlabel.c selinux: selinux/netlabel.c should #include "netlabel.h" 2008-04-18 20:26:06 +10:00
netlink.c [NET]: Support multiple network namespaces with netlink 2007-10-10 16:49:09 -07:00
netnode.c SELinux: Add warning messages on network denial due to error 2008-01-30 08:17:30 +11:00
nlmsgtab.c Audit: add TTY input auditing 2007-07-16 09:05:47 -07:00
selinuxfs.c SELinux: create new open permission 2008-04-18 20:26:06 +10:00
xfrm.c SELinux: Enable dynamic enable/disable of the network access checks 2008-01-30 08:17:26 +11:00