linux/security
Venkat Yekkirala 67f83cbf08 SELinux: Fix SA selection semantics
Fix the selection of an SA for an outgoing packet to be at the same
context as the originating socket/flow. This eliminates the SELinux
policy's ability to use/sendto SAs with contexts other than the socket's.

With this patch applied, the SELinux policy will require one or more of the
following for a socket to be able to communicate with/without SAs:

1. To enable a socket to communicate without using labeled-IPSec SAs:

allow socket_t unlabeled_t:association { sendto recvfrom }

2. To enable a socket to communicate with labeled-IPSec SAs:

allow socket_t self:association { sendto };
allow socket_t peer_sa_t:association { recvfrom };

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-02 21:21:34 -08:00
..
keys [PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller 2006-06-29 10:26:20 -07:00
selinux SELinux: Fix SA selection semantics 2006-12-02 21:21:34 -08:00
capability.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
commoncap.c [PATCH] pidspace: is_init() 2006-09-29 09:18:12 -07:00
dummy.c SELinux: Fix SA selection semantics 2006-12-02 21:21:34 -08:00
inode.c [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
Kconfig [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
Makefile [PATCH] LSM: remove BSD secure level security module 2006-09-29 09:18:10 -07:00
root_plug.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
security.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00