Presently mdp does not enable any SELinux policy capabilities in the dummy policy it generates. Thus, policies derived from it will by default lack various features commonly used in modern policies such as open permission, extended socket classes, network peer controls, etc. Split the policy capability definitions out into their own headers so that we can include them into mdp without pulling in other kernel headers and extend mdp generate policycap statements for the policy capabilities known to the kernel. Policy authors may wish to selectively remove some of these from the generated policy. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
		
			
				
	
	
		
			19 lines
		
	
	
		
			443 B
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			19 lines
		
	
	
		
			443 B
		
	
	
	
		
			C
		
	
	
	
	
	
| /* SPDX-License-Identifier: GPL-2.0 */
 | |
| #ifndef _SELINUX_POLICYCAP_NAMES_H_
 | |
| #define _SELINUX_POLICYCAP_NAMES_H_
 | |
| 
 | |
| #include "policycap.h"
 | |
| 
 | |
| /* Policy capability names */
 | |
| const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
 | |
| 	"network_peer_controls",
 | |
| 	"open_perms",
 | |
| 	"extended_socket_class",
 | |
| 	"always_check_network",
 | |
| 	"cgroup_seclabel",
 | |
| 	"nnp_nosuid_transition",
 | |
| 	"genfs_seclabel_symlinks"
 | |
| };
 | |
| 
 | |
| #endif /* _SELINUX_POLICYCAP_NAMES_H_ */
 |