diff options
author | John Johansen <john.johansen@canonical.com> | 2017-07-18 23:18:33 -0700 |
---|---|---|
committer | John Johansen <john.johansen@canonical.com> | 2018-03-13 17:25:48 -0700 |
commit | 56974a6fcfef69ee0825bd66ed13e92070ac5224 (patch) | |
tree | 852fc5a667d889d6673960448578260e6e060584 /security/apparmor/include/audit.h | |
parent | 21f606610502ef56f9180b1529fc7e02957564c8 (diff) | |
download | linux-56974a6fcfef69ee0825bd66ed13e92070ac5224.tar.gz linux-56974a6fcfef69ee0825bd66ed13e92070ac5224.tar.bz2 linux-56974a6fcfef69ee0825bd66ed13e92070ac5224.zip |
apparmor: add base infastructure for socket mediation
version 2 - Force an abi break. Network mediation will only be
available in v8 abi complaint policy.
Provide a basic mediation of sockets. This is not a full net mediation
but just whether a spcific family of socket can be used by an
application, along with setting up some basic infrastructure for
network mediation to follow.
the user space rule hav the basic form of
NETWORK RULE = [ QUALIFIERS ] 'network' [ DOMAIN ]
[ TYPE | PROTOCOL ]
DOMAIN = ( 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' |
'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' |
'netbeui' | 'security' | 'key' | 'packet' | 'ash' |
'econet' | 'atmsvc' | 'sna' | 'irda' | 'pppox' |
'wanpipe' | 'bluetooth' | 'netlink' | 'unix' | 'rds' |
'llc' | 'can' | 'tipc' | 'iucv' | 'rxrpc' | 'isdn' |
'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' |
'vsock' | 'mpls' | 'ib' | 'kcm' ) ','
TYPE = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' |
'packet' )
PROTOCOL = ( 'tcp' | 'udp' | 'icmp' )
eg.
network,
network inet,
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Diffstat (limited to 'security/apparmor/include/audit.h')
-rw-r--r-- | security/apparmor/include/audit.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 41ad2c947bf4..9c9be9c98c15 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -134,6 +134,12 @@ struct apparmor_audit_data { int signal; int unmappedsig; }; + struct { + int type, protocol; + struct sock *peer_sk; + void *addr; + int addrlen; + } net; }; }; struct { |