SELinux: Add class support to the role_trans structure If kernel policy version is >= 26, then the binary representation of the role_trans structure supports specifying the class for the current subject or the newly created object. If kernel policy version is < 26, then the class field would be default to the process class. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com>

commit: 8023976cf4627d9f1d82ad468ec40e32eb87d211 [log] [tgz]
author: Harry Ciao <qingtao.cao@windriver.com> Fri Mar 25 13:51:56 2011 +0800
committer: Eric Paris <eparis@redhat.com> Mon Mar 28 14:20:58 2011 -0400
tree: 82af1157ffbb00be2a8d2357a8c2fd88826233b1
parent: fe3fa43039d47ee4e22caf460b79b62a14937f79 [diff] [blame]
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 732ea4a..801175f 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h

@@ -72,7 +72,8 @@
 
 struct role_trans {
 	u32 role;		/* current role */
-	u32 type;		/* program executable type */
+	u32 type;		/* program executable type, or new object type */
+	u32 tclass;		/* process class, or new object class */
 	u32 new_role;		/* new role */
 	struct role_trans *next;
 };
commit	8023976cf4627d9f1d82ad468ec40e32eb87d211	[log] [tgz]
author	Harry Ciao <qingtao.cao@windriver.com>	Fri Mar 25 13:51:56 2011 +0800
committer	Eric Paris <eparis@redhat.com>	Mon Mar 28 14:20:58 2011 -0400
tree	82af1157ffbb00be2a8d2357a8c2fd88826233b1
parent	fe3fa43039d47ee4e22caf460b79b62a14937f79 [diff] [blame]