libsepol: Add policy capability netlink_xperm

This capability can be enabled to change the kernel's behaviour and use the extended permissions for netlink messages. Signed-off-by: Thiébaud Weksteen <[email protected]>
stephensmalley · Aug 22, 2024 · 8fcb848 · 8fcb848
1 parent 1c3fd93
commit 8fcb848
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/libsepol/include/sepol/policydb/polcaps.h b/libsepol/include/sepol/policydb/polcaps.h
@@ -16,6 +16,7 @@ enum {
 	POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
 	POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
 	POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT,
+	POLICYDB_CAP_NETLINK_XPERM,
 	__POLICYDB_CAP_MAX
 };
 #define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)

diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
@@ -15,6 +15,7 @@ static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
 	[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]		= "genfs_seclabel_symlinks",
 	[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]		= "ioctl_skip_cloexec",
 	[POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT]	= "userspace_initial_context",
+	[POLICYDB_CAP_NETLINK_XPERM]			= "netlink_xperm",
 };
 
 int sepol_polcap_getnum(const char *name)