Re: Policy specification for Netlink and domain sockets.

[Yuichi Nakamura <ynakam@xxxxxxx>]

Kaimal Biju-E11660 wrote:
> I tried searching for documentation for the policy language for specifying permissions for netlink and domain sockets ? If someone can point me in the right direction or give couple of examples of these, it will be greatly appreciated.

You can find the meaning of netlink-related access vectors by looking at the kernel source security/selinux/nlmsgtab.c. 
"struct nlmsg_perm nlmsg_*_perms" defines relationship between netlink message 
and access vectors.

And I am reviewing all access vectors now.
The draft of document about meaning of access vectors 
is in http://seedit.sourceforge.net/doc/access_vectors.pdf .
It might help you.
However, this document is only a draft, it will contain errors.
No review, no spell-check and no English correction.
Be careful.

---
Yuichi Nakamura
Japan SELinux Users Group(JSELUG)
SELinux Policy Editor:  http://seedit.sourceforge.net/

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.