[selinux-policy: 1894/3172] trunk: add capability2 class, from Stephen Smalley.

[Daniel J Walsh]

commit 8b9ffed517a62e3a454543c167c39e53c202e7ee
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Feb 7 17:51:59 2008 +0000

    trunk: add capability2 class, from Stephen Smalley.

 Changelog                     |    1 +
 policy/flask/access_vectors   |    6 ++++++
 policy/flask/security_classes |    3 +++
 3 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/Changelog b/Changelog
index 38bf947..183a98d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- 64-bit capabilities from Stephen Smalley.
 - Labeled networking peer object class updates.
 
 * Fri Dec 14 2007 Chris PeBenito <selinux at tresys.com> - 20071214
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 45d9773..736b7b5 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -347,6 +347,7 @@ class system
 class capability
 {
 	# The capabilities are defined in include/linux/capability.h
+	# Capabilities >= 32 are defined in the capability2 class.
 	# Care should be taken to ensure that these are consistent with
 	# those definitions. (Order matters)
 
@@ -384,6 +385,11 @@ class capability
 	setfcap
 }
 
+class capability2 
+{
+	mac_override	# unused by SELinux
+	mac_admin	# unused by SELinux
+}
 
 #
 # Define the access vector interpretation for controlling
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index 121fcbc..68c4374 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -109,4 +109,7 @@ class db_blob			# userspace
 # network peer labels
 class peer
 
+# Capabilities >= 32
+class capability2
+
 # FLASK