aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-05-18 10:26:10 -0400
committerJames Morris <jmorris@namei.org>2009-05-18 18:19:00 -0400
commit75834fc3b6fcff00327f5d2a18760c1e8e0179c5 (patch)
tree28b1085d2aa76517024709d2f077fdc41aeec4c2
parentc3d20103d08e5c0b6738fbd0acf3ca004e5356c5 (diff)
SELinux: move SELINUX_MAGIC into magic.h
The selinuxfs superblock magic is used inside the IMA code, but is being defined in two places and could someday get out of sync. This patch moves the declaration into magic.h so it is only done once. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--include/linux/magic.h1
-rw-r--r--security/integrity/ima/ima_policy.c8
-rw-r--r--security/selinux/include/security.h3
3 files changed, 5 insertions, 7 deletions
diff --git a/include/linux/magic.h b/include/linux/magic.h
index 5b4e28bcb788..927138cf3050 100644
--- a/include/linux/magic.h
+++ b/include/linux/magic.h
@@ -9,6 +9,7 @@
9#define DEBUGFS_MAGIC 0x64626720 9#define DEBUGFS_MAGIC 0x64626720
10#define SYSFS_MAGIC 0x62656572 10#define SYSFS_MAGIC 0x62656572
11#define SECURITYFS_MAGIC 0x73636673 11#define SECURITYFS_MAGIC 0x73636673
12#define SELINUX_MAGIC 0xf97cff8c
12#define TMPFS_MAGIC 0x01021994 13#define TMPFS_MAGIC 0x01021994
13#define SQUASHFS_MAGIC 0x73717368 14#define SQUASHFS_MAGIC 0x73717368
14#define EFS_SUPER_MAGIC 0x414A53 15#define EFS_SUPER_MAGIC 0x414A53
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index dec6dcb1c8de..31d677f7c65f 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -49,14 +49,12 @@ struct ima_measure_rule_entry {
49 * written in terms of .action, .func, .mask, .fsmagic, and .uid 49 * written in terms of .action, .func, .mask, .fsmagic, and .uid
50 */ 50 */
51static struct ima_measure_rule_entry default_rules[] = { 51static struct ima_measure_rule_entry default_rules[] = {
52 {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC, 52 {.action = DONT_MEASURE,.fsmagic = PROC_SUPER_MAGIC,.flags = IMA_FSMAGIC},
53 .flags = IMA_FSMAGIC},
54 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC}, 53 {.action = DONT_MEASURE,.fsmagic = SYSFS_MAGIC,.flags = IMA_FSMAGIC},
55 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC}, 54 {.action = DONT_MEASURE,.fsmagic = DEBUGFS_MAGIC,.flags = IMA_FSMAGIC},
56 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC}, 55 {.action = DONT_MEASURE,.fsmagic = TMPFS_MAGIC,.flags = IMA_FSMAGIC},
57 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC, 56 {.action = DONT_MEASURE,.fsmagic = SECURITYFS_MAGIC,.flags = IMA_FSMAGIC},
58 .flags = IMA_FSMAGIC}, 57 {.action = DONT_MEASURE,.fsmagic = SELINUX_MAGIC,.flags = IMA_FSMAGIC},
59 {.action = DONT_MEASURE,.fsmagic = 0xF97CFF8C,.flags = IMA_FSMAGIC},
60 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC, 58 {.action = MEASURE,.func = FILE_MMAP,.mask = MAY_EXEC,
61 .flags = IMA_FUNC | IMA_MASK}, 59 .flags = IMA_FUNC | IMA_MASK},
62 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC, 60 {.action = MEASURE,.func = BPRM_CHECK,.mask = MAY_EXEC,
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index a7be3f01fb08..ca835795a8b3 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -8,14 +8,13 @@
8#ifndef _SELINUX_SECURITY_H_ 8#ifndef _SELINUX_SECURITY_H_
9#define _SELINUX_SECURITY_H_ 9#define _SELINUX_SECURITY_H_
10 10
11#include <linux/magic.h>
11#include "flask.h" 12#include "flask.h"
12 13
13#define SECSID_NULL 0x00000000 /* unspecified SID */ 14#define SECSID_NULL 0x00000000 /* unspecified SID */
14#define SECSID_WILD 0xffffffff /* wildcard SID */ 15#define SECSID_WILD 0xffffffff /* wildcard SID */
15#define SECCLASS_NULL 0x0000 /* no class */ 16#define SECCLASS_NULL 0x0000 /* no class */
16 17
17#define SELINUX_MAGIC 0xf97cff8c
18
19/* Identify specific policy version changes */ 18/* Identify specific policy version changes */
20#define POLICYDB_VERSION_BASE 15 19#define POLICYDB_VERSION_BASE 15
21#define POLICYDB_VERSION_BOOL 16 20#define POLICYDB_VERSION_BOOL 16