diff options
author | David Woodhouse <dwmw2@infradead.org> | 2008-02-03 02:29:41 -0500 |
---|---|---|
committer | David Woodhouse <dwmw2@infradead.org> | 2008-02-03 02:30:32 -0500 |
commit | c1f3ee120bb61045b1c0a3ead620d1d65af47130 (patch) | |
tree | 908430bf2b47fe8e96ac623ae7ab6dd5698d0938 /include/linux/selinux.h | |
parent | e619a75ff6201b567a539e787aa9af9bc63a3187 (diff) | |
parent | 9135f1901ee6449dfe338adf6e40e9c2025b8150 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
Diffstat (limited to 'include/linux/selinux.h')
-rw-r--r-- | include/linux/selinux.h | 47 |
1 files changed, 38 insertions, 9 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h index d1b7ca6c1c57..8c2cc4c02526 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h | |||
@@ -120,23 +120,42 @@ void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); | |||
120 | int selinux_string_to_sid(char *str, u32 *sid); | 120 | int selinux_string_to_sid(char *str, u32 *sid); |
121 | 121 | ||
122 | /** | 122 | /** |
123 | * selinux_relabel_packet_permission - check permission to relabel a packet | 123 | * selinux_secmark_relabel_packet_permission - secmark permission check |
124 | * @sid: ID value to be applied to network packet (via SECMARK, most likely) | 124 | * @sid: SECMARK ID value to be applied to network packet |
125 | * | 125 | * |
126 | * Returns 0 if the current task is allowed to label packets with the | 126 | * Returns 0 if the current task is allowed to set the SECMARK label of |
127 | * supplied security ID. Note that it is implicit that the packet is always | 127 | * packets with the supplied security ID. Note that it is implicit that |
128 | * being relabeled from the default unlabled value, and that the access | 128 | * the packet is always being relabeled from the default unlabeled value, |
129 | * control decision is made in the AVC. | 129 | * and that the access control decision is made in the AVC. |
130 | */ | 130 | */ |
131 | int selinux_relabel_packet_permission(u32 sid); | 131 | int selinux_secmark_relabel_packet_permission(u32 sid); |
132 | 132 | ||
133 | /** | ||
134 | * selinux_secmark_refcount_inc - increments the secmark use counter | ||
135 | * | ||
136 | * SELinux keeps track of the current SECMARK targets in use so it knows | ||
137 | * when to apply SECMARK label access checks to network packets. This | ||
138 | * function incements this reference count to indicate that a new SECMARK | ||
139 | * target has been configured. | ||
140 | */ | ||
141 | void selinux_secmark_refcount_inc(void); | ||
142 | |||
143 | /** | ||
144 | * selinux_secmark_refcount_dec - decrements the secmark use counter | ||
145 | * | ||
146 | * SELinux keeps track of the current SECMARK targets in use so it knows | ||
147 | * when to apply SECMARK label access checks to network packets. This | ||
148 | * function decements this reference count to indicate that one of the | ||
149 | * existing SECMARK targets has been removed/flushed. | ||
150 | */ | ||
151 | void selinux_secmark_refcount_dec(void); | ||
133 | #else | 152 | #else |
134 | 153 | ||
135 | static inline int selinux_audit_rule_init(u32 field, u32 op, | 154 | static inline int selinux_audit_rule_init(u32 field, u32 op, |
136 | char *rulestr, | 155 | char *rulestr, |
137 | struct selinux_audit_rule **rule) | 156 | struct selinux_audit_rule **rule) |
138 | { | 157 | { |
139 | return -ENOTSUPP; | 158 | return -EOPNOTSUPP; |
140 | } | 159 | } |
141 | 160 | ||
142 | static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) | 161 | static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) |
@@ -184,11 +203,21 @@ static inline int selinux_string_to_sid(const char *str, u32 *sid) | |||
184 | return 0; | 203 | return 0; |
185 | } | 204 | } |
186 | 205 | ||
187 | static inline int selinux_relabel_packet_permission(u32 sid) | 206 | static inline int selinux_secmark_relabel_packet_permission(u32 sid) |
188 | { | 207 | { |
189 | return 0; | 208 | return 0; |
190 | } | 209 | } |
191 | 210 | ||
211 | static inline void selinux_secmark_refcount_inc(void) | ||
212 | { | ||
213 | return; | ||
214 | } | ||
215 | |||
216 | static inline void selinux_secmark_refcount_dec(void) | ||
217 | { | ||
218 | return; | ||
219 | } | ||
220 | |||
192 | #endif /* CONFIG_SECURITY_SELINUX */ | 221 | #endif /* CONFIG_SECURITY_SELINUX */ |
193 | 222 | ||
194 | #endif /* _LINUX_SELINUX_H */ | 223 | #endif /* _LINUX_SELINUX_H */ |