diff options
author | James Morris <jmorris@namei.org> | 2006-06-09 03:28:25 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-06-18 00:29:55 -0400 |
commit | c749b29fae74ed59c507d84025b3298202b42609 (patch) | |
tree | c06b1fb17cce425692f7ab40b2df8c5b00d8c931 /include/linux | |
parent | 29a395eac4c320c570e73f0a90d8953d80da8359 (diff) |
[SECMARK]: Add SELinux exports
Add and export new functions to the in-kernel SELinux API in support of the
new secmark-based packet controls.
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/selinux.h | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 4047bcde4484..aad4e390d6a5 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h | |||
@@ -118,6 +118,27 @@ void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid); | |||
118 | */ | 118 | */ |
119 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); | 119 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); |
120 | 120 | ||
121 | /** | ||
122 | * selinux_string_to_sid - map a security context string to a security ID | ||
123 | * @str: the security context string to be mapped | ||
124 | * @sid: ID value returned via this. | ||
125 | * | ||
126 | * Returns 0 if successful, with the SID stored in sid. A value | ||
127 | * of zero for sid indicates no SID could be determined (but no error | ||
128 | * occurred). | ||
129 | */ | ||
130 | int selinux_string_to_sid(char *str, u32 *sid); | ||
131 | |||
132 | /** | ||
133 | * selinux_relabel_packet_permission - check permission to relabel a packet | ||
134 | * @sid: ID value to be applied to network packet (via SECMARK, most likely) | ||
135 | * | ||
136 | * Returns 0 if the current task is allowed to label packets with the | ||
137 | * supplied security ID. Note that it is implicit that the packet is always | ||
138 | * being relabeled from the default unlabled value, and that the access | ||
139 | * control decision is made in the AVC. | ||
140 | */ | ||
141 | int selinux_relabel_packet_permission(u32 sid); | ||
121 | 142 | ||
122 | #else | 143 | #else |
123 | 144 | ||
@@ -172,6 +193,17 @@ static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid) | |||
172 | *sid = 0; | 193 | *sid = 0; |
173 | } | 194 | } |
174 | 195 | ||
196 | static inline int selinux_string_to_sid(const char *str, u32 *sid) | ||
197 | { | ||
198 | *sid = 0; | ||
199 | return 0; | ||
200 | } | ||
201 | |||
202 | static inline int selinux_relabel_packet_permission(u32 sid) | ||
203 | { | ||
204 | return 0; | ||
205 | } | ||
206 | |||
175 | #endif /* CONFIG_SECURITY_SELINUX */ | 207 | #endif /* CONFIG_SECURITY_SELINUX */ |
176 | 208 | ||
177 | #endif /* _LINUX_SELINUX_H */ | 209 | #endif /* _LINUX_SELINUX_H */ |