diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-01-30 17:32:24 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-01-30 17:32:24 -0500 |
| commit | 44c3b59102e3ecc7a01e9811862633e670595e51 (patch) | |
| tree | 5bf397b2b4bd8fc08c59ad5f9f9c83874259da48 /security/selinux/include/objsec.h | |
| parent | 3b470ac43fcd9848fa65e58e54875ad75be61cec (diff) | |
| parent | f71ea9ddf0ff110f3fcbb89a46686bfba264014c (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
security: compile capabilities by default
selinux: make selinux_set_mnt_opts() static
SELinux: Add warning messages on network denial due to error
SELinux: Add network ingress and egress control permission checks
NetLabel: Add auditing to the static labeling mechanism
NetLabel: Introduce static network labels for unlabeled connections
SELinux: Allow NetLabel to directly cache SIDs
SELinux: Enable dynamic enable/disable of the network access checks
SELinux: Better integration between peer labeling subsystems
SELinux: Add a new peer class and permissions to the Flask definitions
SELinux: Add a capabilities bitmap to SELinux policy version 22
SELinux: Add a network node caching mechanism similar to the sel_netif_*() functions
SELinux: Only store the network interface's ifindex
SELinux: Convert the netif code to use ifindex values
NetLabel: Add IP address family information to the netlbl_skbuff_getattr() function
NetLabel: Add secid token support to the NetLabel secattr struct
NetLabel: Consolidate the LSM domain mapping/hashing locks
NetLabel: Cleanup the LSM domain hash functions
NetLabel: Remove unneeded RCU read locks
Diffstat (limited to 'security/selinux/include/objsec.h')
| -rw-r--r-- | security/selinux/include/objsec.h | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 4138a80f8e27..c6c2bb4ebacc 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
| @@ -96,17 +96,25 @@ struct bprm_security_struct { | |||
| 96 | }; | 96 | }; |
| 97 | 97 | ||
| 98 | struct netif_security_struct { | 98 | struct netif_security_struct { |
| 99 | struct net_device *dev; /* back pointer */ | 99 | int ifindex; /* device index */ |
| 100 | u32 if_sid; /* SID for this interface */ | 100 | u32 sid; /* SID for this interface */ |
| 101 | u32 msg_sid; /* default SID for messages received on this interface */ | 101 | }; |
| 102 | |||
| 103 | struct netnode_security_struct { | ||
| 104 | union { | ||
| 105 | __be32 ipv4; /* IPv4 node address */ | ||
| 106 | struct in6_addr ipv6; /* IPv6 node address */ | ||
| 107 | } addr; | ||
| 108 | u32 sid; /* SID for this node */ | ||
| 109 | u16 family; /* address family */ | ||
| 102 | }; | 110 | }; |
| 103 | 111 | ||
| 104 | struct sk_security_struct { | 112 | struct sk_security_struct { |
| 105 | struct sock *sk; /* back pointer to sk object */ | 113 | struct sock *sk; /* back pointer to sk object */ |
| 106 | u32 sid; /* SID of this object */ | 114 | u32 sid; /* SID of this object */ |
| 107 | u32 peer_sid; /* SID of peer */ | 115 | u32 peer_sid; /* SID of peer */ |
| 108 | #ifdef CONFIG_NETLABEL | ||
| 109 | u16 sclass; /* sock security class */ | 116 | u16 sclass; /* sock security class */ |
| 117 | #ifdef CONFIG_NETLABEL | ||
| 110 | enum { /* NetLabel state */ | 118 | enum { /* NetLabel state */ |
| 111 | NLBL_UNSET = 0, | 119 | NLBL_UNSET = 0, |
| 112 | NLBL_REQUIRE, | 120 | NLBL_REQUIRE, |