Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (26 commits) selinux: include vmalloc.h for vmalloc_user secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set selinux: implement mmap on /selinux/policy SELinux: allow userspace to read policy back out of the kernel SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE SELinux: deterministic ordering of range transition rules kernel: roundup should only reference arguments once kernel: rounddown helper function secmark: export secctx, drop secmark in procfs conntrack: export lsm context rather than internal secid via netlink security: secid_to_secctx returns len when data is NULL secmark: make secmark object handling generic secmark: do not return early if there was no error AppArmor: Ensure the size of the copy is < the buffer allocated to hold it TOMOYO: Print URL information before panic(). security: remove unused parameter from security_task_setscheduler() tpm: change 'tpm_suspend_pcr' to be module parameter selinux: fix up style problem on /selinux/status selinux: change to new flag variable selinux: really fix dependency causing parallel compile failure. ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-21 15:41:19 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-21 15:41:19 -0400
commit: a8fe1500986c32b46b36118aa250f6badca11bfc (patch)
tree: d5517e16e633fa0c54248f27b5921e8ac4e4a459 /security/selinux/include/security.h
parent: 94ebd235c493f43681f609b0e02733337053e8f0 (diff)
parent: f0d3d9894e43fc68d47948e2c6f03e32da88b799 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 1f7c2491d3dc..671273eb1115 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -9,6 +9,7 @@
 #define _SELINUX_SECURITY_H_
 #include <linux/magic.h>
+#include <linux/types.h>
 #include "flask.h"
 #define SECSID_NULL                     0x00000000 /* unspecified SID */
@@ -82,6 +83,8 @@ extern int selinux_policycap_openperm;
 int security_mls_enabled(void);
 int security_load_policy(void *data, size_t len);
+int security_read_policy(void **data, ssize_t *len);
+size_t security_policydb_len(void);
 int security_policycap_supported(unsigned int req_cap);
@@ -191,5 +194,25 @@ static inline int security_netlbl_sid_to_secattr(u32 sid,
 const char *security_get_initial_sid_context(u32 sid);
+/*
+ * status notifier using mmap interface
+ */
+extern struct page *selinux_kernel_status_page(void);
+#define SELINUX_KERNEL_STATUS_VERSION   1
+struct selinux_kernel_status {
+        u32     version;        /* version number of thie structure */
+        u32     sequence;       /* sequence number of seqlock logic */
+        u32     enforcing;      /* current setting of enforcing mode */
+        u32     policyload;     /* times of policy reloaded */
+        u32     deny_unknown;   /* current setting of deny_unknown */
+        /*
+         * The version > 0 supports above members.
+         */
+} __attribute__((packed));
+extern void selinux_status_update_setenforce(int enforcing);
+extern void selinux_status_update_policyload(int seqno);
 #endif /* _SELINUX_SECURITY_H_ */
author	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-21 15:41:19 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-21 15:41:19 -0400
commit	a8fe1500986c32b46b36118aa250f6badca11bfc (patch)
tree	d5517e16e633fa0c54248f27b5921e8ac4e4a459 /security/selinux/include/security.h
parent	94ebd235c493f43681f609b0e02733337053e8f0 (diff)
parent	f0d3d9894e43fc68d47948e2c6f03e32da88b799 (diff)

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 1f7c2491d3dc..671273eb1115 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h
@@ -9,6 +9,7 @@
9	#define _SELINUX_SECURITY_H_	9	#define _SELINUX_SECURITY_H_
10		10
11	#include <linux/magic.h>	11	#include <linux/magic.h>
		12	#include <linux/types.h>
12	#include "flask.h"	13	#include "flask.h"
13		14
14	#define SECSID_NULL 0x00000000 /* unspecified SID */	15	#define SECSID_NULL 0x00000000 /* unspecified SID */
@@ -82,6 +83,8 @@ extern int selinux_policycap_openperm;
82	int security_mls_enabled(void);	83	int security_mls_enabled(void);
83		84
84	int security_load_policy(void *data, size_t len);	85	int security_load_policy(void *data, size_t len);
		86	int security_read_policy(void *data, ssize_t len);
		87	size_t security_policydb_len(void);
85		88
86	int security_policycap_supported(unsigned int req_cap);	89	int security_policycap_supported(unsigned int req_cap);
87		90
@@ -191,5 +194,25 @@ static inline int security_netlbl_sid_to_secattr(u32 sid,
191		194
192	const char *security_get_initial_sid_context(u32 sid);	195	const char *security_get_initial_sid_context(u32 sid);
193		196
		197	/*
		198	* status notifier using mmap interface
		199	*/
		200	extern struct page *selinux_kernel_status_page(void);
		201
		202	#define SELINUX_KERNEL_STATUS_VERSION 1
		203	struct selinux_kernel_status {
		204	u32 version; /* version number of thie structure */
		205	u32 sequence; /* sequence number of seqlock logic */
		206	u32 enforcing; /* current setting of enforcing mode */
		207	u32 policyload; /* times of policy reloaded */
		208	u32 deny_unknown; /* current setting of deny_unknown */
		209	/*
		210	* The version > 0 supports above members.
		211	*/
		212	} __attribute__((packed));
		213
		214	extern void selinux_status_update_setenforce(int enforcing);
		215	extern void selinux_status_update_policyload(int seqno);
		216
194	#endif /* _SELINUX_SECURITY_H_ */	217	#endif /* _SELINUX_SECURITY_H_ */
195		218