diff options
| author | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
|---|---|---|
| committer | Glenn Elliott <gelliott@cs.unc.edu> | 2012-03-04 19:47:13 -0500 |
| commit | c71c03bda1e86c9d5198c5d83f712e695c4f2a1e (patch) | |
| tree | ecb166cb3e2b7e2adb3b5e292245fefd23381ac8 /security/selinux/include/security.h | |
| parent | ea53c912f8a86a8567697115b6a0d8152beee5c8 (diff) | |
| parent | 6a00f206debf8a5c8899055726ad127dbeeed098 (diff) | |
Merge branch 'mpi-master' into wip-k-fmlpwip-k-fmlp
Conflicts:
litmus/sched_cedf.c
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 36 |
1 files changed, 31 insertions, 5 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 1f7c2491d3dc..3ba4feba048a 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -8,7 +8,9 @@ | |||
| 8 | #ifndef _SELINUX_SECURITY_H_ | 8 | #ifndef _SELINUX_SECURITY_H_ |
| 9 | #define _SELINUX_SECURITY_H_ | 9 | #define _SELINUX_SECURITY_H_ |
| 10 | 10 | ||
| 11 | #include <linux/dcache.h> | ||
| 11 | #include <linux/magic.h> | 12 | #include <linux/magic.h> |
| 13 | #include <linux/types.h> | ||
| 12 | #include "flask.h" | 14 | #include "flask.h" |
| 13 | 15 | ||
| 14 | #define SECSID_NULL 0x00000000 /* unspecified SID */ | 16 | #define SECSID_NULL 0x00000000 /* unspecified SID */ |
| @@ -27,13 +29,15 @@ | |||
| 27 | #define POLICYDB_VERSION_POLCAP 22 | 29 | #define POLICYDB_VERSION_POLCAP 22 |
| 28 | #define POLICYDB_VERSION_PERMISSIVE 23 | 30 | #define POLICYDB_VERSION_PERMISSIVE 23 |
| 29 | #define POLICYDB_VERSION_BOUNDARY 24 | 31 | #define POLICYDB_VERSION_BOUNDARY 24 |
| 32 | #define POLICYDB_VERSION_FILENAME_TRANS 25 | ||
| 33 | #define POLICYDB_VERSION_ROLETRANS 26 | ||
| 30 | 34 | ||
| 31 | /* Range of policy versions we understand*/ | 35 | /* Range of policy versions we understand*/ |
| 32 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE | 36 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE |
| 33 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | 37 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX |
| 34 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE | 38 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE |
| 35 | #else | 39 | #else |
| 36 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY | 40 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_ROLETRANS |
| 37 | #endif | 41 | #endif |
| 38 | 42 | ||
| 39 | /* Mask for just the mount related flags */ | 43 | /* Mask for just the mount related flags */ |
| @@ -82,6 +86,8 @@ extern int selinux_policycap_openperm; | |||
| 82 | int security_mls_enabled(void); | 86 | int security_mls_enabled(void); |
| 83 | 87 | ||
| 84 | int security_load_policy(void *data, size_t len); | 88 | int security_load_policy(void *data, size_t len); |
| 89 | int security_read_policy(void **data, size_t *len); | ||
| 90 | size_t security_policydb_len(void); | ||
| 85 | 91 | ||
| 86 | int security_policycap_supported(unsigned int req_cap); | 92 | int security_policycap_supported(unsigned int req_cap); |
| 87 | 93 | ||
| @@ -103,11 +109,11 @@ void security_compute_av(u32 ssid, u32 tsid, | |||
| 103 | void security_compute_av_user(u32 ssid, u32 tsid, | 109 | void security_compute_av_user(u32 ssid, u32 tsid, |
| 104 | u16 tclass, struct av_decision *avd); | 110 | u16 tclass, struct av_decision *avd); |
| 105 | 111 | ||
| 106 | int security_transition_sid(u32 ssid, u32 tsid, | 112 | int security_transition_sid(u32 ssid, u32 tsid, u16 tclass, |
| 107 | u16 tclass, u32 *out_sid); | 113 | const struct qstr *qstr, u32 *out_sid); |
| 108 | 114 | ||
| 109 | int security_transition_sid_user(u32 ssid, u32 tsid, | 115 | int security_transition_sid_user(u32 ssid, u32 tsid, u16 tclass, |
| 110 | u16 tclass, u32 *out_sid); | 116 | const char *objname, u32 *out_sid); |
| 111 | 117 | ||
| 112 | int security_member_sid(u32 ssid, u32 tsid, | 118 | int security_member_sid(u32 ssid, u32 tsid, |
| 113 | u16 tclass, u32 *out_sid); | 119 | u16 tclass, u32 *out_sid); |
| @@ -191,5 +197,25 @@ static inline int security_netlbl_sid_to_secattr(u32 sid, | |||
| 191 | 197 | ||
| 192 | const char *security_get_initial_sid_context(u32 sid); | 198 | const char *security_get_initial_sid_context(u32 sid); |
| 193 | 199 | ||
| 200 | /* | ||
| 201 | * status notifier using mmap interface | ||
| 202 | */ | ||
| 203 | extern struct page *selinux_kernel_status_page(void); | ||
| 204 | |||
| 205 | #define SELINUX_KERNEL_STATUS_VERSION 1 | ||
| 206 | struct selinux_kernel_status { | ||
| 207 | u32 version; /* version number of thie structure */ | ||
| 208 | u32 sequence; /* sequence number of seqlock logic */ | ||
| 209 | u32 enforcing; /* current setting of enforcing mode */ | ||
| 210 | u32 policyload; /* times of policy reloaded */ | ||
| 211 | u32 deny_unknown; /* current setting of deny_unknown */ | ||
| 212 | /* | ||
| 213 | * The version > 0 supports above members. | ||
| 214 | */ | ||
| 215 | } __attribute__((packed)); | ||
| 216 | |||
| 217 | extern void selinux_status_update_setenforce(int enforcing); | ||
| 218 | extern void selinux_status_update_policyload(int seqno); | ||
| 219 | |||
| 194 | #endif /* _SELINUX_SECURITY_H_ */ | 220 | #endif /* _SELINUX_SECURITY_H_ */ |
| 195 | 221 | ||