Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next

author: James Morris <jmorris@namei.org> 2011-03-07 19:38:10 -0500
committer: James Morris <jmorris@namei.org> 2011-03-07 19:38:10 -0500
commit: fe3fa43039d47ee4e22caf460b79b62a14937f79 (patch)
tree: 9eab8d00f1227b9fe0959f32a62d892ed35803ba /security/selinux/include
parent: ee009e4a0d4555ed522a631bae9896399674f064 (diff)
parent: 026eb167ae77244458fa4b4b9fc171209c079ba7 (diff)
2 files changed, 10 insertions, 5 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 7ed3663332ec..b8c53723e09b 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -12,6 +12,10 @@
 #define COMMON_IPC_PERMS "create", "destroy", "getattr", "setattr", "read", \
            "write", "associate", "unix_read", "unix_write"
+/*
+ * Note: The name for any socket class should be suffixed by "socket",
+ *       and doesn't contain more than one substr of "socket".
+ */
 struct security_class_mapping secclass_map[] = {
        { "security",
          { "compute_av", "compute_create", "compute_member",
@@ -132,8 +136,7 @@ struct security_class_mapping secclass_map[] = {
        { "appletalk_socket",
          { COMMON_SOCK_PERMS, NULL } },
        { "packet",
-          { "send", "recv", "relabelto", "flow_in", "flow_out",
+          { "send", "recv", "relabelto", "forward_in", "forward_out", NULL } },
-            "forward_in", "forward_out", NULL } },
        { "key",
          { "view", "read", "write", "search", "link", "setattr", "create",
            NULL } },
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 671273eb1115..348eb00cb668 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -8,6 +8,7 @@
 #ifndef _SELINUX_SECURITY_H_
 #define _SELINUX_SECURITY_H_
+#include <linux/dcache.h>
 #include <linux/magic.h>
 #include <linux/types.h>
 #include "flask.h"
@@ -28,13 +29,14 @@
 #define POLICYDB_VERSION_POLCAP         22
 #define POLICYDB_VERSION_PERMISSIVE     23
 #define POLICYDB_VERSION_BOUNDARY       24
+#define POLICYDB_VERSION_FILENAME_TRANS 25
 /* Range of policy versions we understand*/
 #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
 #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX
 #define POLICYDB_VERSION_MAX    CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE
 #else
-#define POLICYDB_VERSION_MAX    POLICYDB_VERSION_BOUNDARY
+#define POLICYDB_VERSION_MAX    POLICYDB_VERSION_FILENAME_TRANS
 #endif
 /* Mask for just the mount related flags */
@@ -106,8 +108,8 @@ void security_compute_av(u32 ssid, u32 tsid,
 void security_compute_av_user(u32 ssid, u32 tsid,
                             u16 tclass, struct av_decision *avd);
-int security_transition_sid(u32 ssid, u32 tsid,
+int security_transition_sid(u32 ssid, u32 tsid, u16 tclass,
-                            u16 tclass, u32 *out_sid);
+                            const struct qstr *qstr, u32 *out_sid);
 int security_transition_sid_user(u32 ssid, u32 tsid,
                                 u16 tclass, u32 *out_sid);
author	James Morris <jmorris@namei.org>	2011-03-07 19:38:10 -0500
committer	James Morris <jmorris@namei.org>	2011-03-07 19:38:10 -0500
commit	fe3fa43039d47ee4e22caf460b79b62a14937f79 (patch)
tree	9eab8d00f1227b9fe0959f32a62d892ed35803ba /security/selinux/include
parent	ee009e4a0d4555ed522a631bae9896399674f064 (diff)
parent	026eb167ae77244458fa4b4b9fc171209c079ba7 (diff)