Merge branch 'master' of /home/davem/src/GIT/linux-2.6/

author: David S. Miller <davem@davemloft.net> 2009-03-27 20:19:16 -0400
committer: David S. Miller <davem@davemloft.net> 2009-03-27 20:19:16 -0400
commit: a83398570e17af6bb81eb94f4f5dd356bd2828d8 (patch)
tree: 5b5c7c3a56898485479291b7c964a1f3887d469c /security/selinux/include
parent: f9384d41c02408dd404aa64d66d0ef38adcf6479 (diff)
parent: 0b4d569de222452bcb55a4a536ade6cf4d8d1e30 (diff)
4 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index c0c885427b91..31df1d7c1aee 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -24,6 +24,7 @@
   S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
   S_(SECCLASS_CHR_FILE, CHR_FILE__OPEN, "open")
   S_(SECCLASS_BLK_FILE, BLK_FILE__OPEN, "open")
+   S_(SECCLASS_SOCK_FILE, SOCK_FILE__OPEN, "open")
   S_(SECCLASS_FIFO_FILE, FIFO_FILE__OPEN, "open")
   S_(SECCLASS_FD, FD__USE, "use")
   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
@@ -152,6 +153,7 @@
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit")
   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
   S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 0ba79fe00e11..d645192ee950 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -174,6 +174,7 @@
 #define SOCK_FILE__SWAPON                         0x00004000UL
 #define SOCK_FILE__QUOTAON                        0x00008000UL
 #define SOCK_FILE__MOUNTON                        0x00010000UL
+#define SOCK_FILE__OPEN                           0x00020000UL
 #define FIFO_FILE__IOCTL                          0x00000001UL
 #define FIFO_FILE__READ                           0x00000002UL
 #define FIFO_FILE__WRITE                          0x00000004UL
@@ -707,6 +708,7 @@
 #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE         0x00800000UL
 #define NETLINK_AUDIT_SOCKET__NLMSG_RELAY         0x01000000UL
 #define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV      0x02000000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT     0x04000000UL
 #define NETLINK_IP6FW_SOCKET__IOCTL               0x00000001UL
 #define NETLINK_IP6FW_SOCKET__READ                0x00000002UL
 #define NETLINK_IP6FW_SOCKET__WRITE               0x00000004UL
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 3cc45168f674..c4e062336ef3 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -60,9 +60,7 @@ struct superblock_security_struct {
        u32 def_sid;                    /* default SID for labeling */
        u32 mntpoint_sid;               /* SECURITY_FS_USE_MNTPOINT context for files */
        unsigned int behavior;          /* labeling behavior */
-        unsigned char initialized;      /* initialization flag */
        unsigned char flags;            /* which mount options were specified */
-        unsigned char proc;             /* proc fs */
        struct mutex lock;
        struct list_head isec_head;
        spinlock_t isec_lock;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 72447370bc95..5c3434f7626f 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -37,15 +37,23 @@
 #define POLICYDB_VERSION_MAX    POLICYDB_VERSION_BOUNDARY
 #endif
+/* Mask for just the mount related flags */
+#define SE_MNTMASK      0x0f
+/* Super block security struct flags for mount options */
 #define CONTEXT_MNT     0x01
 #define FSCONTEXT_MNT   0x02
 #define ROOTCONTEXT_MNT 0x04
 #define DEFCONTEXT_MNT  0x08
+/* Non-mount related flags */
+#define SE_SBINITIALIZED        0x10
+#define SE_SBPROC               0x20
+#define SE_SBLABELSUPP  0x40
 #define CONTEXT_STR     "context="
 #define FSCONTEXT_STR   "fscontext="
 #define ROOTCONTEXT_STR "rootcontext="
 #define DEFCONTEXT_STR  "defcontext="
+#define LABELSUPP_STR "seclabel"
 struct netlbl_lsm_secattr;
@@ -80,7 +88,6 @@ int security_policycap_supported(unsigned int req_cap);
 #define SEL_VEC_MAX 32
 struct av_decision {
        u32 allowed;
-        u32 decided;
        u32 auditallow;
        u32 auditdeny;
        u32 seqno;
author	David S. Miller <davem@davemloft.net>	2009-03-27 20:19:16 -0400
committer	David S. Miller <davem@davemloft.net>	2009-03-27 20:19:16 -0400
commit	a83398570e17af6bb81eb94f4f5dd356bd2828d8 (patch)
tree	5b5c7c3a56898485479291b7c964a1f3887d469c /security/selinux/include
parent	f9384d41c02408dd404aa64d66d0ef38adcf6479 (diff)
parent	0b4d569de222452bcb55a4a536ade6cf4d8d1e30 (diff)