aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
authorDavid P. Quigley <dpquigl@tycho.nsa.gov>2009-01-16 09:22:02 -0500
committerJames Morris <jmorris@macbook.localdomain>2009-01-18 17:46:40 -0500
commit0d90a7ec48c704025307b129413bc62451b20ab3 (patch)
tree38cc8a7f5ff3afaccd16d2978455ccc002d69933 /security/selinux/include
parentc8334dc8fb6413b363df3e1419e287f5b25bce32 (diff)
SELinux: Condense super block security structure flags and cleanup necessary code.
The super block security structure currently has three fields for what are essentially flags. The flags field is used for mount options while two other char fields are used for initialization and proc flags. These latter two fields are essentially bit fields since the only used values are 0 and 1. These fields have been collapsed into the flags field and new bit masks have been added for them. The code is also fixed to work with these new flags. Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@macbook.localdomain>
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/objsec.h2
-rw-r--r--security/selinux/include/security.h6
2 files changed, 6 insertions, 2 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 3cc45168f674..c4e062336ef3 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -60,9 +60,7 @@ struct superblock_security_struct {
60 u32 def_sid; /* default SID for labeling */ 60 u32 def_sid; /* default SID for labeling */
61 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ 61 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
62 unsigned int behavior; /* labeling behavior */ 62 unsigned int behavior; /* labeling behavior */
63 unsigned char initialized; /* initialization flag */
64 unsigned char flags; /* which mount options were specified */ 63 unsigned char flags; /* which mount options were specified */
65 unsigned char proc; /* proc fs */
66 struct mutex lock; 64 struct mutex lock;
67 struct list_head isec_head; 65 struct list_head isec_head;
68 spinlock_t isec_lock; 66 spinlock_t isec_lock;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 72447370bc95..ff4e19ccd8f8 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -37,10 +37,16 @@
37#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY 37#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
38#endif 38#endif
39 39
40/* Mask for just the mount related flags */
41#define SE_MNTMASK 0x0f
42/* Super block security struct flags for mount options */
40#define CONTEXT_MNT 0x01 43#define CONTEXT_MNT 0x01
41#define FSCONTEXT_MNT 0x02 44#define FSCONTEXT_MNT 0x02
42#define ROOTCONTEXT_MNT 0x04 45#define ROOTCONTEXT_MNT 0x04
43#define DEFCONTEXT_MNT 0x08 46#define DEFCONTEXT_MNT 0x08
47/* Non-mount related flags */
48#define SE_SBINITIALIZED 0x10
49#define SE_SBPROC 0x20
44 50
45#define CONTEXT_STR "context=" 51#define CONTEXT_STR "context="
46#define FSCONTEXT_STR "fscontext=" 52#define FSCONTEXT_STR "fscontext="