diff options
author | David P. Quigley <dpquigl@tycho.nsa.gov> | 2009-01-16 09:22:02 -0500 |
---|---|---|
committer | James Morris <jmorris@macbook.localdomain> | 2009-01-18 17:46:40 -0500 |
commit | 0d90a7ec48c704025307b129413bc62451b20ab3 (patch) | |
tree | 38cc8a7f5ff3afaccd16d2978455ccc002d69933 /security/selinux/include | |
parent | c8334dc8fb6413b363df3e1419e287f5b25bce32 (diff) |
SELinux: Condense super block security structure flags and cleanup necessary code.
The super block security structure currently has three fields for what are
essentially flags. The flags field is used for mount options while two other
char fields are used for initialization and proc flags. These latter two fields are
essentially bit fields since the only used values are 0 and 1. These fields
have been collapsed into the flags field and new bit masks have been added for
them. The code is also fixed to work with these new flags.
Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@macbook.localdomain>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/objsec.h | 2 | ||||
-rw-r--r-- | security/selinux/include/security.h | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 3cc45168f674..c4e062336ef3 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -60,9 +60,7 @@ struct superblock_security_struct { | |||
60 | u32 def_sid; /* default SID for labeling */ | 60 | u32 def_sid; /* default SID for labeling */ |
61 | u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ | 61 | u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ |
62 | unsigned int behavior; /* labeling behavior */ | 62 | unsigned int behavior; /* labeling behavior */ |
63 | unsigned char initialized; /* initialization flag */ | ||
64 | unsigned char flags; /* which mount options were specified */ | 63 | unsigned char flags; /* which mount options were specified */ |
65 | unsigned char proc; /* proc fs */ | ||
66 | struct mutex lock; | 64 | struct mutex lock; |
67 | struct list_head isec_head; | 65 | struct list_head isec_head; |
68 | spinlock_t isec_lock; | 66 | spinlock_t isec_lock; |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 72447370bc95..ff4e19ccd8f8 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -37,10 +37,16 @@ | |||
37 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY | 37 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY |
38 | #endif | 38 | #endif |
39 | 39 | ||
40 | /* Mask for just the mount related flags */ | ||
41 | #define SE_MNTMASK 0x0f | ||
42 | /* Super block security struct flags for mount options */ | ||
40 | #define CONTEXT_MNT 0x01 | 43 | #define CONTEXT_MNT 0x01 |
41 | #define FSCONTEXT_MNT 0x02 | 44 | #define FSCONTEXT_MNT 0x02 |
42 | #define ROOTCONTEXT_MNT 0x04 | 45 | #define ROOTCONTEXT_MNT 0x04 |
43 | #define DEFCONTEXT_MNT 0x08 | 46 | #define DEFCONTEXT_MNT 0x08 |
47 | /* Non-mount related flags */ | ||
48 | #define SE_SBINITIALIZED 0x10 | ||
49 | #define SE_SBPROC 0x20 | ||
44 | 50 | ||
45 | #define CONTEXT_STR "context=" | 51 | #define CONTEXT_STR "context=" |
46 | #define FSCONTEXT_STR "fscontext=" | 52 | #define FSCONTEXT_STR "fscontext=" |