diff options
author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:19 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:23 -0500 |
commit | 3bb56b25dbe0a4b44bd2ebceab6736d068e85068 (patch) | |
tree | 2285d831352b8580d401730eee98820ed54a81a0 /security/selinux/include | |
parent | 224dfbd81e1ff672eb46e7695469c395bd531083 (diff) |
SELinux: Add a capabilities bitmap to SELinux policy version 22
Add a new policy capabilities bitmap to SELinux policy version 22. This bitmap
will enable the security server to query the policy to determine which features
it supports.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/security.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index a33437bba932..a22de9771806 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -25,13 +25,14 @@ | |||
25 | #define POLICYDB_VERSION_MLS 19 | 25 | #define POLICYDB_VERSION_MLS 19 |
26 | #define POLICYDB_VERSION_AVTAB 20 | 26 | #define POLICYDB_VERSION_AVTAB 20 |
27 | #define POLICYDB_VERSION_RANGETRANS 21 | 27 | #define POLICYDB_VERSION_RANGETRANS 21 |
28 | #define POLICYDB_VERSION_POLCAP 22 | ||
28 | 29 | ||
29 | /* Range of policy versions we understand*/ | 30 | /* Range of policy versions we understand*/ |
30 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE | 31 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE |
31 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | 32 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX |
32 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE | 33 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE |
33 | #else | 34 | #else |
34 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS | 35 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_POLCAP |
35 | #endif | 36 | #endif |
36 | 37 | ||
37 | struct netlbl_lsm_secattr; | 38 | struct netlbl_lsm_secattr; |
@@ -39,8 +40,19 @@ struct netlbl_lsm_secattr; | |||
39 | extern int selinux_enabled; | 40 | extern int selinux_enabled; |
40 | extern int selinux_mls_enabled; | 41 | extern int selinux_mls_enabled; |
41 | 42 | ||
43 | /* Policy capabilities */ | ||
44 | enum { | ||
45 | POLICYDB_CAPABILITY_NETPEER, | ||
46 | __POLICYDB_CAPABILITY_MAX | ||
47 | }; | ||
48 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) | ||
49 | |||
50 | extern int selinux_policycap_netpeer; | ||
51 | |||
42 | int security_load_policy(void * data, size_t len); | 52 | int security_load_policy(void * data, size_t len); |
43 | 53 | ||
54 | int security_policycap_supported(unsigned int req_cap); | ||
55 | |||
44 | #define SEL_VEC_MAX 32 | 56 | #define SEL_VEC_MAX 32 |
45 | struct av_decision { | 57 | struct av_decision { |
46 | u32 allowed; | 58 | u32 allowed; |
@@ -91,6 +103,7 @@ int security_get_classes(char ***classes, int *nclasses); | |||
91 | int security_get_permissions(char *class, char ***perms, int *nperms); | 103 | int security_get_permissions(char *class, char ***perms, int *nperms); |
92 | int security_get_reject_unknown(void); | 104 | int security_get_reject_unknown(void); |
93 | int security_get_allow_unknown(void); | 105 | int security_get_allow_unknown(void); |
106 | int security_get_policycaps(int *len, int **values); | ||
94 | 107 | ||
95 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ | 108 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ |
96 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ | 109 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |