diff options
| author | Paul Moore <paul.moore@hp.com> | 2008-01-29 08:38:19 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-01-29 16:17:23 -0500 |
| commit | 3bb56b25dbe0a4b44bd2ebceab6736d068e85068 (patch) | |
| tree | 2285d831352b8580d401730eee98820ed54a81a0 /security/selinux/include | |
| parent | 224dfbd81e1ff672eb46e7695469c395bd531083 (diff) | |
SELinux: Add a capabilities bitmap to SELinux policy version 22
Add a new policy capabilities bitmap to SELinux policy version 22. This bitmap
will enable the security server to query the policy to determine which features
it supports.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include')
| -rw-r--r-- | security/selinux/include/security.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index a33437bba932..a22de9771806 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -25,13 +25,14 @@ | |||
| 25 | #define POLICYDB_VERSION_MLS 19 | 25 | #define POLICYDB_VERSION_MLS 19 |
| 26 | #define POLICYDB_VERSION_AVTAB 20 | 26 | #define POLICYDB_VERSION_AVTAB 20 |
| 27 | #define POLICYDB_VERSION_RANGETRANS 21 | 27 | #define POLICYDB_VERSION_RANGETRANS 21 |
| 28 | #define POLICYDB_VERSION_POLCAP 22 | ||
| 28 | 29 | ||
| 29 | /* Range of policy versions we understand*/ | 30 | /* Range of policy versions we understand*/ |
| 30 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE | 31 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE |
| 31 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | 32 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX |
| 32 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE | 33 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE |
| 33 | #else | 34 | #else |
| 34 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS | 35 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_POLCAP |
| 35 | #endif | 36 | #endif |
| 36 | 37 | ||
| 37 | struct netlbl_lsm_secattr; | 38 | struct netlbl_lsm_secattr; |
| @@ -39,8 +40,19 @@ struct netlbl_lsm_secattr; | |||
| 39 | extern int selinux_enabled; | 40 | extern int selinux_enabled; |
| 40 | extern int selinux_mls_enabled; | 41 | extern int selinux_mls_enabled; |
| 41 | 42 | ||
| 43 | /* Policy capabilities */ | ||
| 44 | enum { | ||
| 45 | POLICYDB_CAPABILITY_NETPEER, | ||
| 46 | __POLICYDB_CAPABILITY_MAX | ||
| 47 | }; | ||
| 48 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) | ||
| 49 | |||
| 50 | extern int selinux_policycap_netpeer; | ||
| 51 | |||
| 42 | int security_load_policy(void * data, size_t len); | 52 | int security_load_policy(void * data, size_t len); |
| 43 | 53 | ||
| 54 | int security_policycap_supported(unsigned int req_cap); | ||
| 55 | |||
| 44 | #define SEL_VEC_MAX 32 | 56 | #define SEL_VEC_MAX 32 |
| 45 | struct av_decision { | 57 | struct av_decision { |
| 46 | u32 allowed; | 58 | u32 allowed; |
| @@ -91,6 +103,7 @@ int security_get_classes(char ***classes, int *nclasses); | |||
| 91 | int security_get_permissions(char *class, char ***perms, int *nperms); | 103 | int security_get_permissions(char *class, char ***perms, int *nperms); |
| 92 | int security_get_reject_unknown(void); | 104 | int security_get_reject_unknown(void); |
| 93 | int security_get_allow_unknown(void); | 105 | int security_get_allow_unknown(void); |
| 106 | int security_get_policycaps(int *len, int **values); | ||
| 94 | 107 | ||
| 95 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ | 108 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ |
| 96 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ | 109 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |