SELinux: Update policy version to support constraints info

Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow holding of policy source info for constraints. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Richard Haines <richard_c_haines@btinternet.com> 2013-11-19 17:34:23 -0500
committer: Paul Moore <pmoore@redhat.com> 2013-11-19 17:34:23 -0500
commit: a660bec1d84ad19a39e380af129e207b3b8f609e (patch)
tree: 7dce6178a20225dacb833cec5d3b781d1b3626ac /security/selinux/ss/policydb.h
parent: 94851b18d4eb94f8bbf0d9176f7429bd8e371f62 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index da637471d4ce..725d5945a97e 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -154,6 +154,17 @@ struct cond_bool_datum {
 struct cond_node;
 /*
+ * type set preserves data needed to determine constraint info from
+ * policy source. This is not used by the kernel policy but allows
+ * utilities such as audit2allow to determine constraint denials.
+ */
+struct type_set {
+        struct ebitmap types;
+        struct ebitmap negset;
+        u32 flags;
+};
+/*
 * The configuration data includes security contexts for
 * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
 * network interfaces, and nodes.  This structure stores the
author	Richard Haines <richard_c_haines@btinternet.com>	2013-11-19 17:34:23 -0500
committer	Paul Moore <pmoore@redhat.com>	2013-11-19 17:34:23 -0500
commit	a660bec1d84ad19a39e380af129e207b3b8f609e (patch)
tree	7dce6178a20225dacb833cec5d3b781d1b3626ac /security/selinux/ss/policydb.h
parent	94851b18d4eb94f8bbf0d9176f7429bd8e371f62 (diff)

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index da637471d4ce..725d5945a97e 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h
@@ -154,6 +154,17 @@ struct cond_bool_datum {
154	struct cond_node;	154	struct cond_node;
155		155
156	/*	156	/*
		157	* type set preserves data needed to determine constraint info from
		158	* policy source. This is not used by the kernel policy but allows
		159	* utilities such as audit2allow to determine constraint denials.
		160	*/
		161	struct type_set {
		162	struct ebitmap types;
		163	struct ebitmap negset;
		164	u32 flags;
		165	};
		166
		167	/*
157	* The configuration data includes security contexts for	168	* The configuration data includes security contexts for
158	* initial SIDs, unlabeled file systems, TCP and UDP port numbers,	169	* initial SIDs, unlabeled file systems, TCP and UDP port numbers,
159	* network interfaces, and nodes. This structure stores the	170	* network interfaces, and nodes. This structure stores the