1 files changed, 112 insertions, 0 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
new file mode 100644
index 000000000000..9d684b1728b0
--- /dev/null
+++ b/include/linux/selinux.h
@@ -0,0 +1,112 @@
+/*
+ * SELinux services exported to the rest of the kernel.
+ *
+ * Author: James Morris <jmorris@redhat.com>
+ *
+ * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+#ifndef _LINUX_SELINUX_H
+#define _LINUX_SELINUX_H
+struct selinux_audit_rule;
+struct audit_context;
+#ifdef CONFIG_SECURITY_SELINUX
+/**
+ *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
+ *      @field: the field this rule refers to
+ *      @op: the operater the rule uses
+ *      @rulestr: the text "target" of the rule
+ *      @rule: pointer to the new rule structure returned via this
+ *
+ *      Returns 0 if successful, -errno if not.  On success, the rule structure
+ *      will be allocated internally.  The caller must free this structure with
+ *      selinux_audit_rule_free() after use.
+ */
+int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
+                            struct selinux_audit_rule **rule);
+/**
+ *      selinux_audit_rule_free - free an selinux audit rule structure.
+ *      @rule: pointer to the audit rule to be freed
+ *
+ *      This will free all memory associated with the given rule.
+ *      If @rule is NULL, no operation is performed.
+ */
+void selinux_audit_rule_free(struct selinux_audit_rule *rule);
+/**
+ *      selinux_audit_rule_match - determine if a context ID matches a rule.
+ *      @ctxid: the context ID to check
+ *      @field: the field this rule refers to
+ *      @op: the operater the rule uses
+ *      @rule: pointer to the audit rule to check against
+ *      @actx: the audit context (can be NULL) associated with the check
+ *
+ *      Returns 1 if the context id matches the rule, 0 if it does not, and
+ *      -errno on failure.
+ */
+int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
+                             struct selinux_audit_rule *rule,
+                             struct audit_context *actx);
+/**
+ *      selinux_audit_set_callback - set the callback for policy reloads.
+ *      @callback: the function to call when the policy is reloaded
+ *
+ *      This sets the function callback function that will update the rules
+ *      upon policy reloads.  This callback should rebuild all existing rules
+ *      using selinux_audit_rule_init().
+ */
+void selinux_audit_set_callback(int (*callback)(void));
+/**
+ *      selinux_task_ctxid - determine a context ID for a process.
+ *      @tsk: the task object
+ *      @ctxid: ID value returned via this
+ *
+ *      On return, ctxid will contain an ID for the context.  This value
+ *      should only be used opaquely.
+ */
+void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
+#else
+static inline int selinux_audit_rule_init(u32 field, u32 op,
+                                          char *rulestr,
+                                          struct selinux_audit_rule **rule)
+{
+        return -ENOTSUPP;
+}
+static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
+{
+        return;
+}
+static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
+                                           struct selinux_audit_rule *rule,
+                                           struct audit_context *actx)
+{
+        return 0;
+}
+static inline void selinux_audit_set_callback(int (*callback)(void))
+{
+        return;
+}
+static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
+{
+        *ctxid = 0;
+}
+#endif  /* CONFIG_SECURITY_SELINUX */
+#endif /* _LINUX_SELINUX_H */

diff --git a/include/linux/selinux.h b/include/linux/selinux.h new file mode 100644 index 000000000000..9d684b1728b0 --- /dev/null +++ b/include/linux/selinux.h
@@ -0,0 +1,112 @@
	1	/*
	2	* SELinux services exported to the rest of the kernel.
	3	*
	4	* Author: James Morris <jmorris@redhat.com>
	5	*
	6	* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
	7	* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License version 2,
	11	* as published by the Free Software Foundation.
	12	*/
	13	#ifndef _LINUX_SELINUX_H
	14	#define _LINUX_SELINUX_H
	15
	16	struct selinux_audit_rule;
	17	struct audit_context;
	18
	19	#ifdef CONFIG_SECURITY_SELINUX
	20
	21	/**
	22	* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
	23	* @field: the field this rule refers to
	24	* @op: the operater the rule uses
	25	* @rulestr: the text "target" of the rule
	26	* @rule: pointer to the new rule structure returned via this
	27	*
	28	* Returns 0 if successful, -errno if not. On success, the rule structure
	29	* will be allocated internally. The caller must free this structure with
	30	* selinux_audit_rule_free() after use.
	31	*/
	32	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
	33	struct selinux_audit_rule **rule);
	34
	35	/**
	36	* selinux_audit_rule_free - free an selinux audit rule structure.
	37	* @rule: pointer to the audit rule to be freed
	38	*
	39	* This will free all memory associated with the given rule.
	40	* If @rule is NULL, no operation is performed.
	41	*/
	42	void selinux_audit_rule_free(struct selinux_audit_rule *rule);
	43
	44	/**
	45	* selinux_audit_rule_match - determine if a context ID matches a rule.
	46	* @ctxid: the context ID to check
	47	* @field: the field this rule refers to
	48	* @op: the operater the rule uses
	49	* @rule: pointer to the audit rule to check against
	50	* @actx: the audit context (can be NULL) associated with the check
	51	*
	52	* Returns 1 if the context id matches the rule, 0 if it does not, and
	53	* -errno on failure.
	54	*/
	55	int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	56	struct selinux_audit_rule *rule,
	57	struct audit_context *actx);
	58
	59	/**
	60	* selinux_audit_set_callback - set the callback for policy reloads.
	61	* @callback: the function to call when the policy is reloaded
	62	*
	63	* This sets the function callback function that will update the rules
	64	* upon policy reloads. This callback should rebuild all existing rules
	65	* using selinux_audit_rule_init().
	66	*/
	67	void selinux_audit_set_callback(int (*callback)(void));
	68
	69	/**
	70	* selinux_task_ctxid - determine a context ID for a process.
	71	* @tsk: the task object
	72	* @ctxid: ID value returned via this
	73	*
	74	* On return, ctxid will contain an ID for the context. This value
	75	* should only be used opaquely.
	76	*/
	77	void selinux_task_ctxid(struct task_struct tsk, u32 ctxid);
	78
	79	#else
	80
	81	static inline int selinux_audit_rule_init(u32 field, u32 op,
	82	char *rulestr,
	83	struct selinux_audit_rule **rule)
	84	{
	85	return -ENOTSUPP;
	86	}
	87
	88	static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
	89	{
	90	return;
	91	}
	92
	93	static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	94	struct selinux_audit_rule *rule,
	95	struct audit_context *actx)
	96	{
	97	return 0;
	98	}
	99
	100	static inline void selinux_audit_set_callback(int (*callback)(void))
	101	{
	102	return;
	103	}
	104
	105	static inline void selinux_task_ctxid(struct task_struct tsk, u32 ctxid)
	106	{
	107	*ctxid = 0;
	108	}
	109
	110	#endif /* CONFIG_SECURITY_SELINUX */
	111
	112	#endif /* _LINUX_SELINUX_H */