1 files changed, 177 insertions, 0 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
new file mode 100644
index 000000000000..4047bcde4484
--- /dev/null
+++ b/include/linux/selinux.h
@@ -0,0 +1,177 @@
+/*
+ * SELinux services exported to the rest of the kernel.
+ *
+ * Author: James Morris <jmorris@redhat.com>
+ *
+ * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ */
+#ifndef _LINUX_SELINUX_H
+#define _LINUX_SELINUX_H
+struct selinux_audit_rule;
+struct audit_context;
+struct inode;
+struct kern_ipc_perm;
+#ifdef CONFIG_SECURITY_SELINUX
+/**
+ *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
+ *      @field: the field this rule refers to
+ *      @op: the operater the rule uses
+ *      @rulestr: the text "target" of the rule
+ *      @rule: pointer to the new rule structure returned via this
+ *
+ *      Returns 0 if successful, -errno if not.  On success, the rule structure
+ *      will be allocated internally.  The caller must free this structure with
+ *      selinux_audit_rule_free() after use.
+ */
+int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
+                            struct selinux_audit_rule **rule);
+/**
+ *      selinux_audit_rule_free - free an selinux audit rule structure.
+ *      @rule: pointer to the audit rule to be freed
+ *
+ *      This will free all memory associated with the given rule.
+ *      If @rule is NULL, no operation is performed.
+ */
+void selinux_audit_rule_free(struct selinux_audit_rule *rule);
+/**
+ *      selinux_audit_rule_match - determine if a context ID matches a rule.
+ *      @ctxid: the context ID to check
+ *      @field: the field this rule refers to
+ *      @op: the operater the rule uses
+ *      @rule: pointer to the audit rule to check against
+ *      @actx: the audit context (can be NULL) associated with the check
+ *
+ *      Returns 1 if the context id matches the rule, 0 if it does not, and
+ *      -errno on failure.
+ */
+int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
+                             struct selinux_audit_rule *rule,
+                             struct audit_context *actx);
+/**
+ *      selinux_audit_set_callback - set the callback for policy reloads.
+ *      @callback: the function to call when the policy is reloaded
+ *
+ *      This sets the function callback function that will update the rules
+ *      upon policy reloads.  This callback should rebuild all existing rules
+ *      using selinux_audit_rule_init().
+ */
+void selinux_audit_set_callback(int (*callback)(void));
+/**
+ *      selinux_task_ctxid - determine a context ID for a process.
+ *      @tsk: the task object
+ *      @ctxid: ID value returned via this
+ *
+ *      On return, ctxid will contain an ID for the context.  This value
+ *      should only be used opaquely.
+ */
+void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
+/**
+ *     selinux_ctxid_to_string - map a security context ID to a string
+ *     @ctxid: security context ID to be converted.
+ *     @ctx: address of context string to be returned
+ *     @ctxlen: length of returned context string.
+ *
+ *     Returns 0 if successful, -errno if not.  On success, the context
+ *     string will be allocated internally, and the caller must call
+ *     kfree() on it after use.
+ */
+int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
+/**
+ *     selinux_get_inode_sid - get the inode's security context ID
+ *     @inode: inode structure to get the sid from.
+ *     @sid: pointer to security context ID to be filled in.
+ *
+ *     Returns nothing
+ */
+void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
+/**
+ *     selinux_get_ipc_sid - get the ipc security context ID
+ *     @ipcp: ipc structure to get the sid from.
+ *     @sid: pointer to security context ID to be filled in.
+ *
+ *     Returns nothing
+ */
+void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
+/**
+ *     selinux_get_task_sid - return the SID of task
+ *     @tsk: the task whose SID will be returned
+ *     @sid: pointer to security context ID to be filled in.
+ *
+ *     Returns nothing
+ */
+void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
+#else
+static inline int selinux_audit_rule_init(u32 field, u32 op,
+                                          char *rulestr,
+                                          struct selinux_audit_rule **rule)
+{
+        return -ENOTSUPP;
+}
+static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
+{
+        return;
+}
+static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
+                                           struct selinux_audit_rule *rule,
+                                           struct audit_context *actx)
+{
+        return 0;
+}
+static inline void selinux_audit_set_callback(int (*callback)(void))
+{
+        return;
+}
+static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
+{
+        *ctxid = 0;
+}
+static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
+{
+       *ctx = NULL;
+       *ctxlen = 0;
+       return 0;
+}
+static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
+{
+        *sid = 0;
+}
+static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
+{
+        *sid = 0;
+}
+static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
+{
+        *sid = 0;
+}
+#endif  /* CONFIG_SECURITY_SELINUX */
+#endif /* _LINUX_SELINUX_H */

diff --git a/include/linux/selinux.h b/include/linux/selinux.h new file mode 100644 index 000000000000..4047bcde4484 --- /dev/null +++ b/include/linux/selinux.h
@@ -0,0 +1,177 @@
	1	/*
	2	* SELinux services exported to the rest of the kernel.
	3	*
	4	* Author: James Morris <jmorris@redhat.com>
	5	*
	6	* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
	7	* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
	8	* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
	9	*
	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License version 2,
	12	* as published by the Free Software Foundation.
	13	*/
	14	#ifndef _LINUX_SELINUX_H
	15	#define _LINUX_SELINUX_H
	16
	17	struct selinux_audit_rule;
	18	struct audit_context;
	19	struct inode;
	20	struct kern_ipc_perm;
	21
	22	#ifdef CONFIG_SECURITY_SELINUX
	23
	24	/**
	25	* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
	26	* @field: the field this rule refers to
	27	* @op: the operater the rule uses
	28	* @rulestr: the text "target" of the rule
	29	* @rule: pointer to the new rule structure returned via this
	30	*
	31	* Returns 0 if successful, -errno if not. On success, the rule structure
	32	* will be allocated internally. The caller must free this structure with
	33	* selinux_audit_rule_free() after use.
	34	*/
	35	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
	36	struct selinux_audit_rule **rule);
	37
	38	/**
	39	* selinux_audit_rule_free - free an selinux audit rule structure.
	40	* @rule: pointer to the audit rule to be freed
	41	*
	42	* This will free all memory associated with the given rule.
	43	* If @rule is NULL, no operation is performed.
	44	*/
	45	void selinux_audit_rule_free(struct selinux_audit_rule *rule);
	46
	47	/**
	48	* selinux_audit_rule_match - determine if a context ID matches a rule.
	49	* @ctxid: the context ID to check
	50	* @field: the field this rule refers to
	51	* @op: the operater the rule uses
	52	* @rule: pointer to the audit rule to check against
	53	* @actx: the audit context (can be NULL) associated with the check
	54	*
	55	* Returns 1 if the context id matches the rule, 0 if it does not, and
	56	* -errno on failure.
	57	*/
	58	int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	59	struct selinux_audit_rule *rule,
	60	struct audit_context *actx);
	61
	62	/**
	63	* selinux_audit_set_callback - set the callback for policy reloads.
	64	* @callback: the function to call when the policy is reloaded
	65	*
	66	* This sets the function callback function that will update the rules
	67	* upon policy reloads. This callback should rebuild all existing rules
	68	* using selinux_audit_rule_init().
	69	*/
	70	void selinux_audit_set_callback(int (*callback)(void));
	71
	72	/**
	73	* selinux_task_ctxid - determine a context ID for a process.
	74	* @tsk: the task object
	75	* @ctxid: ID value returned via this
	76	*
	77	* On return, ctxid will contain an ID for the context. This value
	78	* should only be used opaquely.
	79	*/
	80	void selinux_task_ctxid(struct task_struct tsk, u32 ctxid);
	81
	82	/**
	83	* selinux_ctxid_to_string - map a security context ID to a string
	84	* @ctxid: security context ID to be converted.
	85	* @ctx: address of context string to be returned
	86	* @ctxlen: length of returned context string.
	87	*
	88	* Returns 0 if successful, -errno if not. On success, the context
	89	* string will be allocated internally, and the caller must call
	90	* kfree() on it after use.
	91	*/
	92	int selinux_ctxid_to_string(u32 ctxid, char *ctx, u32 ctxlen);
	93
	94	/**
	95	* selinux_get_inode_sid - get the inode's security context ID
	96	* @inode: inode structure to get the sid from.
	97	* @sid: pointer to security context ID to be filled in.
	98	*
	99	* Returns nothing
	100	*/
	101	void selinux_get_inode_sid(const struct inode inode, u32 sid);
	102
	103	/**
	104	* selinux_get_ipc_sid - get the ipc security context ID
	105	* @ipcp: ipc structure to get the sid from.
	106	* @sid: pointer to security context ID to be filled in.
	107	*
	108	* Returns nothing
	109	*/
	110	void selinux_get_ipc_sid(const struct kern_ipc_perm ipcp, u32 sid);
	111
	112	/**
	113	* selinux_get_task_sid - return the SID of task
	114	* @tsk: the task whose SID will be returned
	115	* @sid: pointer to security context ID to be filled in.
	116	*
	117	* Returns nothing
	118	*/
	119	void selinux_get_task_sid(struct task_struct tsk, u32 sid);
	120
	121
	122	#else
	123
	124	static inline int selinux_audit_rule_init(u32 field, u32 op,
	125	char *rulestr,
	126	struct selinux_audit_rule **rule)
	127	{
	128	return -ENOTSUPP;
	129	}
	130
	131	static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
	132	{
	133	return;
	134	}
	135
	136	static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	137	struct selinux_audit_rule *rule,
	138	struct audit_context *actx)
	139	{
	140	return 0;
	141	}
	142
	143	static inline void selinux_audit_set_callback(int (*callback)(void))
	144	{
	145	return;
	146	}
	147
	148	static inline void selinux_task_ctxid(struct task_struct tsk, u32 ctxid)
	149	{
	150	*ctxid = 0;
	151	}
	152
	153	static inline int selinux_ctxid_to_string(u32 ctxid, char *ctx, u32 ctxlen)
	154	{
	155	*ctx = NULL;
	156	*ctxlen = 0;
	157	return 0;
	158	}
	159
	160	static inline void selinux_get_inode_sid(const struct inode inode, u32 sid)
	161	{
	162	*sid = 0;
	163	}
	164
	165	static inline void selinux_get_ipc_sid(const struct kern_ipc_perm ipcp, u32 sid)
	166	{
	167	*sid = 0;
	168	}
	169
	170	static inline void selinux_get_task_sid(struct task_struct tsk, u32 sid)
	171	{
	172	*sid = 0;
	173	}
	174
	175	#endif /* CONFIG_SECURITY_SELINUX */
	176
	177	#endif /* _LINUX_SELINUX_H */