diff options
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 22 | ||||
-rw-r--r-- | include/linux/fs_uart_pd.h | 60 | ||||
-rw-r--r-- | include/linux/list.h | 2 | ||||
-rw-r--r-- | include/linux/mmc/card.h | 1 | ||||
-rw-r--r-- | include/linux/netfilter/x_tables.h | 8 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h | 2 | ||||
-rw-r--r-- | include/linux/netlink.h | 1 | ||||
-rw-r--r-- | include/linux/pipe_fs_i.h | 30 | ||||
-rw-r--r-- | include/linux/security.h | 16 | ||||
-rw-r--r-- | include/linux/selinux.h | 177 |
10 files changed, 290 insertions, 29 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 319975532943..14259f6db5bc 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -82,6 +82,7 @@ | |||
82 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ | 82 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ |
83 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ | 83 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ |
84 | #define AUDIT_CWD 1307 /* Current working directory */ | 84 | #define AUDIT_CWD 1307 /* Current working directory */ |
85 | #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */ | ||
85 | 86 | ||
86 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 87 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
87 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 88 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -144,6 +145,11 @@ | |||
144 | #define AUDIT_PERS 10 | 145 | #define AUDIT_PERS 10 |
145 | #define AUDIT_ARCH 11 | 146 | #define AUDIT_ARCH 11 |
146 | #define AUDIT_MSGTYPE 12 | 147 | #define AUDIT_MSGTYPE 12 |
148 | #define AUDIT_SE_USER 13 /* security label user */ | ||
149 | #define AUDIT_SE_ROLE 14 /* security label role */ | ||
150 | #define AUDIT_SE_TYPE 15 /* security label type */ | ||
151 | #define AUDIT_SE_SEN 16 /* security label sensitivity label */ | ||
152 | #define AUDIT_SE_CLR 17 /* security label clearance label */ | ||
147 | 153 | ||
148 | /* These are ONLY useful when checking | 154 | /* These are ONLY useful when checking |
149 | * at syscall exit time (AUDIT_AT_EXIT). */ | 155 | * at syscall exit time (AUDIT_AT_EXIT). */ |
@@ -287,10 +293,10 @@ struct netlink_skb_parms; | |||
287 | /* Public API */ | 293 | /* Public API */ |
288 | extern int audit_alloc(struct task_struct *task); | 294 | extern int audit_alloc(struct task_struct *task); |
289 | extern void audit_free(struct task_struct *task); | 295 | extern void audit_free(struct task_struct *task); |
290 | extern void audit_syscall_entry(struct task_struct *task, int arch, | 296 | extern void audit_syscall_entry(int arch, |
291 | int major, unsigned long a0, unsigned long a1, | 297 | int major, unsigned long a0, unsigned long a1, |
292 | unsigned long a2, unsigned long a3); | 298 | unsigned long a2, unsigned long a3); |
293 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); | 299 | extern void audit_syscall_exit(int failed, long return_code); |
294 | extern void audit_getname(const char *name); | 300 | extern void audit_getname(const char *name); |
295 | extern void audit_putname(const char *name); | 301 | extern void audit_putname(const char *name); |
296 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); | 302 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); |
@@ -314,7 +320,8 @@ extern void auditsc_get_stamp(struct audit_context *ctx, | |||
314 | struct timespec *t, unsigned int *serial); | 320 | struct timespec *t, unsigned int *serial); |
315 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 321 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
316 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 322 | extern uid_t audit_get_loginuid(struct audit_context *ctx); |
317 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); | 323 | extern int audit_ipc_obj(struct kern_ipc_perm *ipcp); |
324 | extern int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); | ||
318 | extern int audit_socketcall(int nargs, unsigned long *args); | 325 | extern int audit_socketcall(int nargs, unsigned long *args); |
319 | extern int audit_sockaddr(int len, void *addr); | 326 | extern int audit_sockaddr(int len, void *addr); |
320 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 327 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
@@ -323,8 +330,8 @@ extern int audit_set_macxattr(const char *name); | |||
323 | #else | 330 | #else |
324 | #define audit_alloc(t) ({ 0; }) | 331 | #define audit_alloc(t) ({ 0; }) |
325 | #define audit_free(t) do { ; } while (0) | 332 | #define audit_free(t) do { ; } while (0) |
326 | #define audit_syscall_entry(t,ta,a,b,c,d,e) do { ; } while (0) | 333 | #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) |
327 | #define audit_syscall_exit(t,f,r) do { ; } while (0) | 334 | #define audit_syscall_exit(f,r) do { ; } while (0) |
328 | #define audit_getname(n) do { ; } while (0) | 335 | #define audit_getname(n) do { ; } while (0) |
329 | #define audit_putname(n) do { ; } while (0) | 336 | #define audit_putname(n) do { ; } while (0) |
330 | #define __audit_inode(n,i,f) do { ; } while (0) | 337 | #define __audit_inode(n,i,f) do { ; } while (0) |
@@ -333,7 +340,8 @@ extern int audit_set_macxattr(const char *name); | |||
333 | #define audit_inode_child(d,i,p) do { ; } while (0) | 340 | #define audit_inode_child(d,i,p) do { ; } while (0) |
334 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 341 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
335 | #define audit_get_loginuid(c) ({ -1; }) | 342 | #define audit_get_loginuid(c) ({ -1; }) |
336 | #define audit_ipc_perms(q,u,g,m,i) ({ 0; }) | 343 | #define audit_ipc_obj(i) ({ 0; }) |
344 | #define audit_ipc_set_perm(q,u,g,m,i) ({ 0; }) | ||
337 | #define audit_socketcall(n,a) ({ 0; }) | 345 | #define audit_socketcall(n,a) ({ 0; }) |
338 | #define audit_sockaddr(len, addr) ({ 0; }) | 346 | #define audit_sockaddr(len, addr) ({ 0; }) |
339 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 347 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
@@ -366,7 +374,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
366 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 374 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
367 | extern int audit_filter_type(int type); | 375 | extern int audit_filter_type(int type); |
368 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 376 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
369 | void *data, size_t datasz, uid_t loginuid); | 377 | void *data, size_t datasz, uid_t loginuid, u32 sid); |
370 | #else | 378 | #else |
371 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 379 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
372 | #define audit_log_start(c,g,t) ({ NULL; }) | 380 | #define audit_log_start(c,g,t) ({ NULL; }) |
diff --git a/include/linux/fs_uart_pd.h b/include/linux/fs_uart_pd.h new file mode 100644 index 000000000000..f5975126b712 --- /dev/null +++ b/include/linux/fs_uart_pd.h | |||
@@ -0,0 +1,60 @@ | |||
1 | /* | ||
2 | * Platform information definitions for the CPM Uart driver. | ||
3 | * | ||
4 | * 2006 (c) MontaVista Software, Inc. | ||
5 | * Vitaly Bordug <vbordug@ru.mvista.com> | ||
6 | * | ||
7 | * This file is licensed under the terms of the GNU General Public License | ||
8 | * version 2. This program is licensed "as is" without any warranty of any | ||
9 | * kind, whether express or implied. | ||
10 | */ | ||
11 | |||
12 | #ifndef FS_UART_PD_H | ||
13 | #define FS_UART_PD_H | ||
14 | |||
15 | #include <linux/version.h> | ||
16 | #include <asm/types.h> | ||
17 | |||
18 | enum fs_uart_id { | ||
19 | fsid_smc1_uart, | ||
20 | fsid_smc2_uart, | ||
21 | fsid_scc1_uart, | ||
22 | fsid_scc2_uart, | ||
23 | fsid_scc3_uart, | ||
24 | fsid_scc4_uart, | ||
25 | fs_uart_nr, | ||
26 | }; | ||
27 | |||
28 | static inline int fs_uart_id_scc2fsid(int id) | ||
29 | { | ||
30 | return fsid_scc1_uart + id - 1; | ||
31 | } | ||
32 | |||
33 | static inline int fs_uart_id_fsid2scc(int id) | ||
34 | { | ||
35 | return id - fsid_scc1_uart + 1; | ||
36 | } | ||
37 | |||
38 | static inline int fs_uart_id_smc2fsid(int id) | ||
39 | { | ||
40 | return fsid_smc1_uart + id - 1; | ||
41 | } | ||
42 | |||
43 | static inline int fs_uart_id_fsid2smc(int id) | ||
44 | { | ||
45 | return id - fsid_smc1_uart + 1; | ||
46 | } | ||
47 | |||
48 | struct fs_uart_platform_info { | ||
49 | void(*init_ioports)(void); | ||
50 | /* device specific information */ | ||
51 | int fs_no; /* controller index */ | ||
52 | u32 uart_clk; | ||
53 | u8 tx_num_fifo; | ||
54 | u8 tx_buf_size; | ||
55 | u8 rx_num_fifo; | ||
56 | u8 rx_buf_size; | ||
57 | u8 brg; | ||
58 | }; | ||
59 | |||
60 | #endif | ||
diff --git a/include/linux/list.h b/include/linux/list.h index 67258b47e9ca..76f05718342c 100644 --- a/include/linux/list.h +++ b/include/linux/list.h | |||
@@ -619,7 +619,7 @@ static inline void hlist_del_rcu(struct hlist_node *n) | |||
619 | 619 | ||
620 | static inline void hlist_del_init(struct hlist_node *n) | 620 | static inline void hlist_del_init(struct hlist_node *n) |
621 | { | 621 | { |
622 | if (n->pprev) { | 622 | if (!hlist_unhashed(n)) { |
623 | __hlist_del(n); | 623 | __hlist_del(n); |
624 | INIT_HLIST_NODE(n); | 624 | INIT_HLIST_NODE(n); |
625 | } | 625 | } |
diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index 30dd978c1ec8..991a37382a22 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h | |||
@@ -28,6 +28,7 @@ struct mmc_csd { | |||
28 | unsigned short cmdclass; | 28 | unsigned short cmdclass; |
29 | unsigned short tacc_clks; | 29 | unsigned short tacc_clks; |
30 | unsigned int tacc_ns; | 30 | unsigned int tacc_ns; |
31 | unsigned int r2w_factor; | ||
31 | unsigned int max_dtr; | 32 | unsigned int max_dtr; |
32 | unsigned int read_blkbits; | 33 | unsigned int read_blkbits; |
33 | unsigned int write_blkbits; | 34 | unsigned int write_blkbits; |
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 38701454e197..48cc32d83f77 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
@@ -337,6 +337,10 @@ struct compat_xt_entry_match | |||
337 | char name[XT_FUNCTION_MAXNAMELEN - 1]; | 337 | char name[XT_FUNCTION_MAXNAMELEN - 1]; |
338 | u_int8_t revision; | 338 | u_int8_t revision; |
339 | } user; | 339 | } user; |
340 | struct { | ||
341 | u_int16_t match_size; | ||
342 | compat_uptr_t match; | ||
343 | } kernel; | ||
340 | u_int16_t match_size; | 344 | u_int16_t match_size; |
341 | } u; | 345 | } u; |
342 | unsigned char data[0]; | 346 | unsigned char data[0]; |
@@ -350,6 +354,10 @@ struct compat_xt_entry_target | |||
350 | char name[XT_FUNCTION_MAXNAMELEN - 1]; | 354 | char name[XT_FUNCTION_MAXNAMELEN - 1]; |
351 | u_int8_t revision; | 355 | u_int8_t revision; |
352 | } user; | 356 | } user; |
357 | struct { | ||
358 | u_int16_t target_size; | ||
359 | compat_uptr_t target; | ||
360 | } kernel; | ||
353 | u_int16_t target_size; | 361 | u_int16_t target_size; |
354 | } u; | 362 | } u; |
355 | unsigned char data[0]; | 363 | unsigned char data[0]; |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h b/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h index 0bd828081c0c..c6e9a0b6d30b 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h | |||
@@ -2,7 +2,7 @@ | |||
2 | * ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323 | 2 | * ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323 |
3 | * conntrack/NAT module. | 3 | * conntrack/NAT module. |
4 | * | 4 | * |
5 | * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com> | 5 | * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@users.sourceforge.net> |
6 | * | 6 | * |
7 | * This source code is licensed under General Public License version 2. | 7 | * This source code is licensed under General Public License version 2. |
8 | * | 8 | * |
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index f8f3d1c927f8..87b8a5703ebc 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h | |||
@@ -143,6 +143,7 @@ struct netlink_skb_parms | |||
143 | __u32 dst_group; | 143 | __u32 dst_group; |
144 | kernel_cap_t eff_cap; | 144 | kernel_cap_t eff_cap; |
145 | __u32 loginuid; /* Login (audit) uid */ | 145 | __u32 loginuid; /* Login (audit) uid */ |
146 | __u32 sid; /* SELinux security id */ | ||
146 | }; | 147 | }; |
147 | 148 | ||
148 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) | 149 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) |
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index 0008d4bd4059..ea4f7cd7bfd8 100644 --- a/include/linux/pipe_fs_i.h +++ b/include/linux/pipe_fs_i.h | |||
@@ -5,8 +5,9 @@ | |||
5 | 5 | ||
6 | #define PIPE_BUFFERS (16) | 6 | #define PIPE_BUFFERS (16) |
7 | 7 | ||
8 | #define PIPE_BUF_FLAG_STOLEN 0x01 | 8 | #define PIPE_BUF_FLAG_LRU 0x01 /* page is on the LRU */ |
9 | #define PIPE_BUF_FLAG_LRU 0x02 | 9 | #define PIPE_BUF_FLAG_ATOMIC 0x02 /* was atomically mapped */ |
10 | #define PIPE_BUF_FLAG_GIFT 0x04 /* page is a gift */ | ||
10 | 11 | ||
11 | struct pipe_buffer { | 12 | struct pipe_buffer { |
12 | struct page *page; | 13 | struct page *page; |
@@ -15,10 +16,23 @@ struct pipe_buffer { | |||
15 | unsigned int flags; | 16 | unsigned int flags; |
16 | }; | 17 | }; |
17 | 18 | ||
19 | /* | ||
20 | * Note on the nesting of these functions: | ||
21 | * | ||
22 | * ->pin() | ||
23 | * ->steal() | ||
24 | * ... | ||
25 | * ->map() | ||
26 | * ... | ||
27 | * ->unmap() | ||
28 | * | ||
29 | * That is, ->map() must be called on a pinned buffer, same goes for ->steal(). | ||
30 | */ | ||
18 | struct pipe_buf_operations { | 31 | struct pipe_buf_operations { |
19 | int can_merge; | 32 | int can_merge; |
20 | void * (*map)(struct file *, struct pipe_inode_info *, struct pipe_buffer *); | 33 | void * (*map)(struct pipe_inode_info *, struct pipe_buffer *, int); |
21 | void (*unmap)(struct pipe_inode_info *, struct pipe_buffer *); | 34 | void (*unmap)(struct pipe_inode_info *, struct pipe_buffer *, void *); |
35 | int (*pin)(struct pipe_inode_info *, struct pipe_buffer *); | ||
22 | void (*release)(struct pipe_inode_info *, struct pipe_buffer *); | 36 | void (*release)(struct pipe_inode_info *, struct pipe_buffer *); |
23 | int (*steal)(struct pipe_inode_info *, struct pipe_buffer *); | 37 | int (*steal)(struct pipe_inode_info *, struct pipe_buffer *); |
24 | void (*get)(struct pipe_inode_info *, struct pipe_buffer *); | 38 | void (*get)(struct pipe_inode_info *, struct pipe_buffer *); |
@@ -51,6 +65,13 @@ struct pipe_inode_info * alloc_pipe_info(struct inode * inode); | |||
51 | void free_pipe_info(struct inode * inode); | 65 | void free_pipe_info(struct inode * inode); |
52 | void __free_pipe_info(struct pipe_inode_info *); | 66 | void __free_pipe_info(struct pipe_inode_info *); |
53 | 67 | ||
68 | /* Generic pipe buffer ops functions */ | ||
69 | void *generic_pipe_buf_map(struct pipe_inode_info *, struct pipe_buffer *, int); | ||
70 | void generic_pipe_buf_unmap(struct pipe_inode_info *, struct pipe_buffer *, void *); | ||
71 | void generic_pipe_buf_get(struct pipe_inode_info *, struct pipe_buffer *); | ||
72 | int generic_pipe_buf_pin(struct pipe_inode_info *, struct pipe_buffer *); | ||
73 | int generic_pipe_buf_steal(struct pipe_inode_info *, struct pipe_buffer *); | ||
74 | |||
54 | /* | 75 | /* |
55 | * splice is tied to pipes as a transport (at least for now), so we'll just | 76 | * splice is tied to pipes as a transport (at least for now), so we'll just |
56 | * add the splice flags here. | 77 | * add the splice flags here. |
@@ -60,6 +81,7 @@ void __free_pipe_info(struct pipe_inode_info *); | |||
60 | /* we may still block on the fd we splice */ | 81 | /* we may still block on the fd we splice */ |
61 | /* from/to, of course */ | 82 | /* from/to, of course */ |
62 | #define SPLICE_F_MORE (0x04) /* expect more data */ | 83 | #define SPLICE_F_MORE (0x04) /* expect more data */ |
84 | #define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */ | ||
63 | 85 | ||
64 | /* | 86 | /* |
65 | * Passed to the actors | 87 | * Passed to the actors |
diff --git a/include/linux/security.h b/include/linux/security.h index aaa0a5cdbf75..1bab48f6aeac 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -869,11 +869,6 @@ struct swap_info_struct; | |||
869 | * @ipcp contains the kernel IPC permission structure | 869 | * @ipcp contains the kernel IPC permission structure |
870 | * @flag contains the desired (requested) permission set | 870 | * @flag contains the desired (requested) permission set |
871 | * Return 0 if permission is granted. | 871 | * Return 0 if permission is granted. |
872 | * @ipc_getsecurity: | ||
873 | * Copy the security label associated with the ipc object into | ||
874 | * @buffer. @buffer may be NULL to request the size of the buffer | ||
875 | * required. @size indicates the size of @buffer in bytes. Return | ||
876 | * number of bytes used/required on success. | ||
877 | * | 872 | * |
878 | * Security hooks for individual messages held in System V IPC message queues | 873 | * Security hooks for individual messages held in System V IPC message queues |
879 | * @msg_msg_alloc_security: | 874 | * @msg_msg_alloc_security: |
@@ -1223,7 +1218,6 @@ struct security_operations { | |||
1223 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1218 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
1224 | 1219 | ||
1225 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1220 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
1226 | int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size); | ||
1227 | 1221 | ||
1228 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1222 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
1229 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1223 | void (*msg_msg_free_security) (struct msg_msg * msg); |
@@ -1887,11 +1881,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
1887 | return security_ops->ipc_permission (ipcp, flag); | 1881 | return security_ops->ipc_permission (ipcp, flag); |
1888 | } | 1882 | } |
1889 | 1883 | ||
1890 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
1891 | { | ||
1892 | return security_ops->ipc_getsecurity(ipcp, buffer, size); | ||
1893 | } | ||
1894 | |||
1895 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 1884 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
1896 | { | 1885 | { |
1897 | return security_ops->msg_msg_alloc_security (msg); | 1886 | return security_ops->msg_msg_alloc_security (msg); |
@@ -2532,11 +2521,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
2532 | return 0; | 2521 | return 0; |
2533 | } | 2522 | } |
2534 | 2523 | ||
2535 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
2536 | { | ||
2537 | return -EOPNOTSUPP; | ||
2538 | } | ||
2539 | |||
2540 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2524 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
2541 | { | 2525 | { |
2542 | return 0; | 2526 | return 0; |
diff --git a/include/linux/selinux.h b/include/linux/selinux.h new file mode 100644 index 000000000000..4047bcde4484 --- /dev/null +++ b/include/linux/selinux.h | |||
@@ -0,0 +1,177 @@ | |||
1 | /* | ||
2 | * SELinux services exported to the rest of the kernel. | ||
3 | * | ||
4 | * Author: James Morris <jmorris@redhat.com> | ||
5 | * | ||
6 | * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> | ||
7 | * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | ||
8 | * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify | ||
11 | * it under the terms of the GNU General Public License version 2, | ||
12 | * as published by the Free Software Foundation. | ||
13 | */ | ||
14 | #ifndef _LINUX_SELINUX_H | ||
15 | #define _LINUX_SELINUX_H | ||
16 | |||
17 | struct selinux_audit_rule; | ||
18 | struct audit_context; | ||
19 | struct inode; | ||
20 | struct kern_ipc_perm; | ||
21 | |||
22 | #ifdef CONFIG_SECURITY_SELINUX | ||
23 | |||
24 | /** | ||
25 | * selinux_audit_rule_init - alloc/init an selinux audit rule structure. | ||
26 | * @field: the field this rule refers to | ||
27 | * @op: the operater the rule uses | ||
28 | * @rulestr: the text "target" of the rule | ||
29 | * @rule: pointer to the new rule structure returned via this | ||
30 | * | ||
31 | * Returns 0 if successful, -errno if not. On success, the rule structure | ||
32 | * will be allocated internally. The caller must free this structure with | ||
33 | * selinux_audit_rule_free() after use. | ||
34 | */ | ||
35 | int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
36 | struct selinux_audit_rule **rule); | ||
37 | |||
38 | /** | ||
39 | * selinux_audit_rule_free - free an selinux audit rule structure. | ||
40 | * @rule: pointer to the audit rule to be freed | ||
41 | * | ||
42 | * This will free all memory associated with the given rule. | ||
43 | * If @rule is NULL, no operation is performed. | ||
44 | */ | ||
45 | void selinux_audit_rule_free(struct selinux_audit_rule *rule); | ||
46 | |||
47 | /** | ||
48 | * selinux_audit_rule_match - determine if a context ID matches a rule. | ||
49 | * @ctxid: the context ID to check | ||
50 | * @field: the field this rule refers to | ||
51 | * @op: the operater the rule uses | ||
52 | * @rule: pointer to the audit rule to check against | ||
53 | * @actx: the audit context (can be NULL) associated with the check | ||
54 | * | ||
55 | * Returns 1 if the context id matches the rule, 0 if it does not, and | ||
56 | * -errno on failure. | ||
57 | */ | ||
58 | int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | ||
59 | struct selinux_audit_rule *rule, | ||
60 | struct audit_context *actx); | ||
61 | |||
62 | /** | ||
63 | * selinux_audit_set_callback - set the callback for policy reloads. | ||
64 | * @callback: the function to call when the policy is reloaded | ||
65 | * | ||
66 | * This sets the function callback function that will update the rules | ||
67 | * upon policy reloads. This callback should rebuild all existing rules | ||
68 | * using selinux_audit_rule_init(). | ||
69 | */ | ||
70 | void selinux_audit_set_callback(int (*callback)(void)); | ||
71 | |||
72 | /** | ||
73 | * selinux_task_ctxid - determine a context ID for a process. | ||
74 | * @tsk: the task object | ||
75 | * @ctxid: ID value returned via this | ||
76 | * | ||
77 | * On return, ctxid will contain an ID for the context. This value | ||
78 | * should only be used opaquely. | ||
79 | */ | ||
80 | void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid); | ||
81 | |||
82 | /** | ||
83 | * selinux_ctxid_to_string - map a security context ID to a string | ||
84 | * @ctxid: security context ID to be converted. | ||
85 | * @ctx: address of context string to be returned | ||
86 | * @ctxlen: length of returned context string. | ||
87 | * | ||
88 | * Returns 0 if successful, -errno if not. On success, the context | ||
89 | * string will be allocated internally, and the caller must call | ||
90 | * kfree() on it after use. | ||
91 | */ | ||
92 | int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen); | ||
93 | |||
94 | /** | ||
95 | * selinux_get_inode_sid - get the inode's security context ID | ||
96 | * @inode: inode structure to get the sid from. | ||
97 | * @sid: pointer to security context ID to be filled in. | ||
98 | * | ||
99 | * Returns nothing | ||
100 | */ | ||
101 | void selinux_get_inode_sid(const struct inode *inode, u32 *sid); | ||
102 | |||
103 | /** | ||
104 | * selinux_get_ipc_sid - get the ipc security context ID | ||
105 | * @ipcp: ipc structure to get the sid from. | ||
106 | * @sid: pointer to security context ID to be filled in. | ||
107 | * | ||
108 | * Returns nothing | ||
109 | */ | ||
110 | void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid); | ||
111 | |||
112 | /** | ||
113 | * selinux_get_task_sid - return the SID of task | ||
114 | * @tsk: the task whose SID will be returned | ||
115 | * @sid: pointer to security context ID to be filled in. | ||
116 | * | ||
117 | * Returns nothing | ||
118 | */ | ||
119 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); | ||
120 | |||
121 | |||
122 | #else | ||
123 | |||
124 | static inline int selinux_audit_rule_init(u32 field, u32 op, | ||
125 | char *rulestr, | ||
126 | struct selinux_audit_rule **rule) | ||
127 | { | ||
128 | return -ENOTSUPP; | ||
129 | } | ||
130 | |||
131 | static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) | ||
132 | { | ||
133 | return; | ||
134 | } | ||
135 | |||
136 | static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | ||
137 | struct selinux_audit_rule *rule, | ||
138 | struct audit_context *actx) | ||
139 | { | ||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | static inline void selinux_audit_set_callback(int (*callback)(void)) | ||
144 | { | ||
145 | return; | ||
146 | } | ||
147 | |||
148 | static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid) | ||
149 | { | ||
150 | *ctxid = 0; | ||
151 | } | ||
152 | |||
153 | static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen) | ||
154 | { | ||
155 | *ctx = NULL; | ||
156 | *ctxlen = 0; | ||
157 | return 0; | ||
158 | } | ||
159 | |||
160 | static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | ||
161 | { | ||
162 | *sid = 0; | ||
163 | } | ||
164 | |||
165 | static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid) | ||
166 | { | ||
167 | *sid = 0; | ||
168 | } | ||
169 | |||
170 | static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid) | ||
171 | { | ||
172 | *sid = 0; | ||
173 | } | ||
174 | |||
175 | #endif /* CONFIG_SECURITY_SELINUX */ | ||
176 | |||
177 | #endif /* _LINUX_SELINUX_H */ | ||