aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include/avc.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/include/avc.h')
-rw-r--r--security/selinux/include/avc.h49
1 files changed, 44 insertions, 5 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index e94e82f73818..ae4c3a0e2c1a 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -13,7 +13,6 @@
13#include <linux/spinlock.h> 13#include <linux/spinlock.h>
14#include <linux/init.h> 14#include <linux/init.h>
15#include <linux/audit.h> 15#include <linux/audit.h>
16#include <linux/lsm_audit.h>
17#include <linux/in6.h> 16#include <linux/in6.h>
18#include <linux/path.h> 17#include <linux/path.h>
19#include <asm/system.h> 18#include <asm/system.h>
@@ -37,6 +36,48 @@ struct inode;
37struct sock; 36struct sock;
38struct sk_buff; 37struct sk_buff;
39 38
39/* Auxiliary data to use in generating the audit record. */
40struct avc_audit_data {
41 char type;
42#define AVC_AUDIT_DATA_FS 1
43#define AVC_AUDIT_DATA_NET 2
44#define AVC_AUDIT_DATA_CAP 3
45#define AVC_AUDIT_DATA_IPC 4
46 struct task_struct *tsk;
47 union {
48 struct {
49 struct path path;
50 struct inode *inode;
51 } fs;
52 struct {
53 int netif;
54 struct sock *sk;
55 u16 family;
56 __be16 dport;
57 __be16 sport;
58 union {
59 struct {
60 __be32 daddr;
61 __be32 saddr;
62 } v4;
63 struct {
64 struct in6_addr daddr;
65 struct in6_addr saddr;
66 } v6;
67 } fam;
68 } net;
69 int cap;
70 int ipc_id;
71 } u;
72};
73
74#define v4info fam.v4
75#define v6info fam.v6
76
77/* Initialize an AVC audit data structure. */
78#define AVC_AUDIT_DATA_INIT(_d,_t) \
79 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
80
40/* 81/*
41 * AVC statistics 82 * AVC statistics
42 */ 83 */
@@ -57,9 +98,7 @@ void __init avc_init(void);
57 98
58void avc_audit(u32 ssid, u32 tsid, 99void avc_audit(u32 ssid, u32 tsid,
59 u16 tclass, u32 requested, 100 u16 tclass, u32 requested,
60 struct av_decision *avd, 101 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
61 int result,
62 struct common_audit_data *a);
63 102
64#define AVC_STRICT 1 /* Ignore permissive mode. */ 103#define AVC_STRICT 1 /* Ignore permissive mode. */
65int avc_has_perm_noaudit(u32 ssid, u32 tsid, 104int avc_has_perm_noaudit(u32 ssid, u32 tsid,
@@ -69,7 +108,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
69 108
70int avc_has_perm(u32 ssid, u32 tsid, 109int avc_has_perm(u32 ssid, u32 tsid,
71 u16 tclass, u32 requested, 110 u16 tclass, u32 requested,
72 struct common_audit_data *auditdata); 111 struct avc_audit_data *auditdata);
73 112
74u32 avc_policy_seqno(void); 113u32 avc_policy_seqno(void);
75 114