diff options
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 8fd8e18ea340..fe341ae37004 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -45,14 +45,15 @@ | |||
| 45 | /* Mask for just the mount related flags */ | 45 | /* Mask for just the mount related flags */ |
| 46 | #define SE_MNTMASK 0x0f | 46 | #define SE_MNTMASK 0x0f |
| 47 | /* Super block security struct flags for mount options */ | 47 | /* Super block security struct flags for mount options */ |
| 48 | /* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */ | ||
| 48 | #define CONTEXT_MNT 0x01 | 49 | #define CONTEXT_MNT 0x01 |
| 49 | #define FSCONTEXT_MNT 0x02 | 50 | #define FSCONTEXT_MNT 0x02 |
| 50 | #define ROOTCONTEXT_MNT 0x04 | 51 | #define ROOTCONTEXT_MNT 0x04 |
| 51 | #define DEFCONTEXT_MNT 0x08 | 52 | #define DEFCONTEXT_MNT 0x08 |
| 53 | #define SBLABEL_MNT 0x10 | ||
| 52 | /* Non-mount related flags */ | 54 | /* Non-mount related flags */ |
| 53 | #define SE_SBINITIALIZED 0x10 | 55 | #define SE_SBINITIALIZED 0x0100 |
| 54 | #define SE_SBPROC 0x20 | 56 | #define SE_SBPROC 0x0200 |
| 55 | #define SE_SBLABELSUPP 0x40 | ||
| 56 | 57 | ||
| 57 | #define CONTEXT_STR "context=" | 58 | #define CONTEXT_STR "context=" |
| 58 | #define FSCONTEXT_STR "fscontext=" | 59 | #define FSCONTEXT_STR "fscontext=" |
| @@ -68,12 +69,15 @@ extern int selinux_enabled; | |||
| 68 | enum { | 69 | enum { |
| 69 | POLICYDB_CAPABILITY_NETPEER, | 70 | POLICYDB_CAPABILITY_NETPEER, |
| 70 | POLICYDB_CAPABILITY_OPENPERM, | 71 | POLICYDB_CAPABILITY_OPENPERM, |
| 72 | POLICYDB_CAPABILITY_REDHAT1, | ||
| 73 | POLICYDB_CAPABILITY_ALWAYSNETWORK, | ||
| 71 | __POLICYDB_CAPABILITY_MAX | 74 | __POLICYDB_CAPABILITY_MAX |
| 72 | }; | 75 | }; |
| 73 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) | 76 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) |
| 74 | 77 | ||
| 75 | extern int selinux_policycap_netpeer; | 78 | extern int selinux_policycap_netpeer; |
| 76 | extern int selinux_policycap_openperm; | 79 | extern int selinux_policycap_openperm; |
| 80 | extern int selinux_policycap_alwaysnetwork; | ||
| 77 | 81 | ||
| 78 | /* | 82 | /* |
| 79 | * type_datum properties | 83 | * type_datum properties |
| @@ -172,8 +176,7 @@ int security_get_allow_unknown(void); | |||
| 172 | #define SECURITY_FS_USE_NATIVE 7 /* use native label support */ | 176 | #define SECURITY_FS_USE_NATIVE 7 /* use native label support */ |
| 173 | #define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */ | 177 | #define SECURITY_FS_USE_MAX 7 /* Highest SECURITY_FS_USE_XXX */ |
| 174 | 178 | ||
| 175 | int security_fs_use(const char *fstype, unsigned int *behavior, | 179 | int security_fs_use(struct super_block *sb); |
| 176 | u32 *sid); | ||
| 177 | 180 | ||
| 178 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, | 181 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, |
| 179 | u32 *sid); | 182 | u32 *sid); |