diff options
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 39337afffec2..23137c17f917 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -25,13 +25,14 @@ | |||
| 25 | #define POLICYDB_VERSION_MLS 19 | 25 | #define POLICYDB_VERSION_MLS 19 |
| 26 | #define POLICYDB_VERSION_AVTAB 20 | 26 | #define POLICYDB_VERSION_AVTAB 20 |
| 27 | #define POLICYDB_VERSION_RANGETRANS 21 | 27 | #define POLICYDB_VERSION_RANGETRANS 21 |
| 28 | #define POLICYDB_VERSION_POLCAP 22 | ||
| 28 | 29 | ||
| 29 | /* Range of policy versions we understand*/ | 30 | /* Range of policy versions we understand*/ |
| 30 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE | 31 | #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE |
| 31 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX | 32 | #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX |
| 32 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE | 33 | #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE |
| 33 | #else | 34 | #else |
| 34 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS | 35 | #define POLICYDB_VERSION_MAX POLICYDB_VERSION_POLCAP |
| 35 | #endif | 36 | #endif |
| 36 | 37 | ||
| 37 | struct netlbl_lsm_secattr; | 38 | struct netlbl_lsm_secattr; |
| @@ -39,8 +40,19 @@ struct netlbl_lsm_secattr; | |||
| 39 | extern int selinux_enabled; | 40 | extern int selinux_enabled; |
| 40 | extern int selinux_mls_enabled; | 41 | extern int selinux_mls_enabled; |
| 41 | 42 | ||
| 43 | /* Policy capabilities */ | ||
| 44 | enum { | ||
| 45 | POLICYDB_CAPABILITY_NETPEER, | ||
| 46 | __POLICYDB_CAPABILITY_MAX | ||
| 47 | }; | ||
| 48 | #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) | ||
| 49 | |||
| 50 | extern int selinux_policycap_netpeer; | ||
| 51 | |||
| 42 | int security_load_policy(void * data, size_t len); | 52 | int security_load_policy(void * data, size_t len); |
| 43 | 53 | ||
| 54 | int security_policycap_supported(unsigned int req_cap); | ||
| 55 | |||
| 44 | #define SEL_VEC_MAX 32 | 56 | #define SEL_VEC_MAX 32 |
| 45 | struct av_decision { | 57 | struct av_decision { |
| 46 | u32 allowed; | 58 | u32 allowed; |
| @@ -77,8 +89,7 @@ int security_get_user_sids(u32 callsid, char *username, | |||
| 77 | int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, | 89 | int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, |
| 78 | u32 *out_sid); | 90 | u32 *out_sid); |
| 79 | 91 | ||
| 80 | int security_netif_sid(char *name, u32 *if_sid, | 92 | int security_netif_sid(char *name, u32 *if_sid); |
| 81 | u32 *msg_sid); | ||
| 82 | 93 | ||
| 83 | int security_node_sid(u16 domain, void *addr, u32 addrlen, | 94 | int security_node_sid(u16 domain, void *addr, u32 addrlen, |
| 84 | u32 *out_sid); | 95 | u32 *out_sid); |
| @@ -88,10 +99,15 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
| 88 | 99 | ||
| 89 | int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); | 100 | int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); |
| 90 | 101 | ||
| 102 | int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | ||
| 103 | u32 xfrm_sid, | ||
| 104 | u32 *peer_sid); | ||
| 105 | |||
| 91 | int security_get_classes(char ***classes, int *nclasses); | 106 | int security_get_classes(char ***classes, int *nclasses); |
| 92 | int security_get_permissions(char *class, char ***perms, int *nperms); | 107 | int security_get_permissions(char *class, char ***perms, int *nperms); |
| 93 | int security_get_reject_unknown(void); | 108 | int security_get_reject_unknown(void); |
| 94 | int security_get_allow_unknown(void); | 109 | int security_get_allow_unknown(void); |
| 110 | int security_get_policycaps(int *len, int **values); | ||
| 95 | 111 | ||
| 96 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ | 112 | #define SECURITY_FS_USE_XATTR 1 /* use xattr */ |
| 97 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ | 113 | #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |
| @@ -108,7 +124,6 @@ int security_genfs_sid(const char *fstype, char *name, u16 sclass, | |||
| 108 | 124 | ||
| 109 | #ifdef CONFIG_NETLABEL | 125 | #ifdef CONFIG_NETLABEL |
| 110 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | 126 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, |
| 111 | u32 base_sid, | ||
| 112 | u32 *sid); | 127 | u32 *sid); |
| 113 | 128 | ||
| 114 | int security_netlbl_sid_to_secattr(u32 sid, | 129 | int security_netlbl_sid_to_secattr(u32 sid, |
| @@ -116,7 +131,6 @@ int security_netlbl_sid_to_secattr(u32 sid, | |||
| 116 | #else | 131 | #else |
| 117 | static inline int security_netlbl_secattr_to_sid( | 132 | static inline int security_netlbl_secattr_to_sid( |
| 118 | struct netlbl_lsm_secattr *secattr, | 133 | struct netlbl_lsm_secattr *secattr, |
| 119 | u32 base_sid, | ||
| 120 | u32 *sid) | 134 | u32 *sid) |
| 121 | { | 135 | { |
| 122 | return -EIDRM; | 136 | return -EIDRM; |