aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/audit.h4
-rw-r--r--security/selinux/include/avc.h15
-rw-r--r--security/selinux/include/objsec.h1
-rw-r--r--security/selinux/include/security.h7
4 files changed, 15 insertions, 12 deletions
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h
index 6c8b9ef15579..1bdf973433cc 100644
--- a/security/selinux/include/audit.h
+++ b/security/selinux/include/audit.h
@@ -1,7 +1,7 @@
1/* 1/*
2 * SELinux support for the Audit LSM hooks 2 * SELinux support for the Audit LSM hooks
3 * 3 *
4 * Most of below header was moved from include/linux/selinux.h which 4 * Most of below header was moved from include/linux/selinux.h which
5 * is released under below copyrights: 5 * is released under below copyrights:
6 * 6 *
7 * Author: James Morris <jmorris@redhat.com> 7 * Author: James Morris <jmorris@redhat.com>
@@ -52,7 +52,7 @@ void selinux_audit_rule_free(void *rule);
52 * -errno on failure. 52 * -errno on failure.
53 */ 53 */
54int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, 54int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
55 struct audit_context *actx); 55 struct audit_context *actx);
56 56
57/** 57/**
58 * selinux_audit_rule_known - check to see if rule contains selinux fields. 58 * selinux_audit_rule_known - check to see if rule contains selinux fields.
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 8e23d7a873a4..7b9769f5e775 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -75,13 +75,12 @@ struct avc_audit_data {
75 75
76/* Initialize an AVC audit data structure. */ 76/* Initialize an AVC audit data structure. */
77#define AVC_AUDIT_DATA_INIT(_d,_t) \ 77#define AVC_AUDIT_DATA_INIT(_d,_t) \
78 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } 78 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
79 79
80/* 80/*
81 * AVC statistics 81 * AVC statistics
82 */ 82 */
83struct avc_cache_stats 83struct avc_cache_stats {
84{
85 unsigned int lookups; 84 unsigned int lookups;
86 unsigned int hits; 85 unsigned int hits;
87 unsigned int misses; 86 unsigned int misses;
@@ -97,8 +96,8 @@ struct avc_cache_stats
97void __init avc_init(void); 96void __init avc_init(void);
98 97
99void avc_audit(u32 ssid, u32 tsid, 98void avc_audit(u32 ssid, u32 tsid,
100 u16 tclass, u32 requested, 99 u16 tclass, u32 requested,
101 struct av_decision *avd, int result, struct avc_audit_data *auditdata); 100 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
102 101
103#define AVC_STRICT 1 /* Ignore permissive mode. */ 102#define AVC_STRICT 1 /* Ignore permissive mode. */
104int avc_has_perm_noaudit(u32 ssid, u32 tsid, 103int avc_has_perm_noaudit(u32 ssid, u32 tsid,
@@ -107,8 +106,8 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
107 struct av_decision *avd); 106 struct av_decision *avd);
108 107
109int avc_has_perm(u32 ssid, u32 tsid, 108int avc_has_perm(u32 ssid, u32 tsid,
110 u16 tclass, u32 requested, 109 u16 tclass, u32 requested,
111 struct avc_audit_data *auditdata); 110 struct avc_audit_data *auditdata);
112 111
113u32 avc_policy_seqno(void); 112u32 avc_policy_seqno(void);
114 113
@@ -122,7 +121,7 @@ u32 avc_policy_seqno(void);
122#define AVC_CALLBACK_AUDITDENY_DISABLE 128 121#define AVC_CALLBACK_AUDITDENY_DISABLE 128
123 122
124int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, 123int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
125 u16 tclass, u32 perms, 124 u16 tclass, u32 perms,
126 u32 *out_retained), 125 u32 *out_retained),
127 u32 events, u32 ssid, u32 tsid, 126 u32 events, u32 ssid, u32 tsid,
128 u16 tclass, u32 perms); 127 u16 tclass, u32 perms);
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 032c2357dad1..91070ab874ce 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -44,7 +44,6 @@ struct inode_security_struct {
44 u16 sclass; /* security class of this object */ 44 u16 sclass; /* security class of this object */
45 unsigned char initialized; /* initialization flag */ 45 unsigned char initialized; /* initialization flag */
46 struct mutex lock; 46 struct mutex lock;
47 unsigned char inherit; /* inherit SID from parent entry */
48}; 47};
49 48
50struct file_security_struct { 49struct file_security_struct {
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index ad30ac4273d6..44cba2e21dcf 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -93,12 +93,17 @@ int security_change_sid(u32 ssid, u32 tsid,
93int security_sid_to_context(u32 sid, char **scontext, 93int security_sid_to_context(u32 sid, char **scontext,
94 u32 *scontext_len); 94 u32 *scontext_len);
95 95
96int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len);
97
96int security_context_to_sid(const char *scontext, u32 scontext_len, 98int security_context_to_sid(const char *scontext, u32 scontext_len,
97 u32 *out_sid); 99 u32 *out_sid);
98 100
99int security_context_to_sid_default(const char *scontext, u32 scontext_len, 101int security_context_to_sid_default(const char *scontext, u32 scontext_len,
100 u32 *out_sid, u32 def_sid, gfp_t gfp_flags); 102 u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
101 103
104int security_context_to_sid_force(const char *scontext, u32 scontext_len,
105 u32 *sid);
106
102int security_get_user_sids(u32 callsid, char *username, 107int security_get_user_sids(u32 callsid, char *username,
103 u32 **sids, u32 *nel); 108 u32 **sids, u32 *nel);
104 109
@@ -131,7 +136,7 @@ int security_get_allow_unknown(void);
131#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ 136#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */
132 137
133int security_fs_use(const char *fstype, unsigned int *behavior, 138int security_fs_use(const char *fstype, unsigned int *behavior,
134 u32 *sid); 139 u32 *sid, bool can_xattr);
135 140
136int security_genfs_sid(const char *fstype, char *name, u16 sclass, 141int security_genfs_sid(const char *fstype, char *name, u16 sclass,
137 u32 *sid); 142 u32 *sid);