diff options
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/audit.h | 4 | ||||
-rw-r--r-- | security/selinux/include/avc.h | 15 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 1 | ||||
-rw-r--r-- | security/selinux/include/security.h | 7 |
4 files changed, 15 insertions, 12 deletions
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h index 6c8b9ef15579..1bdf973433cc 100644 --- a/security/selinux/include/audit.h +++ b/security/selinux/include/audit.h | |||
@@ -1,7 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | * SELinux support for the Audit LSM hooks | 2 | * SELinux support for the Audit LSM hooks |
3 | * | 3 | * |
4 | * Most of below header was moved from include/linux/selinux.h which | 4 | * Most of below header was moved from include/linux/selinux.h which |
5 | * is released under below copyrights: | 5 | * is released under below copyrights: |
6 | * | 6 | * |
7 | * Author: James Morris <jmorris@redhat.com> | 7 | * Author: James Morris <jmorris@redhat.com> |
@@ -52,7 +52,7 @@ void selinux_audit_rule_free(void *rule); | |||
52 | * -errno on failure. | 52 | * -errno on failure. |
53 | */ | 53 | */ |
54 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, | 54 | int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, |
55 | struct audit_context *actx); | 55 | struct audit_context *actx); |
56 | 56 | ||
57 | /** | 57 | /** |
58 | * selinux_audit_rule_known - check to see if rule contains selinux fields. | 58 | * selinux_audit_rule_known - check to see if rule contains selinux fields. |
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index 8e23d7a873a4..7b9769f5e775 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h | |||
@@ -75,13 +75,12 @@ struct avc_audit_data { | |||
75 | 75 | ||
76 | /* Initialize an AVC audit data structure. */ | 76 | /* Initialize an AVC audit data structure. */ |
77 | #define AVC_AUDIT_DATA_INIT(_d,_t) \ | 77 | #define AVC_AUDIT_DATA_INIT(_d,_t) \ |
78 | { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } | 78 | { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } |
79 | 79 | ||
80 | /* | 80 | /* |
81 | * AVC statistics | 81 | * AVC statistics |
82 | */ | 82 | */ |
83 | struct avc_cache_stats | 83 | struct avc_cache_stats { |
84 | { | ||
85 | unsigned int lookups; | 84 | unsigned int lookups; |
86 | unsigned int hits; | 85 | unsigned int hits; |
87 | unsigned int misses; | 86 | unsigned int misses; |
@@ -97,8 +96,8 @@ struct avc_cache_stats | |||
97 | void __init avc_init(void); | 96 | void __init avc_init(void); |
98 | 97 | ||
99 | void avc_audit(u32 ssid, u32 tsid, | 98 | void avc_audit(u32 ssid, u32 tsid, |
100 | u16 tclass, u32 requested, | 99 | u16 tclass, u32 requested, |
101 | struct av_decision *avd, int result, struct avc_audit_data *auditdata); | 100 | struct av_decision *avd, int result, struct avc_audit_data *auditdata); |
102 | 101 | ||
103 | #define AVC_STRICT 1 /* Ignore permissive mode. */ | 102 | #define AVC_STRICT 1 /* Ignore permissive mode. */ |
104 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, | 103 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
@@ -107,8 +106,8 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, | |||
107 | struct av_decision *avd); | 106 | struct av_decision *avd); |
108 | 107 | ||
109 | int avc_has_perm(u32 ssid, u32 tsid, | 108 | int avc_has_perm(u32 ssid, u32 tsid, |
110 | u16 tclass, u32 requested, | 109 | u16 tclass, u32 requested, |
111 | struct avc_audit_data *auditdata); | 110 | struct avc_audit_data *auditdata); |
112 | 111 | ||
113 | u32 avc_policy_seqno(void); | 112 | u32 avc_policy_seqno(void); |
114 | 113 | ||
@@ -122,7 +121,7 @@ u32 avc_policy_seqno(void); | |||
122 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | 121 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 |
123 | 122 | ||
124 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | 123 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, |
125 | u16 tclass, u32 perms, | 124 | u16 tclass, u32 perms, |
126 | u32 *out_retained), | 125 | u32 *out_retained), |
127 | u32 events, u32 ssid, u32 tsid, | 126 | u32 events, u32 ssid, u32 tsid, |
128 | u16 tclass, u32 perms); | 127 | u16 tclass, u32 perms); |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 032c2357dad1..91070ab874ce 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -44,7 +44,6 @@ struct inode_security_struct { | |||
44 | u16 sclass; /* security class of this object */ | 44 | u16 sclass; /* security class of this object */ |
45 | unsigned char initialized; /* initialization flag */ | 45 | unsigned char initialized; /* initialization flag */ |
46 | struct mutex lock; | 46 | struct mutex lock; |
47 | unsigned char inherit; /* inherit SID from parent entry */ | ||
48 | }; | 47 | }; |
49 | 48 | ||
50 | struct file_security_struct { | 49 | struct file_security_struct { |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index ad30ac4273d6..44cba2e21dcf 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -93,12 +93,17 @@ int security_change_sid(u32 ssid, u32 tsid, | |||
93 | int security_sid_to_context(u32 sid, char **scontext, | 93 | int security_sid_to_context(u32 sid, char **scontext, |
94 | u32 *scontext_len); | 94 | u32 *scontext_len); |
95 | 95 | ||
96 | int security_sid_to_context_force(u32 sid, char **scontext, u32 *scontext_len); | ||
97 | |||
96 | int security_context_to_sid(const char *scontext, u32 scontext_len, | 98 | int security_context_to_sid(const char *scontext, u32 scontext_len, |
97 | u32 *out_sid); | 99 | u32 *out_sid); |
98 | 100 | ||
99 | int security_context_to_sid_default(const char *scontext, u32 scontext_len, | 101 | int security_context_to_sid_default(const char *scontext, u32 scontext_len, |
100 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); | 102 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); |
101 | 103 | ||
104 | int security_context_to_sid_force(const char *scontext, u32 scontext_len, | ||
105 | u32 *sid); | ||
106 | |||
102 | int security_get_user_sids(u32 callsid, char *username, | 107 | int security_get_user_sids(u32 callsid, char *username, |
103 | u32 **sids, u32 *nel); | 108 | u32 **sids, u32 *nel); |
104 | 109 | ||
@@ -131,7 +136,7 @@ int security_get_allow_unknown(void); | |||
131 | #define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ | 136 | #define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ |
132 | 137 | ||
133 | int security_fs_use(const char *fstype, unsigned int *behavior, | 138 | int security_fs_use(const char *fstype, unsigned int *behavior, |
134 | u32 *sid); | 139 | u32 *sid, bool can_xattr); |
135 | 140 | ||
136 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, | 141 | int security_genfs_sid(const char *fstype, char *name, u16 sclass, |
137 | u32 *sid); | 142 | u32 *sid); |