aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/include
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/include')
-rw-r--r--security/selinux/include/avc.h49
-rw-r--r--security/selinux/include/netlabel.h4
-rw-r--r--security/selinux/include/xfrm.h8
3 files changed, 50 insertions, 11 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index e94e82f73818..ae4c3a0e2c1a 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -13,7 +13,6 @@
13#include <linux/spinlock.h> 13#include <linux/spinlock.h>
14#include <linux/init.h> 14#include <linux/init.h>
15#include <linux/audit.h> 15#include <linux/audit.h>
16#include <linux/lsm_audit.h>
17#include <linux/in6.h> 16#include <linux/in6.h>
18#include <linux/path.h> 17#include <linux/path.h>
19#include <asm/system.h> 18#include <asm/system.h>
@@ -37,6 +36,48 @@ struct inode;
37struct sock; 36struct sock;
38struct sk_buff; 37struct sk_buff;
39 38
39/* Auxiliary data to use in generating the audit record. */
40struct avc_audit_data {
41 char type;
42#define AVC_AUDIT_DATA_FS 1
43#define AVC_AUDIT_DATA_NET 2
44#define AVC_AUDIT_DATA_CAP 3
45#define AVC_AUDIT_DATA_IPC 4
46 struct task_struct *tsk;
47 union {
48 struct {
49 struct path path;
50 struct inode *inode;
51 } fs;
52 struct {
53 int netif;
54 struct sock *sk;
55 u16 family;
56 __be16 dport;
57 __be16 sport;
58 union {
59 struct {
60 __be32 daddr;
61 __be32 saddr;
62 } v4;
63 struct {
64 struct in6_addr daddr;
65 struct in6_addr saddr;
66 } v6;
67 } fam;
68 } net;
69 int cap;
70 int ipc_id;
71 } u;
72};
73
74#define v4info fam.v4
75#define v6info fam.v6
76
77/* Initialize an AVC audit data structure. */
78#define AVC_AUDIT_DATA_INIT(_d,_t) \
79 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
80
40/* 81/*
41 * AVC statistics 82 * AVC statistics
42 */ 83 */
@@ -57,9 +98,7 @@ void __init avc_init(void);
57 98
58void avc_audit(u32 ssid, u32 tsid, 99void avc_audit(u32 ssid, u32 tsid,
59 u16 tclass, u32 requested, 100 u16 tclass, u32 requested,
60 struct av_decision *avd, 101 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
61 int result,
62 struct common_audit_data *a);
63 102
64#define AVC_STRICT 1 /* Ignore permissive mode. */ 103#define AVC_STRICT 1 /* Ignore permissive mode. */
65int avc_has_perm_noaudit(u32 ssid, u32 tsid, 104int avc_has_perm_noaudit(u32 ssid, u32 tsid,
@@ -69,7 +108,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
69 108
70int avc_has_perm(u32 ssid, u32 tsid, 109int avc_has_perm(u32 ssid, u32 tsid,
71 u16 tclass, u32 requested, 110 u16 tclass, u32 requested,
72 struct common_audit_data *auditdata); 111 struct avc_audit_data *auditdata);
73 112
74u32 avc_policy_seqno(void); 113u32 avc_policy_seqno(void);
75 114
diff --git a/security/selinux/include/netlabel.h b/security/selinux/include/netlabel.h
index 8d7384280a7a..b4b5b9b2f0be 100644
--- a/security/selinux/include/netlabel.h
+++ b/security/selinux/include/netlabel.h
@@ -59,7 +59,7 @@ int selinux_netlbl_socket_post_create(struct sock *sk, u16 family);
59int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 59int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
60 struct sk_buff *skb, 60 struct sk_buff *skb,
61 u16 family, 61 u16 family,
62 struct common_audit_data *ad); 62 struct avc_audit_data *ad);
63int selinux_netlbl_socket_setsockopt(struct socket *sock, 63int selinux_netlbl_socket_setsockopt(struct socket *sock,
64 int level, 64 int level,
65 int optname); 65 int optname);
@@ -129,7 +129,7 @@ static inline int selinux_netlbl_socket_post_create(struct sock *sk,
129static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, 129static inline int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
130 struct sk_buff *skb, 130 struct sk_buff *skb,
131 u16 family, 131 u16 family,
132 struct common_audit_data *ad) 132 struct avc_audit_data *ad)
133{ 133{
134 return 0; 134 return 0;
135} 135}
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
index 13128f9a3e5a..289e24b39e3e 100644
--- a/security/selinux/include/xfrm.h
+++ b/security/selinux/include/xfrm.h
@@ -41,9 +41,9 @@ static inline int selinux_xfrm_enabled(void)
41} 41}
42 42
43int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb, 43int selinux_xfrm_sock_rcv_skb(u32 sid, struct sk_buff *skb,
44 struct common_audit_data *ad); 44 struct avc_audit_data *ad);
45int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, 45int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
46 struct common_audit_data *ad, u8 proto); 46 struct avc_audit_data *ad, u8 proto);
47int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall); 47int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall);
48 48
49static inline void selinux_xfrm_notify_policyload(void) 49static inline void selinux_xfrm_notify_policyload(void)
@@ -57,13 +57,13 @@ static inline int selinux_xfrm_enabled(void)
57} 57}
58 58
59static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, 59static inline int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
60 struct common_audit_data *ad) 60 struct avc_audit_data *ad)
61{ 61{
62 return 0; 62 return 0;
63} 63}
64 64
65static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, 65static inline int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
66 struct common_audit_data *ad, u8 proto) 66 struct avc_audit_data *ad, u8 proto)
67{ 67{
68 return 0; 68 return 0;
69} 69}