diff options
Diffstat (limited to 'security/selinux/include')
-rw-r--r-- | security/selinux/include/netnode.h | 32 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 9 |
2 files changed, 41 insertions, 0 deletions
diff --git a/security/selinux/include/netnode.h b/security/selinux/include/netnode.h new file mode 100644 index 000000000000..1b94450d11d2 --- /dev/null +++ b/security/selinux/include/netnode.h | |||
@@ -0,0 +1,32 @@ | |||
1 | /* | ||
2 | * Network node table | ||
3 | * | ||
4 | * SELinux must keep a mapping of network nodes to labels/SIDs. This | ||
5 | * mapping is maintained as part of the normal policy but a fast cache is | ||
6 | * needed to reduce the lookup overhead since most of these queries happen on | ||
7 | * a per-packet basis. | ||
8 | * | ||
9 | * Author: Paul Moore <paul.moore@hp.com> | ||
10 | * | ||
11 | */ | ||
12 | |||
13 | /* | ||
14 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2007 | ||
15 | * | ||
16 | * This program is free software: you can redistribute it and/or modify | ||
17 | * it under the terms of version 2 of the GNU General Public License as | ||
18 | * published by the Free Software Foundation. | ||
19 | * | ||
20 | * This program is distributed in the hope that it will be useful, | ||
21 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
22 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
23 | * GNU General Public License for more details. | ||
24 | * | ||
25 | */ | ||
26 | |||
27 | #ifndef _SELINUX_NETNODE_H | ||
28 | #define _SELINUX_NETNODE_H | ||
29 | |||
30 | int sel_netnode_sid(void *addr, u16 family, u32 *sid); | ||
31 | |||
32 | #endif | ||
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index 2d0a92e97d5a..95fb5ec17354 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -100,6 +100,15 @@ struct netif_security_struct { | |||
100 | u32 sid; /* SID for this interface */ | 100 | u32 sid; /* SID for this interface */ |
101 | }; | 101 | }; |
102 | 102 | ||
103 | struct netnode_security_struct { | ||
104 | union { | ||
105 | __be32 ipv4; /* IPv4 node address */ | ||
106 | struct in6_addr ipv6; /* IPv6 node address */ | ||
107 | } addr; | ||
108 | u32 sid; /* SID for this node */ | ||
109 | u16 family; /* address family */ | ||
110 | }; | ||
111 | |||
103 | struct sk_security_struct { | 112 | struct sk_security_struct { |
104 | struct sock *sk; /* back pointer to sk object */ | 113 | struct sock *sk; /* back pointer to sk object */ |
105 | u32 sid; /* SID of this object */ | 114 | u32 sid; /* SID of this object */ |