diff options
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 2b6c6a516123..174d3be9aaee 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -41,9 +41,9 @@ struct superblock_smack { | |||
| 41 | }; | 41 | }; |
| 42 | 42 | ||
| 43 | struct socket_smack { | 43 | struct socket_smack { |
| 44 | char *smk_out; /* outbound label */ | 44 | char *smk_out; /* outbound label */ |
| 45 | char *smk_in; /* inbound label */ | 45 | char *smk_in; /* inbound label */ |
| 46 | char smk_packet[SMK_LABELLEN]; /* TCP peer label */ | 46 | char *smk_packet; /* TCP peer label */ |
| 47 | }; | 47 | }; |
| 48 | 48 | ||
| 49 | /* | 49 | /* |
| @@ -116,13 +116,19 @@ struct smk_netlbladdr { | |||
| 116 | * If there is a cipso value associated with the label it | 116 | * If there is a cipso value associated with the label it |
| 117 | * gets stored here, too. This will most likely be rare as | 117 | * gets stored here, too. This will most likely be rare as |
| 118 | * the cipso direct mapping in used internally. | 118 | * the cipso direct mapping in used internally. |
| 119 | * | ||
| 120 | * Keep the access rules for this subject label here so that | ||
| 121 | * the entire set of rules does not need to be examined every | ||
| 122 | * time. | ||
| 119 | */ | 123 | */ |
| 120 | struct smack_known { | 124 | struct smack_known { |
| 121 | struct list_head list; | 125 | struct list_head list; |
| 122 | char smk_known[SMK_LABELLEN]; | 126 | char smk_known[SMK_LABELLEN]; |
| 123 | u32 smk_secid; | 127 | u32 smk_secid; |
| 124 | struct smack_cipso *smk_cipso; | 128 | struct smack_cipso *smk_cipso; |
| 125 | spinlock_t smk_cipsolock; /* for changing cipso map */ | 129 | spinlock_t smk_cipsolock; /* for changing cipso map */ |
| 130 | struct list_head smk_rules; /* access rules */ | ||
| 131 | struct mutex smk_rules_lock; /* lock for the rules */ | ||
| 126 | }; | 132 | }; |
| 127 | 133 | ||
| 128 | /* | 134 | /* |
| @@ -201,10 +207,11 @@ int smk_access_entry(char *, char *, struct list_head *); | |||
| 201 | int smk_access(char *, char *, int, struct smk_audit_info *); | 207 | int smk_access(char *, char *, int, struct smk_audit_info *); |
| 202 | int smk_curacc(char *, u32, struct smk_audit_info *); | 208 | int smk_curacc(char *, u32, struct smk_audit_info *); |
| 203 | int smack_to_cipso(const char *, struct smack_cipso *); | 209 | int smack_to_cipso(const char *, struct smack_cipso *); |
| 204 | void smack_from_cipso(u32, char *, char *); | 210 | char *smack_from_cipso(u32, char *); |
| 205 | char *smack_from_secid(const u32); | 211 | char *smack_from_secid(const u32); |
| 206 | char *smk_import(const char *, int); | 212 | char *smk_import(const char *, int); |
| 207 | struct smack_known *smk_import_entry(const char *, int); | 213 | struct smack_known *smk_import_entry(const char *, int); |
| 214 | struct smack_known *smk_find_entry(const char *); | ||
| 208 | u32 smack_to_secid(const char *); | 215 | u32 smack_to_secid(const char *); |
| 209 | 216 | ||
| 210 | /* | 217 | /* |
| @@ -223,7 +230,6 @@ extern struct smack_known smack_known_star; | |||
| 223 | extern struct smack_known smack_known_web; | 230 | extern struct smack_known smack_known_web; |
| 224 | 231 | ||
| 225 | extern struct list_head smack_known_list; | 232 | extern struct list_head smack_known_list; |
| 226 | extern struct list_head smack_rule_list; | ||
| 227 | extern struct list_head smk_netlbladdr_list; | 233 | extern struct list_head smk_netlbladdr_list; |
| 228 | 234 | ||
| 229 | extern struct security_operations smack_ops; | 235 | extern struct security_operations smack_ops; |