diff options
Diffstat (limited to 'security/smack/smack.h')
| -rw-r--r-- | security/smack/smack.h | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 129c4eb8ffb1..b449cfdad21c 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
| @@ -52,13 +52,16 @@ struct socket_smack { | |||
| 52 | struct inode_smack { | 52 | struct inode_smack { |
| 53 | char *smk_inode; /* label of the fso */ | 53 | char *smk_inode; /* label of the fso */ |
| 54 | char *smk_task; /* label of the task */ | 54 | char *smk_task; /* label of the task */ |
| 55 | char *smk_mmap; /* label of the mmap domain */ | ||
| 55 | struct mutex smk_lock; /* initialization lock */ | 56 | struct mutex smk_lock; /* initialization lock */ |
| 56 | int smk_flags; /* smack inode flags */ | 57 | int smk_flags; /* smack inode flags */ |
| 57 | }; | 58 | }; |
| 58 | 59 | ||
| 59 | struct task_smack { | 60 | struct task_smack { |
| 60 | char *smk_task; /* label used for access control */ | 61 | char *smk_task; /* label for access control */ |
| 61 | char *smk_forked; /* label when forked */ | 62 | char *smk_forked; /* label when forked */ |
| 63 | struct list_head smk_rules; /* per task access rules */ | ||
| 64 | struct mutex smk_rules_lock; /* lock for the rules */ | ||
| 62 | }; | 65 | }; |
| 63 | 66 | ||
| 64 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ | 67 | #define SMK_INODE_INSTANT 0x01 /* inode is instantiated */ |
| @@ -152,12 +155,6 @@ struct smack_known { | |||
| 152 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ | 155 | #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ |
| 153 | 156 | ||
| 154 | /* | 157 | /* |
| 155 | * A limit on the number of entries in the lists | ||
| 156 | * makes some of the list administration easier. | ||
| 157 | */ | ||
| 158 | #define SMACK_LIST_MAX 10000 | ||
| 159 | |||
| 160 | /* | ||
| 161 | * CIPSO defaults. | 158 | * CIPSO defaults. |
| 162 | */ | 159 | */ |
| 163 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ | 160 | #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ |
| @@ -174,9 +171,7 @@ struct smack_known { | |||
| 174 | /* | 171 | /* |
| 175 | * Just to make the common cases easier to deal with | 172 | * Just to make the common cases easier to deal with |
| 176 | */ | 173 | */ |
| 177 | #define MAY_ANY (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC) | ||
| 178 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) | 174 | #define MAY_ANYREAD (MAY_READ | MAY_EXEC) |
| 179 | #define MAY_ANYWRITE (MAY_WRITE | MAY_APPEND) | ||
| 180 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) | 175 | #define MAY_READWRITE (MAY_READ | MAY_WRITE) |
| 181 | #define MAY_NOT 0 | 176 | #define MAY_NOT 0 |
| 182 | 177 | ||
| @@ -202,7 +197,7 @@ struct inode_smack *new_inode_smack(char *); | |||
| 202 | /* | 197 | /* |
| 203 | * These functions are in smack_access.c | 198 | * These functions are in smack_access.c |
| 204 | */ | 199 | */ |
| 205 | int smk_access_entry(char *, char *); | 200 | int smk_access_entry(char *, char *, struct list_head *); |
| 206 | int smk_access(char *, char *, int, struct smk_audit_info *); | 201 | int smk_access(char *, char *, int, struct smk_audit_info *); |
| 207 | int smk_curacc(char *, u32, struct smk_audit_info *); | 202 | int smk_curacc(char *, u32, struct smk_audit_info *); |
| 208 | int smack_to_cipso(const char *, struct smack_cipso *); | 203 | int smack_to_cipso(const char *, struct smack_cipso *); |