From 55fcf09b3fe4325c9395ebbb0322a547a157ebc7 Mon Sep 17 00:00:00 2001 From: "Christopher J. PeBenito" Date: Wed, 23 May 2007 09:12:06 -0400 Subject: selinux: add support for querying object classes and permissions from the running policy Add support to the SELinux security server for obtaining a list of classes, and for obtaining a list of permissions for a specified class. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris --- security/selinux/include/security.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'security/selinux/include/security.h') diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index b94378afea25..731a173f5a5f 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -87,6 +87,9 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); +int security_get_classes(char ***classes, int *nclasses); +int security_get_permissions(char *class, char ***perms, int *nperms); + #define SECURITY_FS_USE_XATTR 1 /* use xattr */ #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ #define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ -- cgit v1.2.2 From e47c8fc582a2c9f3cba059e543c4a056cd6bf8c4 Mon Sep 17 00:00:00 2001 From: "Christopher J. PeBenito" Date: Wed, 23 May 2007 09:12:09 -0400 Subject: selinux: add selinuxfs structure for object class discovery The structure is as follows (relative to selinuxfs root): /class/file/index /class/file/perms/read /class/file/perms/write ... Each class is allocated 33 inodes, 1 for the class index and 32 for permissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file DIV 33 is the class number. The inode of the permission file % 33 is the index of the permission for that class. Signed-off-by: Christopher J. PeBenito Signed-off-by: James Morris --- security/selinux/include/security.h | 1 + 1 file changed, 1 insertion(+) (limited to 'security/selinux/include/security.h') diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 731a173f5a5f..83bdd4d2a29e 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -41,6 +41,7 @@ extern int selinux_mls_enabled; int security_load_policy(void * data, size_t len); +#define SEL_VEC_MAX 32 struct av_decision { u32 allowed; u32 decided; -- cgit v1.2.2