diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-18 08:19:40 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-18 08:19:40 -0700 |
| commit | 30bc94566e396b432b72e2f3518e19225dc2672d (patch) | |
| tree | 50eba6ade66fbed5106a40aa68ab36926b7beb6b /security/selinux/include/security.h | |
| parent | 4cba84b5d61af81f1f329f4d05170427a9819c39 (diff) | |
| parent | 5f46ce14bd432cf52bf91079270af164ca48f821 (diff) | |
| download | linux-30bc94566e396b432b72e2f3518e19225dc2672d.tar.bz2 | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
security: enhance DEFAULT_MMAP_MIN_ADDR description
SELinux: add netport.[ch]
SELinux: Add network port SID cache
SELinux: turn mount options strings into defines
selinux/ss/services.c should #include <linux/selinux.h>
selinux: introduce permissive types
selinux: remove ptrace_sid
SELinux: requesting no permissions in avc_has_perm_noaudit is a BUG()
security: code cleanup
security: replace remaining __FUNCTION__ occurrences
SELinux: create new open permission
selinux: selinux/netlabel.c should #include "netlabel.h"
SELinux: unify printk messages
SELinux: remove unused backpointers from security objects
SELinux: Correct the NetLabel locking for the sk_security_struct
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 44e12ec88090..1904c462a605 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -26,13 +26,14 @@ #define POLICYDB_VERSION_AVTAB 20 #define POLICYDB_VERSION_RANGETRANS 21 #define POLICYDB_VERSION_POLCAP 22 +#define POLICYDB_VERSION_PERMISSIVE 23 /* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE #else -#define POLICYDB_VERSION_MAX POLICYDB_VERSION_POLCAP +#define POLICYDB_VERSION_MAX POLICYDB_VERSION_PERMISSIVE #endif #define CONTEXT_MNT 0x01 @@ -40,6 +41,11 @@ #define ROOTCONTEXT_MNT 0x04 #define DEFCONTEXT_MNT 0x08 +#define CONTEXT_STR "context=" +#define FSCONTEXT_STR "fscontext=" +#define ROOTCONTEXT_STR "rootcontext=" +#define DEFCONTEXT_STR "defcontext=" + struct netlbl_lsm_secattr; extern int selinux_enabled; @@ -48,11 +54,13 @@ extern int selinux_mls_enabled; /* Policy capabilities */ enum { POLICYDB_CAPABILITY_NETPEER, + POLICYDB_CAPABILITY_OPENPERM, __POLICYDB_CAPABILITY_MAX }; #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) extern int selinux_policycap_netpeer; +extern int selinux_policycap_openperm; int security_load_policy(void * data, size_t len); @@ -67,6 +75,8 @@ struct av_decision { u32 seqno; }; +int security_permissive_sid(u32 sid); + int security_compute_av(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd); @@ -92,8 +102,7 @@ int security_context_to_sid_default(char *scontext, u32 scontext_len, int security_get_user_sids(u32 callsid, char *username, u32 **sids, u32 *nel); -int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, - u32 *out_sid); +int security_port_sid(u8 protocol, u16 port, u32 *out_sid); int security_netif_sid(char *name, u32 *if_sid); |