Blame view
include/linux/selinux.h
2.87 KB
376bd9cb3 [PATCH] support f... |
1 2 3 4 5 6 7 |
/* * SELinux services exported to the rest of the kernel. * * Author: James Morris <jmorris@redhat.com> * * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> |
e7c349701 [PATCH] Reworked ... |
8 |
* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> |
376bd9cb3 [PATCH] support f... |
9 10 11 12 13 14 15 16 17 18 |
* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ #ifndef _LINUX_SELINUX_H #define _LINUX_SELINUX_H struct selinux_audit_rule; struct audit_context; |
9c7aa6aa7 [PATCH] change ls... |
19 |
struct kern_ipc_perm; |
376bd9cb3 [PATCH] support f... |
20 21 22 23 |
#ifdef CONFIG_SECURITY_SELINUX /** |
c749b29fa [SECMARK]: Add SE... |
24 25 26 27 28 29 30 31 32 33 34 |
* selinux_string_to_sid - map a security context string to a security ID * @str: the security context string to be mapped * @sid: ID value returned via this. * * Returns 0 if successful, with the SID stored in sid. A value * of zero for sid indicates no SID could be determined (but no error * occurred). */ int selinux_string_to_sid(char *str, u32 *sid); /** |
d621d35e5 SELinux: Enable d... |
35 36 |
* selinux_secmark_relabel_packet_permission - secmark permission check * @sid: SECMARK ID value to be applied to network packet |
c749b29fa [SECMARK]: Add SE... |
37 |
* |
d621d35e5 SELinux: Enable d... |
38 39 40 41 |
* Returns 0 if the current task is allowed to set the SECMARK label of * packets with the supplied security ID. Note that it is implicit that * the packet is always being relabeled from the default unlabeled value, * and that the access control decision is made in the AVC. |
c749b29fa [SECMARK]: Add SE... |
42 |
*/ |
d621d35e5 SELinux: Enable d... |
43 |
int selinux_secmark_relabel_packet_permission(u32 sid); |
e7c349701 [PATCH] Reworked ... |
44 |
|
d621d35e5 SELinux: Enable d... |
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
/** * selinux_secmark_refcount_inc - increments the secmark use counter * * SELinux keeps track of the current SECMARK targets in use so it knows * when to apply SECMARK label access checks to network packets. This * function incements this reference count to indicate that a new SECMARK * target has been configured. */ void selinux_secmark_refcount_inc(void); /** * selinux_secmark_refcount_dec - decrements the secmark use counter * * SELinux keeps track of the current SECMARK targets in use so it knows * when to apply SECMARK label access checks to network packets. This * function decements this reference count to indicate that one of the * existing SECMARK targets has been removed/flushed. */ void selinux_secmark_refcount_dec(void); |
ed868a569 Creds: creds->sec... |
64 65 66 67 68 |
/** * selinux_is_enabled - is SELinux enabled? */ bool selinux_is_enabled(void); |
376bd9cb3 [PATCH] support f... |
69 |
#else |
c749b29fa [SECMARK]: Add SE... |
70 71 72 73 74 |
static inline int selinux_string_to_sid(const char *str, u32 *sid) { *sid = 0; return 0; } |
d621d35e5 SELinux: Enable d... |
75 |
static inline int selinux_secmark_relabel_packet_permission(u32 sid) |
c749b29fa [SECMARK]: Add SE... |
76 77 78 |
{ return 0; } |
d621d35e5 SELinux: Enable d... |
79 80 81 82 83 84 85 86 87 |
static inline void selinux_secmark_refcount_inc(void) { return; } static inline void selinux_secmark_refcount_dec(void) { return; } |
8a478905a SELinux: inline s... |
88 |
static inline bool selinux_is_enabled(void) |
ed868a569 Creds: creds->sec... |
89 90 91 |
{ return false; } |
376bd9cb3 [PATCH] support f... |
92 93 94 |
#endif /* CONFIG_SECURITY_SELINUX */ #endif /* _LINUX_SELINUX_H */ |