Eric Lee / smarc-fsl-linux-kernel

Blame view

security/selinux/include/security.h 4.32 KB

1da177e4c Linus Torvalds Linux-2.6.12-rc2	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25	/* * Security server interface. * * Author : Stephen Smalley, <sds@epoch.ncsc.mil> * / #ifndef _SELINUX_SECURITY_H_ #define _SELINUX_SECURITY_H_ #include "flask.h" #define SECSID_NULL 0x00000000 / unspecified SID / #define SECSID_WILD 0xffffffff / wildcard SID / #define SECCLASS_NULL 0x0000 / no class / #define SELINUX_MAGIC 0xf97cff8c / Identify specific policy version changes */ #define POLICYDB_VERSION_BASE 15 #define POLICYDB_VERSION_BOOL 16 #define POLICYDB_VERSION_IPV6 17 #define POLICYDB_VERSION_NLCLASS 18 #define POLICYDB_VERSION_VALIDATETRANS 19 #define POLICYDB_VERSION_MLS 19
782ebb992 Stephen Smalley [PATCH] selinux: ...	26	#define POLICYDB_VERSION_AVTAB 20
f3f877142 Darrel Goeddel [PATCH] selinux: ...	27	#define POLICYDB_VERSION_RANGETRANS 21
3bb56b25d Paul Moore SELinux: Add a ca...	28	#define POLICYDB_VERSION_POLCAP 22
64dbf0747 Eric Paris selinux: introduc...	29	#define POLICYDB_VERSION_PERMISSIVE 23
1da177e4c Linus Torvalds Linux-2.6.12-rc2	30 31 32	/* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
016b9bdb8 Stephen Smalley [PATCH] selinux: ...	33 34 35	#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE #else
64dbf0747 Eric Paris selinux: introduc...	36	#define POLICYDB_VERSION_MAX POLICYDB_VERSION_PERMISSIVE
016b9bdb8 Stephen Smalley [PATCH] selinux: ...	37	#endif
1da177e4c Linus Torvalds Linux-2.6.12-rc2	38
e00075298 Eric Paris LSM/SELinux: Inte...	39 40 41 42	#define CONTEXT_MNT 0x01 #define FSCONTEXT_MNT 0x02 #define ROOTCONTEXT_MNT 0x04 #define DEFCONTEXT_MNT 0x08
832cbd9aa Eric Paris SELinux: turn mou...	43 44 45 46	#define CONTEXT_STR "context=" #define FSCONTEXT_STR "fscontext=" #define ROOTCONTEXT_STR "rootcontext=" #define DEFCONTEXT_STR "defcontext="
5778eabd9 Paul Moore SELinux: extract ...	47	struct netlbl_lsm_secattr;
bb22f5808 James Morris Compile fix for "...	48
1da177e4c Linus Torvalds Linux-2.6.12-rc2	49	extern int selinux_enabled;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	50	extern int selinux_mls_enabled;
3bb56b25d Paul Moore SELinux: Add a ca...	51 52 53	/* Policy capabilities */ enum { POLICYDB_CAPABILITY_NETPEER,
b0c636b99 Eric Paris SELinux: create n...	54	POLICYDB_CAPABILITY_OPENPERM,
3bb56b25d Paul Moore SELinux: Add a ca...	55 56 57 58 59	__POLICYDB_CAPABILITY_MAX }; #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) extern int selinux_policycap_netpeer;
b0c636b99 Eric Paris SELinux: create n...	60	extern int selinux_policycap_openperm;
3bb56b25d Paul Moore SELinux: Add a ca...	61
b19d8eae9 Eric Paris SELinux: selinux/...	62	int security_load_policy(void *data, size_t len);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	63
3bb56b25d Paul Moore SELinux: Add a ca...	64	int security_policycap_supported(unsigned int req_cap);
e47c8fc58 Christopher J. PeBenito selinux: add seli...	65	#define SEL_VEC_MAX 32
1da177e4c Linus Torvalds Linux-2.6.12-rc2	66 67 68 69 70 71 72	struct av_decision { u32 allowed; u32 decided; u32 auditallow; u32 auditdeny; u32 seqno; };
64dbf0747 Eric Paris selinux: introduc...	73	int security_permissive_sid(u32 sid);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	74 75 76 77 78 79 80 81 82 83 84 85 86 87 88	int security_compute_av(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision avd); int security_transition_sid(u32 ssid, u32 tsid, u16 tclass, u32 out_sid); int security_member_sid(u32 ssid, u32 tsid, u16 tclass, u32 out_sid); int security_change_sid(u32 ssid, u32 tsid, u16 tclass, u32 out_sid); int security_sid_to_context(u32 sid, char *scontext, u32 scontext_len);
8f0cfa52a David Howells xattr: add missin...	89	int security_context_to_sid(const char *scontext, u32 scontext_len,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	90	u32 *out_sid);
7bf570dc8 David Howells Security: Make se...	91	int security_context_to_sid_default(const char *scontext, u32 scontext_len,
869ab5147 Stephen Smalley SELinux: more GFP...	92	u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
f5c1d5b2a James Morris [PATCH] SELinux: ...	93
1da177e4c Linus Torvalds Linux-2.6.12-rc2	94 95	int security_get_user_sids(u32 callsid, char username, u32 sids, u32 nel);
3e1121726 Paul Moore SELinux: Add netw...	96	int security_port_sid(u8 protocol, u16 port, u32 *out_sid);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	97
e8bfdb9d0 Paul Moore SELinux: Convert ...	98	int security_netif_sid(char name, u32 if_sid);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	99 100 101 102 103	int security_node_sid(u16 domain, void addr, u32 addrlen, u32 out_sid); int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
b19d8eae9 Eric Paris SELinux: selinux/...	104	u16 tclass);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	105
08554d6b3 Venkat Yekkirala [MLSXFRM]: Define...	106	int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
220deb966 Paul Moore SELinux: Better i...	107 108 109	int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, u32 xfrm_sid, u32 *peer_sid);
55fcf09b3 Christopher J. PeBenito selinux: add supp...	110 111	int security_get_classes(char **classes, int nclasses); int security_get_permissions(char class, char *perms, int nperms);
3f12070e2 Eric Paris SELinux: policy s...	112 113	int security_get_reject_unknown(void); int security_get_allow_unknown(void);
55fcf09b3 Christopher J. PeBenito selinux: add supp...	114
1da177e4c Linus Torvalds Linux-2.6.12-rc2	115 116 117 118 119 120 121 122 123 124 125 126	#define SECURITY_FS_USE_XATTR 1 /* use xattr / #define SECURITY_FS_USE_TRANS 2 / use transition SIDs, e.g. devpts/tmpfs / #define SECURITY_FS_USE_TASK 3 / use task SIDs, e.g. pipefs/sockfs / #define SECURITY_FS_USE_GENFS 4 / use the genfs support / #define SECURITY_FS_USE_NONE 5 / no labeling support / #define SECURITY_FS_USE_MNTPOINT 6 / use mountpoint labeling / int security_fs_use(const char fstype, unsigned int behavior, u32 sid); int security_genfs_sid(const char fstype, char name, u16 sclass, u32 *sid);
5778eabd9 Paul Moore SELinux: extract ...	127 128	#ifdef CONFIG_NETLABEL int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
5778eabd9 Paul Moore SELinux: extract ...	129 130 131 132 133 134 135	u32 sid); int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr secattr); #else static inline int security_netlbl_secattr_to_sid( struct netlbl_lsm_secattr *secattr,
5778eabd9 Paul Moore SELinux: extract ...	136 137 138 139 140 141 142 143 144 145 146	u32 sid) { return -EIDRM; } static inline int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr secattr) { return -ENOENT; } #endif /* CONFIG_NETLABEL */
f0ee2e467 James Carter selinux: export i...	147	const char *security_get_initial_sid_context(u32 sid);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	148	#endif /* _SELINUX_SECURITY_H_ */