tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / selinux / include / security.h
at v2.6.21 106 lines 2.9 kB view raw
1/* 2 * Security server interface. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 * 6 */ 7 8#ifndef _SELINUX_SECURITY_H_ 9#define _SELINUX_SECURITY_H_ 10 11#include "flask.h" 12 13#define SECSID_NULL 0x00000000 /* unspecified SID */ 14#define SECSID_WILD 0xffffffff /* wildcard SID */ 15#define SECCLASS_NULL 0x0000 /* no class */ 16 17#define SELINUX_MAGIC 0xf97cff8c 18 19/* Identify specific policy version changes */ 20#define POLICYDB_VERSION_BASE 15 21#define POLICYDB_VERSION_BOOL 16 22#define POLICYDB_VERSION_IPV6 17 23#define POLICYDB_VERSION_NLCLASS 18 24#define POLICYDB_VERSION_VALIDATETRANS 19 25#define POLICYDB_VERSION_MLS 19 26#define POLICYDB_VERSION_AVTAB 20 27#define POLICYDB_VERSION_RANGETRANS 21 28 29/* Range of policy versions we understand*/ 30#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE 31#ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX 32#define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE 33#else 34#define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS 35#endif 36 37struct sk_buff; 38 39extern int selinux_enabled; 40extern int selinux_mls_enabled; 41 42int security_load_policy(void * data, size_t len); 43 44struct av_decision { 45 u32 allowed; 46 u32 decided; 47 u32 auditallow; 48 u32 auditdeny; 49 u32 seqno; 50}; 51 52int security_compute_av(u32 ssid, u32 tsid, 53 u16 tclass, u32 requested, 54 struct av_decision *avd); 55 56int security_transition_sid(u32 ssid, u32 tsid, 57 u16 tclass, u32 *out_sid); 58 59int security_member_sid(u32 ssid, u32 tsid, 60 u16 tclass, u32 *out_sid); 61 62int security_change_sid(u32 ssid, u32 tsid, 63 u16 tclass, u32 *out_sid); 64 65int security_sid_to_context(u32 sid, char **scontext, 66 u32 *scontext_len); 67 68int security_context_to_sid(char *scontext, u32 scontext_len, 69 u32 *out_sid); 70 71int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid); 72 73int security_get_user_sids(u32 callsid, char *username, 74 u32 **sids, u32 *nel); 75 76int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, 77 u32 *out_sid); 78 79int security_netif_sid(char *name, u32 *if_sid, 80 u32 *msg_sid); 81 82int security_node_sid(u16 domain, void *addr, u32 addrlen, 83 u32 *out_sid); 84 85void security_skb_extlbl_sid(struct sk_buff *skb, u32 base_sid, u32 *sid); 86 87int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, 88 u16 tclass); 89 90int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); 91 92#define SECURITY_FS_USE_XATTR 1 /* use xattr */ 93#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ 94#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ 95#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */ 96#define SECURITY_FS_USE_NONE 5 /* no labeling support */ 97#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ 98 99int security_fs_use(const char *fstype, unsigned int *behavior, 100 u32 *sid); 101 102int security_genfs_sid(const char *fstype, char *name, u16 sclass, 103 u32 *sid); 104 105#endif /* _SELINUX_SECURITY_H_ */ 106