URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [include/] [linux/] [selinux.h] - Blame information for rev 81

Go to most recent revision | Details | Compare with Previous | View Log


/*
 * SELinux services exported to the rest of the kernel.
 *
 * Author: James Morris <jmorris@redhat.com>
 *
 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2,
 * as published by the Free Software Foundation.
 */
#ifndef _LINUX_SELINUX_H
#define _LINUX_SELINUX_H
 
struct selinux_audit_rule;
struct audit_context;
struct inode;
struct kern_ipc_perm;
 
#ifdef CONFIG_SECURITY_SELINUX
 
/**
 *      selinux_audit_rule_init - alloc/init an selinux audit rule structure.
 *      @field: the field this rule refers to
 *      @op: the operater the rule uses
 *      @rulestr: the text "target" of the rule
 *      @rule: pointer to the new rule structure returned via this
 *
 *      Returns 0 if successful, -errno if not.  On success, the rule structure
 *      will be allocated internally.  The caller must free this structure with
 *      selinux_audit_rule_free() after use.
 */
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
                            struct selinux_audit_rule **rule);
 
/**
 *      selinux_audit_rule_free - free an selinux audit rule structure.
 *      @rule: pointer to the audit rule to be freed
 *
 *      This will free all memory associated with the given rule.
 *      If @rule is NULL, no operation is performed.
 */
void selinux_audit_rule_free(struct selinux_audit_rule *rule);
 
/**
 *      selinux_audit_rule_match - determine if a context ID matches a rule.
 *      @sid: the context ID to check
 *      @field: the field this rule refers to
 *      @op: the operater the rule uses
 *      @rule: pointer to the audit rule to check against
 *      @actx: the audit context (can be NULL) associated with the check
 *
 *      Returns 1 if the context id matches the rule, 0 if it does not, and
 *      -errno on failure.
 */
int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
                             struct selinux_audit_rule *rule,
                             struct audit_context *actx);
 
/**
 *      selinux_audit_set_callback - set the callback for policy reloads.
 *      @callback: the function to call when the policy is reloaded
 *
 *      This sets the function callback function that will update the rules
 *      upon policy reloads.  This callback should rebuild all existing rules
 *      using selinux_audit_rule_init().
 */
void selinux_audit_set_callback(int (*callback)(void));
 
/**
 *     selinux_sid_to_string - map a security context ID to a string
 *     @sid: security context ID to be converted.
 *     @ctx: address of context string to be returned
 *     @ctxlen: length of returned context string.
 *
 *     Returns 0 if successful, -errno if not.  On success, the context
 *     string will be allocated internally, and the caller must call
 *     kfree() on it after use.
 */
int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
 
/**
 *     selinux_get_inode_sid - get the inode's security context ID
 *     @inode: inode structure to get the sid from.
 *     @sid: pointer to security context ID to be filled in.
 *
 *     Returns nothing
 */
void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
 
/**
 *     selinux_get_ipc_sid - get the ipc security context ID
 *     @ipcp: ipc structure to get the sid from.
 *     @sid: pointer to security context ID to be filled in.
 *
 *     Returns nothing
 */
void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
 
/**
 *     selinux_get_task_sid - return the SID of task
 *     @tsk: the task whose SID will be returned
 *     @sid: pointer to security context ID to be filled in.
 *
 *     Returns nothing
 */
void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
 
/**
 *     selinux_string_to_sid - map a security context string to a security ID
 *     @str: the security context string to be mapped
 *     @sid: ID value returned via this.
 *
 *     Returns 0 if successful, with the SID stored in sid.  A value
 *     of zero for sid indicates no SID could be determined (but no error
 *     occurred).
 */
int selinux_string_to_sid(char *str, u32 *sid);
 
/**
 *     selinux_relabel_packet_permission - check permission to relabel a packet
 *     @sid: ID value to be applied to network packet (via SECMARK, most likely)
 *
 *     Returns 0 if the current task is allowed to label packets with the
 *     supplied security ID.  Note that it is implicit that the packet is always
 *     being relabeled from the default unlabled value, and that the access
 *     control decision is made in the AVC.
 */
int selinux_relabel_packet_permission(u32 sid);
 
#else
 
static inline int selinux_audit_rule_init(u32 field, u32 op,
                                          char *rulestr,
                                          struct selinux_audit_rule **rule)
{
        return -EOPNOTSUPP;
}
 
static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
{
        return;
}
 
static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
                                           struct selinux_audit_rule *rule,
                                           struct audit_context *actx)
{
        return 0;
}
 
static inline void selinux_audit_set_callback(int (*callback)(void))
{
        return;
}
 
static inline int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
{
       *ctx = NULL;
       *ctxlen = 0;
       return 0;
}
 
static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
{
        *sid = 0;
}
 
static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
{
        *sid = 0;
}
 
static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
{
        *sid = 0;
}
 
static inline int selinux_string_to_sid(const char *str, u32 *sid)
{
       *sid = 0;
       return 0;
}
 
static inline int selinux_relabel_packet_permission(u32 sid)
{
        return 0;
}
 
#endif  /* CONFIG_SECURITY_SELINUX */
 
#endif /* _LINUX_SELINUX_H */

Line No.	Rev	Author	Line
1	62	marcus.erl	`/*`
2			`* SELinux services exported to the rest of the kernel.`
3			`*`
4			`* Author: James Morris <jmorris@redhat.com>`
5			`*`
6			`* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>`
7			`* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>`
8			`* Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>`
9			`*`
10			`* This program is free software; you can redistribute it and/or modify`
11			`* it under the terms of the GNU General Public License version 2,`
12			`* as published by the Free Software Foundation.`
13			`*/`
14			`#ifndef _LINUX_SELINUX_H`
15			`#define _LINUX_SELINUX_H`
16
17			`struct selinux_audit_rule;`
18			`struct audit_context;`
19			`struct inode;`
20			`struct kern_ipc_perm;`
21
22			`#ifdef CONFIG_SECURITY_SELINUX`
23
24			`/**`
25			`* selinux_audit_rule_init - alloc/init an selinux audit rule structure.`
26			`* @field: the field this rule refers to`
27			`* @op: the operater the rule uses`
28			`* @rulestr: the text "target" of the rule`
29			`* @rule: pointer to the new rule structure returned via this`
30			`*`
31			`* Returns 0 if successful, -errno if not. On success, the rule structure`
32			`* will be allocated internally. The caller must free this structure with`
33			`* selinux_audit_rule_free() after use.`
34			`*/`
35			`int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,`
36			`struct selinux_audit_rule **rule);`
37
38			`/**`
39			`* selinux_audit_rule_free - free an selinux audit rule structure.`
40			`* @rule: pointer to the audit rule to be freed`
41			`*`
42			`* This will free all memory associated with the given rule.`
43			`* If @rule is NULL, no operation is performed.`
44			`*/`
45			`void selinux_audit_rule_free(struct selinux_audit_rule *rule);`
46
47			`/**`
48			`* selinux_audit_rule_match - determine if a context ID matches a rule.`
49			`* @sid: the context ID to check`
50			`* @field: the field this rule refers to`
51			`* @op: the operater the rule uses`
52			`* @rule: pointer to the audit rule to check against`
53			`* @actx: the audit context (can be NULL) associated with the check`
54			`*`
55			`* Returns 1 if the context id matches the rule, 0 if it does not, and`
56			`* -errno on failure.`
57			`*/`
58			`int selinux_audit_rule_match(u32 sid, u32 field, u32 op,`
59			`struct selinux_audit_rule *rule,`
60			`struct audit_context *actx);`
61
62			`/**`
63			`* selinux_audit_set_callback - set the callback for policy reloads.`
64			`* @callback: the function to call when the policy is reloaded`
65			`*`
66			`* This sets the function callback function that will update the rules`
67			`* upon policy reloads. This callback should rebuild all existing rules`
68			`* using selinux_audit_rule_init().`
69			`*/`
70			`void selinux_audit_set_callback(int (*callback)(void));`
71
72			`/**`
73			`* selinux_sid_to_string - map a security context ID to a string`
74			`* @sid: security context ID to be converted.`
75			`* @ctx: address of context string to be returned`
76			`* @ctxlen: length of returned context string.`
77			`*`
78			`* Returns 0 if successful, -errno if not. On success, the context`
79			`* string will be allocated internally, and the caller must call`
80			`* kfree() on it after use.`
81			`*/`
82			`int selinux_sid_to_string(u32 sid, char *ctx, u32 ctxlen);`
83
84			`/**`
85			`* selinux_get_inode_sid - get the inode's security context ID`
86			`* @inode: inode structure to get the sid from.`
87			`* @sid: pointer to security context ID to be filled in.`
88			`*`
89			`* Returns nothing`
90			`*/`
91			`void selinux_get_inode_sid(const struct inode inode, u32 sid);`
92
93			`/**`
94			`* selinux_get_ipc_sid - get the ipc security context ID`
95			`* @ipcp: ipc structure to get the sid from.`
96			`* @sid: pointer to security context ID to be filled in.`
97			`*`
98			`* Returns nothing`
99			`*/`
100			`void selinux_get_ipc_sid(const struct kern_ipc_perm ipcp, u32 sid);`
101
102			`/**`
103			`* selinux_get_task_sid - return the SID of task`
104			`* @tsk: the task whose SID will be returned`
105			`* @sid: pointer to security context ID to be filled in.`
106			`*`
107			`* Returns nothing`
108			`*/`
109			`void selinux_get_task_sid(struct task_struct tsk, u32 sid);`
110
111			`/**`
112			`* selinux_string_to_sid - map a security context string to a security ID`
113			`* @str: the security context string to be mapped`
114			`* @sid: ID value returned via this.`
115			`*`
116			`* Returns 0 if successful, with the SID stored in sid. A value`
117			`* of zero for sid indicates no SID could be determined (but no error`
118			`* occurred).`
119			`*/`
120			`int selinux_string_to_sid(char str, u32 sid);`
121
122			`/**`
123			`* selinux_relabel_packet_permission - check permission to relabel a packet`
124			`* @sid: ID value to be applied to network packet (via SECMARK, most likely)`
125			`*`
126			`* Returns 0 if the current task is allowed to label packets with the`
127			`* supplied security ID. Note that it is implicit that the packet is always`
128			`* being relabeled from the default unlabled value, and that the access`
129			`* control decision is made in the AVC.`
130			`*/`
131			`int selinux_relabel_packet_permission(u32 sid);`
132
133			`#else`
134
135			`static inline int selinux_audit_rule_init(u32 field, u32 op,`
136			`char *rulestr,`
137			`struct selinux_audit_rule **rule)`
138			`{`
139			`return -EOPNOTSUPP;`
140			`}`
141
142			`static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)`
143			`{`
144			`return;`
145			`}`
146
147			`static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op,`
148			`struct selinux_audit_rule *rule,`
149			`struct audit_context *actx)`
150			`{`
151			`return 0;`
152			`}`
153
154			`static inline void selinux_audit_set_callback(int (*callback)(void))`
155			`{`
156			`return;`
157			`}`
158
159			`static inline int selinux_sid_to_string(u32 sid, char *ctx, u32 ctxlen)`
160			`{`
161			`*ctx = NULL;`
162			`*ctxlen = 0;`
163			`return 0;`
164			`}`
165
166			`static inline void selinux_get_inode_sid(const struct inode inode, u32 sid)`
167			`{`
168			`*sid = 0;`
169			`}`
170
171			`static inline void selinux_get_ipc_sid(const struct kern_ipc_perm ipcp, u32 sid)`
172			`{`
173			`*sid = 0;`
174			`}`
175
176			`static inline void selinux_get_task_sid(struct task_struct tsk, u32 sid)`
177			`{`
178			`*sid = 0;`
179			`}`
180
181			`static inline int selinux_string_to_sid(const char str, u32 sid)`
182			`{`
183			`*sid = 0;`
184			`return 0;`
185			`}`
186
187			`static inline int selinux_relabel_packet_permission(u32 sid)`
188			`{`
189			`return 0;`
190			`}`
191
192			`#endif /* CONFIG_SECURITY_SELINUX */`
193
194			`#endif /* _LINUX_SELINUX_H */`

Browse

Tools

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [include/] [linux/] [selinux.h] - Blame information for rev 81