diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-10 12:44:43 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-10 12:44:43 -0700 |
| commit | c54dcd8ec9f05c8951d1e622e90904aef95379f9 (patch) | |
| tree | 6f657b3ec509975c0f295197156e2bbc530457a2 /security/selinux/include/security.h | |
| parent | b11ce8a26d26ed9019a8803aa90d580b52f23e79 (diff) | |
| parent | 9ac684fc38cf17fbd25c0c9e388713c5ddfa3b14 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()
selinux: use default proc sid on symlinks
file capabilities: uninline cap_safe_nice
Update selinux info in MAINTAINERS and Kconfig help text
SELinux: add gitignore file for mdp script
SELinux: add boundary support and thread context assignment
securityfs: do not depend on CONFIG_SECURITY
selinux: add support for installing a dummy policy (v2)
security: add/fix security kernel-doc
selinux: Unify for- and while-loop style
selinux: conditional expression type validation was off-by-one
smack: limit privilege by label
SELinux: Fix a potentially uninitialised variable in SELinux hooks
SELinux: trivial, remove unneeded local variable
SELinux: Trivial minor fixes that change C null character style
make selinux_write_opts() static
Diffstat (limited to 'security/selinux/include/security.h')
| -rw-r--r-- | security/selinux/include/security.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 7c543003d65..72447370bc9 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -27,13 +27,14 @@ #define POLICYDB_VERSION_RANGETRANS 21 #define POLICYDB_VERSION_POLCAP 22 #define POLICYDB_VERSION_PERMISSIVE 23 +#define POLICYDB_VERSION_BOUNDARY 24 /* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE #ifdef CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX #define POLICYDB_VERSION_MAX CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE #else -#define POLICYDB_VERSION_MAX POLICYDB_VERSION_PERMISSIVE +#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY #endif #define CONTEXT_MNT 0x01 @@ -62,6 +63,16 @@ enum { extern int selinux_policycap_netpeer; extern int selinux_policycap_openperm; +/* + * type_datum properties + * available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY + */ +#define TYPEDATUM_PROPERTY_PRIMARY 0x0001 +#define TYPEDATUM_PROPERTY_ATTRIBUTE 0x0002 + +/* limitation of boundary depth */ +#define POLICYDB_BOUNDS_MAXDEPTH 4 + int security_load_policy(void *data, size_t len); int security_policycap_supported(unsigned int req_cap); @@ -117,6 +128,8 @@ int security_node_sid(u16 domain, void *addr, u32 addrlen, int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, u16 tclass); +int security_bounded_transition(u32 oldsid, u32 newsid); + int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid); int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, |