SELinux: allow userspace to read policy back out of the kernel

There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Eric Paris <eparis@redhat.com> 2010-10-13 17:50:25 -0400
committer: James Morris <jmorris@namei.org> 2010-10-21 10:12:58 +1100
commit: cee74f47a6baba0ac457e87687fdcf0abd599f0a (patch)
tree: 3d9fdb073050664e62d9cdb6c28112090cd138da /security/selinux/ss/avtab.h
parent: 00d85c83ac52e2c1a66397f1abc589f80c543425 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 32bd8b39f82..dff0c75345c 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -71,6 +71,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 		    void *p);
 
 int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
+int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp);
+int avtab_write(struct policydb *p, struct avtab *a, void *fp);
 
 struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
 					  struct avtab_datum *datum);
author	Eric Paris <eparis@redhat.com>	2010-10-13 17:50:25 -0400
committer	James Morris <jmorris@namei.org>	2010-10-21 10:12:58 +1100
commit	cee74f47a6baba0ac457e87687fdcf0abd599f0a (patch)
tree	3d9fdb073050664e62d9cdb6c28112090cd138da /security/selinux/ss/avtab.h
parent	00d85c83ac52e2c1a66397f1abc589f80c543425 (diff)