]> bbs.cooldavid.org Git - net-next-2.6.git/blame - include/linux/selinux.h
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
kmemleak: Annotate false positive in init_section_page_cgroup()
[net-next-2.6.git] / include / linux / selinux.h
CommitLineData
376bd9cb
DG		 1/*
2 * SELinux services exported to the rest of the kernel.
3 *
4 * Author: James Morris <jmorris@redhat.com>
5 *
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
e7c34970 8 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
376bd9cb
DG		 9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
13 */
14#ifndef _LINUX_SELINUX_H
15#define _LINUX_SELINUX_H
16
17struct selinux_audit_rule;
18struct audit_context;
9c7aa6aa 19struct kern_ipc_perm;
376bd9cb
DG		 20
21#ifdef CONFIG_SECURITY_SELINUX
22
c749b29f
JM		 23/**
24 * selinux_string_to_sid - map a security context string to a security ID
25 * @str: the security context string to be mapped
26 * @sid: ID value returned via this.
27 *
28 * Returns 0 if successful, with the SID stored in sid. A value
29 * of zero for sid indicates no SID could be determined (but no error
30 * occurred).
31 */
32int selinux_string_to_sid(char *str, u32 *sid);
33
34/**
d621d35e
PM		 35 * selinux_secmark_relabel_packet_permission - secmark permission check
36 * @sid: SECMARK ID value to be applied to network packet
c749b29f 37 *
d621d35e
PM		 38 * Returns 0 if the current task is allowed to set the SECMARK label of
39 * packets with the supplied security ID. Note that it is implicit that
40 * the packet is always being relabeled from the default unlabeled value,
41 * and that the access control decision is made in the AVC.
c749b29f 42 */
d621d35e 43int selinux_secmark_relabel_packet_permission(u32 sid);
e7c34970 44
d621d35e
PM		 45/**
46 * selinux_secmark_refcount_inc - increments the secmark use counter
47 *
48 * SELinux keeps track of the current SECMARK targets in use so it knows
49 * when to apply SECMARK label access checks to network packets. This
50 * function incements this reference count to indicate that a new SECMARK
51 * target has been configured.
52 */
53void selinux_secmark_refcount_inc(void);
54
55/**
56 * selinux_secmark_refcount_dec - decrements the secmark use counter
57 *
58 * SELinux keeps track of the current SECMARK targets in use so it knows
59 * when to apply SECMARK label access checks to network packets. This
60 * function decements this reference count to indicate that one of the
61 * existing SECMARK targets has been removed/flushed.
62 */
63void selinux_secmark_refcount_dec(void);
ed868a56
EP		 64
65/**
66 * selinux_is_enabled - is SELinux enabled?
67 */
68bool selinux_is_enabled(void);
376bd9cb
DG		 69#else
70
c749b29f
JM		 71static inline int selinux_string_to_sid(const char *str, u32 *sid)
72{
73 *sid = 0;
74 return 0;
75}
76
d621d35e 77static inline int selinux_secmark_relabel_packet_permission(u32 sid)
c749b29f
JM		 78{
79 return 0;
80}
81
d621d35e
PM		 82static inline void selinux_secmark_refcount_inc(void)
83{
84 return;
85}
86
87static inline void selinux_secmark_refcount_dec(void)
88{
89 return;
90}
91
8a478905 92static inline bool selinux_is_enabled(void)
ed868a56
EP		 93{
94 return false;
95}
376bd9cb
DG		 96#endif /* CONFIG_SECURITY_SELINUX */
97
98#endif /* _LINUX_SELINUX_H */
Clone of davem's net-next-2.6 tree