blob: 82e0f26a12996a1bcce6efddd07e734313162c19 [file] [log] [blame]
Darrel Goeddel376bd9c2006-02-24 15:44:05 -06001/*
2 * SELinux services exported to the rest of the kernel.
3 *
4 * Author: James Morris <jmorris@redhat.com>
5 *
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
Steve Grubbe7c34972006-04-03 09:08:13 -04008 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
Darrel Goeddel376bd9c2006-02-24 15:44:05 -06009 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
13 */
14#ifndef _LINUX_SELINUX_H
15#define _LINUX_SELINUX_H
16
17struct selinux_audit_rule;
18struct audit_context;
Steve Grubb9c7aa6a2006-03-31 15:22:49 -050019struct kern_ipc_perm;
Darrel Goeddel376bd9c2006-02-24 15:44:05 -060020
21#ifdef CONFIG_SECURITY_SELINUX
22
23/**
James Morrisc749b292006-06-09 00:28:25 -070024 * selinux_string_to_sid - map a security context string to a security ID
25 * @str: the security context string to be mapped
26 * @sid: ID value returned via this.
27 *
28 * Returns 0 if successful, with the SID stored in sid. A value
29 * of zero for sid indicates no SID could be determined (but no error
30 * occurred).
31 */
32int selinux_string_to_sid(char *str, u32 *sid);
33
34/**
Paul Moored621d352008-01-29 08:43:36 -050035 * selinux_secmark_relabel_packet_permission - secmark permission check
36 * @sid: SECMARK ID value to be applied to network packet
James Morrisc749b292006-06-09 00:28:25 -070037 *
Paul Moored621d352008-01-29 08:43:36 -050038 * Returns 0 if the current task is allowed to set the SECMARK label of
39 * packets with the supplied security ID. Note that it is implicit that
40 * the packet is always being relabeled from the default unlabeled value,
41 * and that the access control decision is made in the AVC.
James Morrisc749b292006-06-09 00:28:25 -070042 */
Paul Moored621d352008-01-29 08:43:36 -050043int selinux_secmark_relabel_packet_permission(u32 sid);
Steve Grubbe7c34972006-04-03 09:08:13 -040044
Paul Moored621d352008-01-29 08:43:36 -050045/**
46 * selinux_secmark_refcount_inc - increments the secmark use counter
47 *
48 * SELinux keeps track of the current SECMARK targets in use so it knows
49 * when to apply SECMARK label access checks to network packets. This
50 * function incements this reference count to indicate that a new SECMARK
51 * target has been configured.
52 */
53void selinux_secmark_refcount_inc(void);
54
55/**
56 * selinux_secmark_refcount_dec - decrements the secmark use counter
57 *
58 * SELinux keeps track of the current SECMARK targets in use so it knows
59 * when to apply SECMARK label access checks to network packets. This
60 * function decements this reference count to indicate that one of the
61 * existing SECMARK targets has been removed/flushed.
62 */
63void selinux_secmark_refcount_dec(void);
Eric Parised868a52009-09-12 22:54:10 -040064
65/**
66 * selinux_is_enabled - is SELinux enabled?
67 */
68bool selinux_is_enabled(void);
Darrel Goeddel376bd9c2006-02-24 15:44:05 -060069#else
70
James Morrisc749b292006-06-09 00:28:25 -070071static inline int selinux_string_to_sid(const char *str, u32 *sid)
72{
73 *sid = 0;
74 return 0;
75}
76
Paul Moored621d352008-01-29 08:43:36 -050077static inline int selinux_secmark_relabel_packet_permission(u32 sid)
James Morrisc749b292006-06-09 00:28:25 -070078{
79 return 0;
80}
81
Paul Moored621d352008-01-29 08:43:36 -050082static inline void selinux_secmark_refcount_inc(void)
83{
84 return;
85}
86
87static inline void selinux_secmark_refcount_dec(void)
88{
89 return;
90}
91
Eric Paris8a478902009-09-14 20:59:48 -040092static inline bool selinux_is_enabled(void)
Eric Parised868a52009-09-12 22:54:10 -040093{
94 return false;
95}
Darrel Goeddel376bd9c2006-02-24 15:44:05 -060096#endif /* CONFIG_SECURITY_SELINUX */
97
98#endif /* _LINUX_SELINUX_H */