SELinux: allow userspace to read policy back out of the kernel There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: cee74f47a6baba0ac457e87687fdcf0abd599f0a [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Oct 13 17:50:25 2010 -0400
committer: James Morris <jmorris@namei.org> Thu Oct 21 10:12:58 2010 +1100
tree: 3d9fdb073050664e62d9cdb6c28112090cd138da
parent: 00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 611a526..671273e 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h

@@ -83,6 +83,8 @@
 int security_mls_enabled(void);
 
 int security_load_policy(void *data, size_t len);
+int security_read_policy(void **data, ssize_t *len);
+size_t security_policydb_len(void);
 
 int security_policycap_supported(unsigned int req_cap);
commit	cee74f47a6baba0ac457e87687fdcf0abd599f0a	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Oct 13 17:50:25 2010 -0400
committer	James Morris <jmorris@namei.org>	Thu Oct 21 10:12:58 2010 +1100
tree	3d9fdb073050664e62d9cdb6c28112090cd138da
parent	00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]