SELinux: allow userspace to read policy back out of the kernel There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: cee74f47a6baba0ac457e87687fdcf0abd599f0a [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Oct 13 17:50:25 2010 -0400
committer: James Morris <jmorris@namei.org> Thu Oct 21 10:12:58 2010 +1100
tree: 3d9fdb073050664e62d9cdb6c28112090cd138da
parent: 00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]
diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
index 53ddb01..3f209c6 100644
--- a/security/selinux/ss/conditional.h
+++ b/security/selinux/ss/conditional.h

@@ -69,6 +69,8 @@
 
 int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
 int cond_read_list(struct policydb *p, void *fp);
+int cond_write_bool(void *key, void *datum, void *ptr);
+int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
 
 void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd);
commit	cee74f47a6baba0ac457e87687fdcf0abd599f0a	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Oct 13 17:50:25 2010 -0400
committer	James Morris <jmorris@namei.org>	Thu Oct 21 10:12:58 2010 +1100
tree	3d9fdb073050664e62d9cdb6c28112090cd138da
parent	00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]