Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d / . / include / linux / selinux.h
blob: 413d66773b91ca6826e534bb011ae28c004c45f8 [file] [log] [blame]
Darrel Goeddel376bd9c2006-02-24 15:44:05 -0600[diff] [blame]1/*
2 * SELinux services exported to the rest of the kernel.
3 *
4 * Author: James Morris <jmorris@redhat.com>
5 *
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2,
11 * as published by the Free Software Foundation.
12 */
13#ifndef _LINUX_SELINUX_H
14#define _LINUX_SELINUX_H
15
16struct selinux_audit_rule;
17struct audit_context;
Steve Grubb1b50eed2006-04-03 14:06:13 -0400[diff] [blame]18struct inode;
Steve Grubb9c7aa6a2006-03-31 15:22:49 -0500[diff] [blame^]19struct kern_ipc_perm;
Darrel Goeddel376bd9c2006-02-24 15:44:05 -0600[diff] [blame]20
21#ifdef CONFIG_SECURITY_SELINUX
22
23/**
24 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
25 * @field: the field this rule refers to
26 * @op: the operater the rule uses
27 * @rulestr: the text "target" of the rule
28 * @rule: pointer to the new rule structure returned via this
29 *
30 * Returns 0 if successful, -errno if not. On success, the rule structure
31 * will be allocated internally. The caller must free this structure with
32 * selinux_audit_rule_free() after use.
33 */
34int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
35 struct selinux_audit_rule **rule);
36
37/**
38 * selinux_audit_rule_free - free an selinux audit rule structure.
39 * @rule: pointer to the audit rule to be freed
40 *
41 * This will free all memory associated with the given rule.
42 * If @rule is NULL, no operation is performed.
43 */
44void selinux_audit_rule_free(struct selinux_audit_rule *rule);
45
46/**
47 * selinux_audit_rule_match - determine if a context ID matches a rule.
48 * @ctxid: the context ID to check
49 * @field: the field this rule refers to
50 * @op: the operater the rule uses
51 * @rule: pointer to the audit rule to check against
52 * @actx: the audit context (can be NULL) associated with the check
53 *
54 * Returns 1 if the context id matches the rule, 0 if it does not, and
55 * -errno on failure.
56 */
57int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
58 struct selinux_audit_rule *rule,
59 struct audit_context *actx);
60
61/**
62 * selinux_audit_set_callback - set the callback for policy reloads.
63 * @callback: the function to call when the policy is reloaded
64 *
65 * This sets the function callback function that will update the rules
66 * upon policy reloads. This callback should rebuild all existing rules
67 * using selinux_audit_rule_init().
68 */
69void selinux_audit_set_callback(int (*callback)(void));
70
71/**
72 * selinux_task_ctxid - determine a context ID for a process.
73 * @tsk: the task object
74 * @ctxid: ID value returned via this
75 *
76 * On return, ctxid will contain an ID for the context. This value
77 * should only be used opaquely.
78 */
79void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
80
Steve Grubb1b50eed2006-04-03 14:06:13 -0400[diff] [blame]81/**
82 * selinux_ctxid_to_string - map a security context ID to a string
83 * @ctxid: security context ID to be converted.
84 * @ctx: address of context string to be returned
85 * @ctxlen: length of returned context string.
86 *
87 * Returns 0 if successful, -errno if not. On success, the context
88 * string will be allocated internally, and the caller must call
89 * kfree() on it after use.
90 */
91int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
92
93/**
94 * selinux_get_inode_sid - get the inode's security context ID
95 * @inode: inode structure to get the sid from.
96 * @sid: pointer to security context ID to be filled in.
97 *
98 * Returns nothing
99 */
100void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
101
Steve Grubb9c7aa6a2006-03-31 15:22:49 -0500[diff] [blame^]102/**
103 * selinux_get_ipc_sid - get the ipc security context ID
104 * @ipcp: ipc structure to get the sid from.
105 * @sid: pointer to security context ID to be filled in.
106 *
107 * Returns nothing
108 */
109void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
110
Darrel Goeddel376bd9c2006-02-24 15:44:05 -0600[diff] [blame]111#else
112
113static inline int selinux_audit_rule_init(u32 field, u32 op,
114 char *rulestr,
115 struct selinux_audit_rule **rule)
116{
117 return -ENOTSUPP;
118}
119
120static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
121{
122 return;
123}
124
125static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
126 struct selinux_audit_rule *rule,
127 struct audit_context *actx)
128{
129 return 0;
130}
131
132static inline void selinux_audit_set_callback(int (*callback)(void))
133{
134 return;
135}
136
137static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
138{
139 *ctxid = 0;
140}
141
Steve Grubb1b50eed2006-04-03 14:06:13 -0400[diff] [blame]142static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
143{
144 *ctx = NULL;
145 *ctxlen = 0;
146 return 0;
147}
148
149static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
150{
151 *sid = 0;
152}
153
Steve Grubb9c7aa6a2006-03-31 15:22:49 -0500[diff] [blame^]154static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
155{
156 *sid = 0;
157}
158
Darrel Goeddel376bd9c2006-02-24 15:44:05 -0600[diff] [blame]159#endif /* CONFIG_SECURITY_SELINUX */
160
161#endif /* _LINUX_SELINUX_H */