security.h revision 782ebb992ec20b5afdd5786ee8c2f1b58b631f24
1/* 2 * Security server interface. 3 * 4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 5 * 6 */ 7 8#ifndef _SELINUX_SECURITY_H_ 9#define _SELINUX_SECURITY_H_ 10 11#include "flask.h" 12 13#define SECSID_NULL 0x00000000 /* unspecified SID */ 14#define SECSID_WILD 0xffffffff /* wildcard SID */ 15#define SECCLASS_NULL 0x0000 /* no class */ 16 17#define SELINUX_MAGIC 0xf97cff8c 18 19/* Identify specific policy version changes */ 20#define POLICYDB_VERSION_BASE 15 21#define POLICYDB_VERSION_BOOL 16 22#define POLICYDB_VERSION_IPV6 17 23#define POLICYDB_VERSION_NLCLASS 18 24#define POLICYDB_VERSION_VALIDATETRANS 19 25#define POLICYDB_VERSION_MLS 19 26#define POLICYDB_VERSION_AVTAB 20 27 28/* Range of policy versions we understand*/ 29#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE 30#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB 31 32#ifdef CONFIG_SECURITY_SELINUX_BOOTPARAM 33extern int selinux_enabled; 34#else 35#define selinux_enabled 1 36#endif 37 38extern int selinux_mls_enabled; 39 40int security_load_policy(void * data, size_t len); 41 42struct av_decision { 43 u32 allowed; 44 u32 decided; 45 u32 auditallow; 46 u32 auditdeny; 47 u32 seqno; 48}; 49 50int security_compute_av(u32 ssid, u32 tsid, 51 u16 tclass, u32 requested, 52 struct av_decision *avd); 53 54int security_transition_sid(u32 ssid, u32 tsid, 55 u16 tclass, u32 *out_sid); 56 57int security_member_sid(u32 ssid, u32 tsid, 58 u16 tclass, u32 *out_sid); 59 60int security_change_sid(u32 ssid, u32 tsid, 61 u16 tclass, u32 *out_sid); 62 63int security_sid_to_context(u32 sid, char **scontext, 64 u32 *scontext_len); 65 66int security_context_to_sid(char *scontext, u32 scontext_len, 67 u32 *out_sid); 68 69int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid); 70 71int security_get_user_sids(u32 callsid, char *username, 72 u32 **sids, u32 *nel); 73 74int security_port_sid(u16 domain, u16 type, u8 protocol, u16 port, 75 u32 *out_sid); 76 77int security_netif_sid(char *name, u32 *if_sid, 78 u32 *msg_sid); 79 80int security_node_sid(u16 domain, void *addr, u32 addrlen, 81 u32 *out_sid); 82 83int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, 84 u16 tclass); 85 86#define SECURITY_FS_USE_XATTR 1 /* use xattr */ 87#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ 88#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ 89#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */ 90#define SECURITY_FS_USE_NONE 5 /* no labeling support */ 91#define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ 92 93int security_fs_use(const char *fstype, unsigned int *behavior, 94 u32 *sid); 95 96int security_genfs_sid(const char *fstype, char *name, u16 sclass, 97 u32 *sid); 98 99#endif /* _SELINUX_SECURITY_H_ */ 100 101