1 /*
2 * NSA Security-Enhanced Linux (SELinux) security module
3 *
4 * This file contains the SELinux security data structures for kernel objects.
5 *
6 * Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
7 * Chris Vance, <cvance@nai.com>
8 * Wayne Salamon, <wsalamon@nai.com>
9 * James Morris <jmorris@redhat.com>
10 *
11 * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2,
16 * as published by the Free Software Foundation.
17 */
18 #ifndef _SELINUX_OBJSEC_H_
19 #define _SELINUX_OBJSEC_H_
20
21 #include <linux/list.h>
22 #include <linux/sched.h>
23 #include <linux/fs.h>
24 #include <linux/binfmts.h>
25 #include <linux/in.h>
26 #include <linux/spinlock.h>
27 #include "flask.h"
28 #include "avc.h"
29
30 struct task_security_struct {
31 u32 osid; /* SID prior to last execve */
32 u32 sid; /* current SID */
33 u32 exec_sid; /* exec SID */
34 u32 create_sid; /* fscreate SID */
35 u32 keycreate_sid; /* keycreate SID */
36 u32 sockcreate_sid; /* fscreate SID */
37 };
38
39 struct inode_security_struct {
40 struct inode *inode; /* back pointer to inode object */
41 struct list_head list; /* list of inode_security_struct */
42 u32 task_sid; /* SID of creating task */
43 u32 sid; /* SID of this object */
44 u16 sclass; /* security class of this object */
45 unsigned char initialized; /* initialization flag */
46 struct mutex lock;
47 };
48
49 struct file_security_struct {
50 u32 sid; /* SID of open file description */
51 u32 fown_sid; /* SID of file owner (for SIGIO) */
52 u32 isid; /* SID of inode at the time of file open */
53 u32 pseqno; /* Policy seqno at the time of file open */
54 };
55
56 struct superblock_security_struct {
57 struct super_block *sb; /* back pointer to sb object */
58 struct list_head list; /* list of superblock_security_struct */
59 u32 sid; /* SID of file system superblock */
60 u32 def_sid; /* default SID for labeling */
61 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
62 unsigned int behavior; /* labeling behavior */
63 unsigned char flags; /* which mount options were specified */
64 struct mutex lock;
65 struct list_head isec_head;
66 spinlock_t isec_lock;
67 };
68
69 struct msg_security_struct {
70 u32 sid; /* SID of message */
71 };
72
73 struct ipc_security_struct {
74 u16 sclass; /* security class of this object */
75 u32 sid; /* SID of IPC resource */
76 };
77
78 struct netif_security_struct {
79 int ifindex; /* device index */
80 u32 sid; /* SID for this interface */
81 };
82
83 struct netnode_security_struct {
84 union {
85 __be32 ipv4; /* IPv4 node address */
86 struct in6_addr ipv6; /* IPv6 node address */
87 } addr;
88 u32 sid; /* SID for this node */
89 u16 family; /* address family */
90 };
91
92 struct netport_security_struct {
93 u32 sid; /* SID for this node */
94 u16 port; /* port number */
95 u8 protocol; /* transport protocol */
96 };
97
98 struct sk_security_struct {
99 #ifdef CONFIG_NETLABEL
100 enum { /* NetLabel state */
101 NLBL_UNSET = 0,
102 NLBL_REQUIRE,
103 NLBL_LABELED,
104 NLBL_REQSKB,
105 NLBL_CONNLABELED,
106 } nlbl_state;
107 struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
108 #endif
109 u32 sid; /* SID of this object */
110 u32 peer_sid; /* SID of peer */
111 u16 sclass; /* sock security class */
112 };
113
114 struct key_security_struct {
115 u32 sid; /* SID of key */
116 };
117
118 extern unsigned int selinux_checkreqprot;
119
120 #endif /* _SELINUX_OBJSEC_H_ */
121
|
This page was automatically generated by the
LXR engine.
|