Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags   |
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/selinux/include/security.h 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Security server interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #ifndef _SELINUX_SECURITY_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #define _SELINUX_SECURITY_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/compiler.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/dcache.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/magic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/rcupdate.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/refcount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/workqueue.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include "flask.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include "policycap.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #define SECSID_NULL			0x00000000 /* unspecified SID */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) #define SECSID_WILD			0xffffffff /* wildcard SID */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) #define SECCLASS_NULL			0x0000 /* no class */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) /* Identify specific policy version changes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) #define POLICYDB_VERSION_BASE		15
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #define POLICYDB_VERSION_BOOL		16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) #define POLICYDB_VERSION_IPV6		17
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #define POLICYDB_VERSION_NLCLASS	18
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) #define POLICYDB_VERSION_VALIDATETRANS	19
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) #define POLICYDB_VERSION_MLS		19
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) #define POLICYDB_VERSION_AVTAB		20
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) #define POLICYDB_VERSION_RANGETRANS	21
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) #define POLICYDB_VERSION_POLCAP		22
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) #define POLICYDB_VERSION_PERMISSIVE	23
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #define POLICYDB_VERSION_BOUNDARY	24
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #define POLICYDB_VERSION_FILENAME_TRANS	25
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #define POLICYDB_VERSION_ROLETRANS	26
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	27
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) #define POLICYDB_VERSION_DEFAULT_TYPE	28
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) #define POLICYDB_VERSION_CONSTRAINT_NAMES	29
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) #define POLICYDB_VERSION_XPERMS_IOCTL	30
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) #define POLICYDB_VERSION_INFINIBAND		31
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) #define POLICYDB_VERSION_GLBLUB		32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) #define POLICYDB_VERSION_COMP_FTRANS	33 /* compressed filename transitions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) /* Range of policy versions we understand*/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) #define POLICYDB_VERSION_MIN   POLICYDB_VERSION_BASE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) #define POLICYDB_VERSION_MAX   POLICYDB_VERSION_COMP_FTRANS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) /* Mask for just the mount related flags */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) #define SE_MNTMASK	0x0f
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) /* Super block security struct flags for mount options */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) /* BE CAREFUL, these need to be the low order bits for selinux_get_mnt_opts */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) #define CONTEXT_MNT	0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) #define FSCONTEXT_MNT	0x02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) #define ROOTCONTEXT_MNT	0x04
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) #define DEFCONTEXT_MNT	0x08
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) #define SBLABEL_MNT	0x10
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) /* Non-mount related flags */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) #define SE_SBINITIALIZED	0x0100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) #define SE_SBPROC		0x0200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) #define SE_SBGENFS		0x0400
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) #define SE_SBGENFS_XATTR	0x0800
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) #define CONTEXT_STR	"context"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) #define FSCONTEXT_STR	"fscontext"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) #define ROOTCONTEXT_STR	"rootcontext"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) #define DEFCONTEXT_STR	"defcontext"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) #define SECLABEL_STR "seclabel"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) struct netlbl_lsm_secattr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) extern int selinux_enabled_boot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78)  * type_datum properties
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79)  * available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) #define TYPEDATUM_PROPERTY_PRIMARY	0x0001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) #define TYPEDATUM_PROPERTY_ATTRIBUTE	0x0002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) /* limitation of boundary depth  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) #define POLICYDB_BOUNDS_MAXDEPTH	4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) struct selinux_avc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) struct selinux_policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) struct selinux_state {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) #ifdef CONFIG_SECURITY_SELINUX_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	bool disabled;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	bool enforcing;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	bool checkreqprot;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	bool initialized;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	bool policycap[__POLICYDB_CAPABILITY_MAX];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	bool android_netlink_route;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	bool android_netlink_getneigh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	struct page *status_page;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	struct mutex status_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	struct selinux_avc *avc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	struct selinux_policy __rcu *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	struct mutex policy_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) } __randomize_layout;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) void selinux_avc_init(struct selinux_avc **avc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) extern struct selinux_state selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static inline bool selinux_initialized(const struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	/* do a synchronized load to avoid race conditions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	return smp_load_acquire(&state->initialized);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) static inline void selinux_mark_initialized(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	/* do a synchronized write to avoid race conditions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	smp_store_release(&state->initialized, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) static inline bool enforcing_enabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 	return READ_ONCE(state->enforcing);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) static inline void enforcing_set(struct selinux_state *state, bool value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	WRITE_ONCE(state->enforcing, value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) static inline bool enforcing_enabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) static inline void enforcing_set(struct selinux_state *state, bool value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) static inline bool checkreqprot_get(const struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	return READ_ONCE(state->checkreqprot);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) static inline void checkreqprot_set(struct selinux_state *state, bool value)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 	WRITE_ONCE(state->checkreqprot, value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) #ifdef CONFIG_SECURITY_SELINUX_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) static inline bool selinux_disabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	return READ_ONCE(state->disabled);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) static inline void selinux_mark_disabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	WRITE_ONCE(state->disabled, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) static inline bool selinux_disabled(struct selinux_state *state)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static inline bool selinux_policycap_netpeer(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) static inline bool selinux_policycap_openperm(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) static inline bool selinux_policycap_extsockclass(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) static inline bool selinux_policycap_alwaysnetwork(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) static inline bool selinux_policycap_cgroupseclabel(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) static inline bool selinux_policycap_nnp_nosuid_transition(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) static inline bool selinux_policycap_ioctl_skip_cloexec(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) static inline bool selinux_android_nlroute_getlink(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 	return state->android_netlink_route;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) static inline bool selinux_android_nlroute_getneigh(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	struct selinux_state *state = &selinux_state;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	return state->android_netlink_getneigh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) struct selinux_policy_convert_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) struct selinux_load_state {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	struct selinux_policy *policy;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	struct selinux_policy_convert_data *convert_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) int security_mls_enabled(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) int security_load_policy(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 			 void *data, size_t len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 			 struct selinux_load_state *load_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) void selinux_policy_commit(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 			   struct selinux_load_state *load_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) void selinux_policy_cancel(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 			   struct selinux_load_state *load_state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) int security_read_policy(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 			 void **data, size_t *len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) int security_policycap_supported(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 				 unsigned int req_cap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) #define SEL_VEC_MAX 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) struct av_decision {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	u32 allowed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	u32 auditallow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 	u32 auditdeny;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 	u32 seqno;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 	u32 flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) #define XPERMS_ALLOWED 1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) #define XPERMS_AUDITALLOW 2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) #define XPERMS_DONTAUDIT 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) #define security_xperm_set(perms, x) (perms[x >> 5] |= 1 << (x & 0x1f))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) #define security_xperm_test(perms, x) (1 & (perms[x >> 5] >> (x & 0x1f)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) struct extended_perms_data {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	u32 p[8];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) struct extended_perms_decision {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 	u8 used;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	u8 driver;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 	struct extended_perms_data *allowed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 	struct extended_perms_data *auditallow;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 	struct extended_perms_data *dontaudit;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) struct extended_perms {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 	u16 len;	/* length associated decision chain */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 	struct extended_perms_data drivers; /* flag drivers that are used */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) /* definitions of av_decision.flags */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) #define AVD_FLAGS_PERMISSIVE	0x0001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) void security_compute_av(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 			 u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 			 u16 tclass, struct av_decision *avd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) 			 struct extended_perms *xperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) void security_compute_xperms_decision(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) 				      u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 				      u8 driver,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) 				      struct extended_perms_decision *xpermd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) void security_compute_av_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) 			      u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) 			      u16 tclass, struct av_decision *avd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) int security_transition_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) 			    u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) 			    const struct qstr *qstr, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) int security_transition_sid_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) 				 u32 ssid, u32 tsid, u16 tclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) 				 const char *objname, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) int security_member_sid(struct selinux_state *state, u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) 			u16 tclass, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) int security_change_sid(struct selinux_state *state, u32 ssid, u32 tsid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) 			u16 tclass, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) int security_sid_to_context(struct selinux_state *state, u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) 			    char **scontext, u32 *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) int security_sid_to_context_force(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) 				  u32 sid, char **scontext, u32 *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) int security_sid_to_context_inval(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) 				  u32 sid, char **scontext, u32 *scontext_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) int security_context_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) 			    const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) 			    u32 *out_sid, gfp_t gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) int security_context_str_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) 				const char *scontext, u32 *out_sid, gfp_t gfp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) int security_context_to_sid_default(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) 				    const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) 				    u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) int security_context_to_sid_force(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) 				  const char *scontext, u32 scontext_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) 				  u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) int security_get_user_sids(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) 			   u32 callsid, char *username,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) 			   u32 **sids, u32 *nel);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) int security_port_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) 		      u8 protocol, u16 port, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) int security_ib_pkey_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) 			 u64 subnet_prefix, u16 pkey_num, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) int security_ib_endport_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) 			    const char *dev_name, u8 port_num, u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) int security_netif_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) 		       char *name, u32 *if_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) int security_node_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) 		      u16 domain, void *addr, u32 addrlen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) 		      u32 *out_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) int security_validate_transition(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) 				 u32 oldsid, u32 newsid, u32 tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) 				 u16 tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) int security_validate_transition_user(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) 				      u32 oldsid, u32 newsid, u32 tasksid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) 				      u16 tclass);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) int security_bounded_transition(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) 				u32 oldsid, u32 newsid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) int security_sid_mls_copy(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) 			  u32 sid, u32 mls_sid, u32 *new_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) int security_net_peersid_resolve(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) 				 u32 nlbl_sid, u32 nlbl_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) 				 u32 xfrm_sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) 				 u32 *peer_sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) int security_get_classes(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) 			 char ***classes, int *nclasses);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) int security_get_permissions(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) 			     char *class, char ***perms, int *nperms);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) int security_get_reject_unknown(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) int security_get_allow_unknown(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) #define SECURITY_FS_USE_XATTR		1 /* use xattr */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) #define SECURITY_FS_USE_TRANS		2 /* use transition SIDs, e.g. devpts/tmpfs */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) #define SECURITY_FS_USE_TASK		3 /* use task SIDs, e.g. pipefs/sockfs */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) #define SECURITY_FS_USE_GENFS		4 /* use the genfs support */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) #define SECURITY_FS_USE_NONE		5 /* no labeling support */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) #define SECURITY_FS_USE_MNTPOINT	6 /* use mountpoint labeling */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) #define SECURITY_FS_USE_NATIVE		7 /* use native label support */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) #define SECURITY_FS_USE_MAX		7 /* Highest SECURITY_FS_USE_XXX */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) int security_fs_use(struct selinux_state *state, struct super_block *sb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) int security_genfs_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) 		       const char *fstype, char *name, u16 sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) 		       u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) int selinux_policy_genfs_sid(struct selinux_policy *policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) 		       const char *fstype, char *name, u16 sclass,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) 		       u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418) #ifdef CONFIG_NETLABEL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) int security_netlbl_secattr_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) 				   struct netlbl_lsm_secattr *secattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) 				   u32 *sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) int security_netlbl_sid_to_secattr(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) 				   u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) 				   struct netlbl_lsm_secattr *secattr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) static inline int security_netlbl_secattr_to_sid(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) 					    struct netlbl_lsm_secattr *secattr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) 					    u32 *sid)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) 	return -EIDRM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) static inline int security_netlbl_sid_to_secattr(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) 					 u32 sid,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) 					 struct netlbl_lsm_secattr *secattr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) 	return -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) #endif /* CONFIG_NETLABEL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) const char *security_get_initial_sid_context(u32 sid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445)  * status notifier using mmap interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) extern struct page *selinux_kernel_status_page(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) #define SELINUX_KERNEL_STATUS_VERSION	1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) struct selinux_kernel_status {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) 	u32	version;	/* version number of thie structure */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) 	u32	sequence;	/* sequence number of seqlock logic */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) 	u32	enforcing;	/* current setting of enforcing mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) 	u32	policyload;	/* times of policy reloaded */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455) 	u32	deny_unknown;	/* current setting of deny_unknown */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) 	 * The version > 0 supports above members.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) } __packed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) extern void selinux_status_update_setenforce(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) 					     int enforcing);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) extern void selinux_status_update_policyload(struct selinux_state *state,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) 					     int seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) extern void selinux_complete_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) extern int selinux_disable(struct selinux_state *state);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) extern void exit_sel_fs(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) extern struct path selinux_null;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) extern struct vfsmount *selinuxfs_mount;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) extern void selnl_notify_setenforce(int val);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) extern void selnl_notify_policyload(u32 seqno);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) extern void avtab_cache_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) extern void ebitmap_cache_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) extern void hashtab_cache_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) extern int security_sidtab_hash_stats(struct selinux_state *state, char *page);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) extern void selinux_nlmsg_init(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) #endif /* _SELINUX_SECURITY_H_ */
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.