« back to all changes in this revision
Viewing changes to include/security.h
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Russell Coker
- Date: 2004-05-20 04:32:00 UTC
- Revision ID: james.westby@ubuntu.com-20040520043200-w4lzkx37dmmc3wt9
Tags: upstream-1.10
ImportĀ upstreamĀ versionĀ 1.10
- files added:
- include
- test
added
removed
include/security.h
1
2
/* -*- linux-c -*- */
3
4
/*
5
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
6
*/
7
8
#ifndef _LINUX_SECURITY_H_
9
#define _LINUX_SECURITY_H_
10
11
/*
12
* Security server interface.
13
*/
14
15
#include "flask_types.h"
16
#include "flask.h"
17
18
/* Initialize the security server */
19
int security_init(void);
20
21
/* Load the security policy. */
22
int security_load_policy(void * data, size_t len);
23
24
/*
25
* Compute access vectors based on a SID pair for
26
* the permissions in a particular class.
27
*/
28
struct av_decision {
29
access_vector_t allowed;
30
access_vector_t decided;
31
access_vector_t auditallow;
32
access_vector_t auditdeny;
33
__u32 seqno;
34
};
35
int security_compute_av(
36
security_id_t ssid, /* IN */
37
security_id_t tsid, /* IN */
38
security_class_t tclass, /* IN */
39
access_vector_t requested, /* IN */
40
struct av_decision *avd); /* OUT */
41
42
/*
43
* Compute a SID to use for labeling a new object in the
44
* class `tclass' based on a SID pair.
45
*/
46
int security_transition_sid(
47
security_id_t ssid, /* IN */
48
security_id_t tsid, /* IN */
49
security_class_t tclass, /* IN */
50
security_id_t *out_sid); /* OUT */
51
52
/*
53
* Compute a SID to use when selecting a member of a
54
* polyinstantiated object of class `tclass' based on
55
* a SID pair.
56
*/
57
int security_member_sid(
58
security_id_t ssid, /* IN */
59
security_id_t tsid, /* IN */
60
security_class_t tclass, /* IN */
61
security_id_t *out_sid); /* OUT */
62
63
/*
64
* Compute a SID to use for relabeling an object in the
65
* class `tclass' based on a SID pair.
66
*/
67
int security_change_sid(
68
security_id_t ssid, /* IN */
69
security_id_t tsid, /* IN */
70
security_class_t tclass, /* IN */
71
security_id_t *out_sid); /* OUT */
72
73
/*
74
* Write the security context string representation of
75
* the context associated with `sid' into a dynamically
76
* allocated string of the correct size. Set `*scontext'
77
* to point to this string and set `*scontext_len' to
78
* the length of the string.
79
*/
80
int security_sid_to_context(
81
security_id_t sid, /* IN */
82
security_context_t *scontext, /* OUT */
83
size_t *scontext_len); /* OUT */
84
85
/*
86
* Return a SID associated with the security context that
87
* has the string representation specified by `scontext'.
88
*/
89
int security_context_to_sid(
90
security_context_t scontext, /* IN */
91
size_t scontext_len, /* IN */
92
security_id_t *out_sid); /* OUT */
93
94
/*
95
* Generate the set of SIDs for legal security contexts
96
* for a given user that can be reached by `fromsid'.
97
* Set `*sids' to point to a dynamically allocated
98
* array containing the set of SIDs. Set `*nel' to the
99
* number of elements in the array.
100
*/
101
int security_get_user_sids(security_id_t callsid,
102
char *username,
103
security_id_t **sids,
104
__u32 *nel);
105
106
/*
107
* Return the SIDs to use for an unlabeled file system
108
* that is being mounted from the device with the
109
* the kdevname `name'. The `fs_sid' SID is returned for
110
* the file system and the `file_sid' SID is returned
111
* for all files within that file system.
112
*/
113
int security_fs_sid(
114
char *dev, /* IN */
115
security_id_t *fs_sid, /* OUT */
116
security_id_t *file_sid); /* OUT */
117
118
/*
119
* Return the SID of the port specified by
120
* `domain', `type', `protocol', and `port'.
121
*/
122
int security_port_sid(
123
__u16 domain,
124
__u16 type,
125
__u8 protocol,
126
__u16 port,
127
security_id_t *out_sid);
128
129
/*
130
* Return the SIDs to use for a network interface
131
* with the name `name'. The `if_sid' SID is returned for
132
* the interface and the `msg_sid' SID is returned as
133
* the default SID for messages received on the
134
* interface.
135
*/
136
int security_netif_sid(
137
char *name,
138
security_id_t *if_sid,
139
security_id_t *msg_sid);
140
141
/*
142
* Return the SID of the node specified by the address
143
* `addr' where `addrlen' is the length of the address
144
* in bytes and `domain' is the communications domain or
145
* address family in which the address should be interpreted.
146
*/
147
int security_node_sid(
148
__u16 domain,
149
void *addr,
150
size_t addrlen,
151
security_id_t *out_sid);
152
153
/*
154
* Return a value indicating how to handle labeling for the
155
* the specified filesystem type, and optionally return a SID
156
* for the filesystem object.
157
*/
158
#define SECURITY_FS_USE_XATTR 1 /* use xattr */
159
#define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */
160
#define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */
161
#define SECURITY_FS_USE_GENFS 4 /* use the genfs support */
162
#define SECURITY_FS_USE_NONE 5 /* no labeling support */
163
int security_fs_use(
164
const char *fstype, /* IN */
165
unsigned int *behavior, /* OUT */
166
security_id_t *sid); /* OUT */
167
168
/*
169
* Return the SID to use for a file in a filesystem
170
* that cannot support a persistent label mapping or use another
171
* fixed labeling behavior like transition SIDs or task SIDs.
172
*/
173
int security_genfs_sid(
174
const char *fstype, /* IN */
175
char *name, /* IN */
176
security_class_t sclass, /* IN */
177
security_id_t *sid); /* OUT */
178
179
#endif /* _LINUX_SECURITY_H_ */
180
Loggerhead is a web-based interface for Breezy
Version: 2.0.1