2005-04-16 22:20:36 +00:00
|
|
|
/*
|
|
|
|
* NSA Security-Enhanced Linux (SELinux) security module
|
|
|
|
*
|
|
|
|
* This file contains the SELinux security data structures for kernel objects.
|
|
|
|
*
|
|
|
|
* Author(s): Stephen Smalley, <sds@epoch.ncsc.mil>
|
2008-04-22 21:46:10 +00:00
|
|
|
* Chris Vance, <cvance@nai.com>
|
|
|
|
* Wayne Salamon, <wsalamon@nai.com>
|
|
|
|
* James Morris <jmorris@redhat.com>
|
2005-04-16 22:20:36 +00:00
|
|
|
*
|
|
|
|
* Copyright (C) 2001,2002 Networks Associates Technology, Inc.
|
|
|
|
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2,
|
2008-04-22 21:46:10 +00:00
|
|
|
* as published by the Free Software Foundation.
|
2005-04-16 22:20:36 +00:00
|
|
|
*/
|
|
|
|
#ifndef _SELINUX_OBJSEC_H_
|
|
|
|
#define _SELINUX_OBJSEC_H_
|
|
|
|
|
|
|
|
#include <linux/list.h>
|
|
|
|
#include <linux/sched.h>
|
|
|
|
#include <linux/fs.h>
|
|
|
|
#include <linux/binfmts.h>
|
|
|
|
#include <linux/in.h>
|
2006-11-17 22:38:53 +00:00
|
|
|
#include <linux/spinlock.h>
|
2005-04-16 22:20:36 +00:00
|
|
|
#include "flask.h"
|
|
|
|
#include "avc.h"
|
|
|
|
|
|
|
|
struct task_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
u32 osid; /* SID prior to last execve */
|
|
|
|
u32 sid; /* current SID */
|
|
|
|
u32 exec_sid; /* exec SID */
|
|
|
|
u32 create_sid; /* fscreate SID */
|
|
|
|
u32 keycreate_sid; /* keycreate SID */
|
|
|
|
u32 sockcreate_sid; /* fscreate SID */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct inode_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
struct inode *inode; /* back pointer to inode object */
|
|
|
|
struct list_head list; /* list of inode_security_struct */
|
|
|
|
u32 task_sid; /* SID of creating task */
|
|
|
|
u32 sid; /* SID of this object */
|
|
|
|
u16 sclass; /* security class of this object */
|
|
|
|
unsigned char initialized; /* initialization flag */
|
2008-05-18 11:32:57 +00:00
|
|
|
struct mutex lock;
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct file_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
u32 sid; /* SID of open file description */
|
|
|
|
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
|
|
|
u32 isid; /* SID of inode at the time of file open */
|
|
|
|
u32 pseqno; /* Policy seqno at the time of file open */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct superblock_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
struct super_block *sb; /* back pointer to sb object */
|
2006-07-10 11:43:53 +00:00
|
|
|
u32 sid; /* SID of file system superblock */
|
2005-04-16 22:20:36 +00:00
|
|
|
u32 def_sid; /* default SID for labeling */
|
2006-07-10 11:43:53 +00:00
|
|
|
u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
|
2008-04-22 21:46:10 +00:00
|
|
|
unsigned int behavior; /* labeling behavior */
|
2007-11-30 18:00:35 +00:00
|
|
|
unsigned char flags; /* which mount options were specified */
|
2006-09-26 06:32:02 +00:00
|
|
|
struct mutex lock;
|
2005-04-16 22:20:36 +00:00
|
|
|
struct list_head isec_head;
|
|
|
|
spinlock_t isec_lock;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct msg_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
u32 sid; /* SID of message */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct ipc_security_struct {
|
|
|
|
u16 sclass; /* security class of this object */
|
2008-04-22 21:46:10 +00:00
|
|
|
u32 sid; /* SID of IPC resource */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
struct netif_security_struct {
|
2008-01-29 13:38:08 +00:00
|
|
|
int ifindex; /* device index */
|
|
|
|
u32 sid; /* SID for this interface */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
2008-01-29 13:38:13 +00:00
|
|
|
struct netnode_security_struct {
|
|
|
|
union {
|
|
|
|
__be32 ipv4; /* IPv4 node address */
|
|
|
|
struct in6_addr ipv6; /* IPv6 node address */
|
|
|
|
} addr;
|
|
|
|
u32 sid; /* SID for this node */
|
|
|
|
u16 family; /* address family */
|
|
|
|
};
|
|
|
|
|
2008-04-10 14:48:14 +00:00
|
|
|
struct netport_security_struct {
|
|
|
|
u32 sid; /* SID for this node */
|
|
|
|
u16 port; /* port number */
|
|
|
|
u8 protocol; /* transport protocol */
|
|
|
|
};
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
struct sk_security_struct {
|
2008-01-29 13:38:23 +00:00
|
|
|
#ifdef CONFIG_NETLABEL
|
2006-08-05 06:17:57 +00:00
|
|
|
enum { /* NetLabel state */
|
|
|
|
NLBL_UNSET = 0,
|
|
|
|
NLBL_REQUIRE,
|
|
|
|
NLBL_LABELED,
|
2008-10-10 14:16:32 +00:00
|
|
|
NLBL_REQSKB,
|
2008-10-10 14:16:33 +00:00
|
|
|
NLBL_CONNLABELED,
|
2006-08-05 06:17:57 +00:00
|
|
|
} nlbl_state;
|
2008-10-10 14:16:33 +00:00
|
|
|
struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
|
2006-08-05 06:17:57 +00:00
|
|
|
#endif
|
2008-10-10 14:16:33 +00:00
|
|
|
u32 sid; /* SID of this object */
|
|
|
|
u32 peer_sid; /* SID of peer */
|
|
|
|
u16 sclass; /* sock security class */
|
2005-04-16 22:20:36 +00:00
|
|
|
};
|
|
|
|
|
2013-01-14 07:12:19 +00:00
|
|
|
struct tun_security_struct {
|
|
|
|
u32 sid; /* SID for the tun device sockets */
|
|
|
|
};
|
|
|
|
|
2006-06-22 21:47:17 +00:00
|
|
|
struct key_security_struct {
|
2008-04-22 21:46:10 +00:00
|
|
|
u32 sid; /* SID of key */
|
2006-06-22 21:47:17 +00:00
|
|
|
};
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
extern unsigned int selinux_checkreqprot;
|
|
|
|
|
|
|
|
#endif /* _SELINUX_OBJSEC_H_ */
|