security: update selinux

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / security / selinux / include / avc.h

diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 28a08a891704a3f12adad6f37a7e8a306ac4d65f..768423c696b26b283af9115159f1f89e2ef8bfc3 100644 (file)
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -141,7 +141,8 @@ static inline int avc_audit(u32 ssid, u32 tsid,
                              a, flags);
 }
 
-#define AVC_STRICT 1 /* Ignore permissive mode. */
+#define AVC_STRICT 0
+#define AVC_EXTENDED_PERMS 2   /* update extended permissions */
 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
                         u16 tclass, u32 requested,
                         unsigned flags,
@@ -159,6 +160,9 @@ static inline int avc_has_perm(u32 ssid, u32 tsid,
        return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0);
 }
 
+int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
+               u8 driver, u8 perm, struct common_audit_data *ad);
+
 u32 avc_policy_seqno(void);
 
 #define AVC_CALLBACK_GRANT             1
@@ -169,6 +173,7 @@ u32 avc_policy_seqno(void);
 #define AVC_CALLBACK_AUDITALLOW_DISABLE        32
 #define AVC_CALLBACK_AUDITDENY_ENABLE  64
 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
+#define AVC_CALLBACK_ADD_XPERMS                256
 
 int avc_add_callback(int (*callback)(u32 event), u32 events);
 
@@ -184,4 +189,3 @@ DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
 #endif /* _SELINUX_AVC_H_ */
-