[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / selinux.h

/*
 * SELinux services exported to the rest of the kernel.
 *
 * Author: James Morris <jmorris@redhat.com>
 *
 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2,
 * as published by the Free Software Foundation.
 */
#ifndef _LINUX_SELINUX_H
#define _LINUX_SELINUX_H

struct selinux_audit_rule;
struct audit_context;
struct inode;

#ifdef CONFIG_SECURITY_SELINUX

/**
 *	selinux_audit_rule_init - alloc/init an selinux audit rule structure.
 *	@field: the field this rule refers to
 *	@op: the operater the rule uses
 *	@rulestr: the text "target" of the rule
 *	@rule: pointer to the new rule structure returned via this
 *
 *	Returns 0 if successful, -errno if not.  On success, the rule structure
 *	will be allocated internally.  The caller must free this structure with
 *	selinux_audit_rule_free() after use.
 */
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
                            struct selinux_audit_rule **rule);

/**
 *	selinux_audit_rule_free - free an selinux audit rule structure.
 *	@rule: pointer to the audit rule to be freed
 *
 *	This will free all memory associated with the given rule.
 *	If @rule is NULL, no operation is performed.
 */
void selinux_audit_rule_free(struct selinux_audit_rule *rule);

/**
 *	selinux_audit_rule_match - determine if a context ID matches a rule.
 *	@ctxid: the context ID to check
 *	@field: the field this rule refers to
 *	@op: the operater the rule uses
 *	@rule: pointer to the audit rule to check against
 *	@actx: the audit context (can be NULL) associated with the check
 *
 *	Returns 1 if the context id matches the rule, 0 if it does not, and
 *	-errno on failure.
 */
int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
                             struct selinux_audit_rule *rule,
                             struct audit_context *actx);

/**
 *	selinux_audit_set_callback - set the callback for policy reloads.
 *	@callback: the function to call when the policy is reloaded
 *
 *	This sets the function callback function that will update the rules
 *	upon policy reloads.  This callback should rebuild all existing rules
 *	using selinux_audit_rule_init().
 */
void selinux_audit_set_callback(int (*callback)(void));

/**
 *	selinux_task_ctxid - determine a context ID for a process.
 *	@tsk: the task object
 *	@ctxid: ID value returned via this
 *
 *	On return, ctxid will contain an ID for the context.  This value
 *	should only be used opaquely.
 */
void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);

/**
 *     selinux_ctxid_to_string - map a security context ID to a string
 *     @ctxid: security context ID to be converted.
 *     @ctx: address of context string to be returned
 *     @ctxlen: length of returned context string.
 *
 *     Returns 0 if successful, -errno if not.  On success, the context
 *     string will be allocated internally, and the caller must call
 *     kfree() on it after use.
 */
int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);

/**
 *     selinux_get_inode_sid - get the inode's security context ID
 *     @inode: inode structure to get the sid from.
 *     @sid: pointer to security context ID to be filled in.
 *
 *     Returns nothing
 */
void selinux_get_inode_sid(const struct inode *inode, u32 *sid);

#else

static inline int selinux_audit_rule_init(u32 field, u32 op,
                                          char *rulestr,
                                          struct selinux_audit_rule **rule)
{
	return -ENOTSUPP;
}

static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
{
	return;
}

static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
                                           struct selinux_audit_rule *rule,
                                           struct audit_context *actx)
{
	return 0;
}

static inline void selinux_audit_set_callback(int (*callback)(void))
{
	return;
}

static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
{
	*ctxid = 0;
}

static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
{
       *ctx = NULL;
       *ctxlen = 0;
       return 0;
}

static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
{
	*sid = 0;
}

#endif	/* CONFIG_SECURITY_SELINUX */

#endif /* _LINUX_SELINUX_H */
Commit	Line	Data
376bd9cb DG	1	/*
	2	* SELinux services exported to the rest of the kernel.
	3	*
	4	* Author: James Morris <jmorris@redhat.com>
	5	*
	6	* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
	7	* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License version 2,
	11	* as published by the Free Software Foundation.
	12	*/
	13	#ifndef _LINUX_SELINUX_H
	14	#define _LINUX_SELINUX_H
	15
	16	struct selinux_audit_rule;
	17	struct audit_context;
1b50eed9	18	struct inode;
376bd9cb DG	19
	20	#ifdef CONFIG_SECURITY_SELINUX
	21
	22	/**
	23	* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
	24	* @field: the field this rule refers to
	25	* @op: the operater the rule uses
	26	* @rulestr: the text "target" of the rule
	27	* @rule: pointer to the new rule structure returned via this
	28	*
	29	* Returns 0 if successful, -errno if not. On success, the rule structure
	30	* will be allocated internally. The caller must free this structure with
	31	* selinux_audit_rule_free() after use.
	32	*/
	33	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
	34	struct selinux_audit_rule **rule);
	35
	36	/**
	37	* selinux_audit_rule_free - free an selinux audit rule structure.
	38	* @rule: pointer to the audit rule to be freed
	39	*
	40	* This will free all memory associated with the given rule.
	41	* If @rule is NULL, no operation is performed.
	42	*/
	43	void selinux_audit_rule_free(struct selinux_audit_rule *rule);
	44
	45	/**
	46	* selinux_audit_rule_match - determine if a context ID matches a rule.
	47	* @ctxid: the context ID to check
	48	* @field: the field this rule refers to
	49	* @op: the operater the rule uses
	50	* @rule: pointer to the audit rule to check against
	51	* @actx: the audit context (can be NULL) associated with the check
	52	*
	53	* Returns 1 if the context id matches the rule, 0 if it does not, and
	54	* -errno on failure.
	55	*/
	56	int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	57	struct selinux_audit_rule *rule,
	58	struct audit_context *actx);
	59
	60	/**
	61	* selinux_audit_set_callback - set the callback for policy reloads.
	62	* @callback: the function to call when the policy is reloaded
	63	*
	64	* This sets the function callback function that will update the rules
	65	* upon policy reloads. This callback should rebuild all existing rules
	66	* using selinux_audit_rule_init().
	67	*/
	68	void selinux_audit_set_callback(int (*callback)(void));
	69
	70	/**
	71	* selinux_task_ctxid - determine a context ID for a process.
	72	* @tsk: the task object
	73	* @ctxid: ID value returned via this
	74	*
	75	* On return, ctxid will contain an ID for the context. This value
	76	* should only be used opaquely.
	77	*/
	78	void selinux_task_ctxid(struct task_struct tsk, u32 ctxid);
	79
1b50eed9 SG	80	/**
	81	* selinux_ctxid_to_string - map a security context ID to a string
	82	* @ctxid: security context ID to be converted.
	83	* @ctx: address of context string to be returned
	84	* @ctxlen: length of returned context string.
	85	*
	86	* Returns 0 if successful, -errno if not. On success, the context
	87	* string will be allocated internally, and the caller must call
	88	* kfree() on it after use.
	89	*/
	90	int selinux_ctxid_to_string(u32 ctxid, char *ctx, u32 ctxlen);
	91
	92	/**
	93	* selinux_get_inode_sid - get the inode's security context ID
	94	* @inode: inode structure to get the sid from.
	95	* @sid: pointer to security context ID to be filled in.
	96	*
	97	* Returns nothing
	98	*/
	99	void selinux_get_inode_sid(const struct inode inode, u32 sid);
	100
376bd9cb DG	101	#else
	102
	103	static inline int selinux_audit_rule_init(u32 field, u32 op,
	104	char *rulestr,
	105	struct selinux_audit_rule **rule)
	106	{
	107	return -ENOTSUPP;
	108	}
	109
	110	static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
	111	{
	112	return;
	113	}
	114
	115	static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	116	struct selinux_audit_rule *rule,
	117	struct audit_context *actx)
	118	{
	119	return 0;
	120	}
	121
	122	static inline void selinux_audit_set_callback(int (*callback)(void))
	123	{
	124	return;
	125	}
	126
	127	static inline void selinux_task_ctxid(struct task_struct tsk, u32 ctxid)
	128	{
	129	*ctxid = 0;
	130	}
	131
1b50eed9 SG	132	static inline int selinux_ctxid_to_string(u32 ctxid, char *ctx, u32 ctxlen)
	133	{
	134	*ctx = NULL;
	135	*ctxlen = 0;
	136	return 0;
	137	}
	138
	139	static inline void selinux_get_inode_sid(const struct inode inode, u32 sid)
	140	{
	141	*sid = 0;
	142	}
	143
376bd9cb DG	144	#endif /* CONFIG_SECURITY_SELINUX */
	145
	146	#endif /* _LINUX_SELINUX_H */