[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / selinux.h

/*
 * SELinux services exported to the rest of the kernel.
 *
 * Author: James Morris <jmorris@redhat.com>
 *
 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2,
 * as published by the Free Software Foundation.
 */
#ifndef _LINUX_SELINUX_H
#define _LINUX_SELINUX_H

struct selinux_audit_rule;
struct audit_context;

#ifdef CONFIG_SECURITY_SELINUX

/**
 *	selinux_audit_rule_init - alloc/init an selinux audit rule structure.
 *	@field: the field this rule refers to
 *	@op: the operater the rule uses
 *	@rulestr: the text "target" of the rule
 *	@rule: pointer to the new rule structure returned via this
 *
 *	Returns 0 if successful, -errno if not.  On success, the rule structure
 *	will be allocated internally.  The caller must free this structure with
 *	selinux_audit_rule_free() after use.
 */
int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
                            struct selinux_audit_rule **rule);

/**
 *	selinux_audit_rule_free - free an selinux audit rule structure.
 *	@rule: pointer to the audit rule to be freed
 *
 *	This will free all memory associated with the given rule.
 *	If @rule is NULL, no operation is performed.
 */
void selinux_audit_rule_free(struct selinux_audit_rule *rule);

/**
 *	selinux_audit_rule_match - determine if a context ID matches a rule.
 *	@ctxid: the context ID to check
 *	@field: the field this rule refers to
 *	@op: the operater the rule uses
 *	@rule: pointer to the audit rule to check against
 *	@actx: the audit context (can be NULL) associated with the check
 *
 *	Returns 1 if the context id matches the rule, 0 if it does not, and
 *	-errno on failure.
 */
int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
                             struct selinux_audit_rule *rule,
                             struct audit_context *actx);

/**
 *	selinux_audit_set_callback - set the callback for policy reloads.
 *	@callback: the function to call when the policy is reloaded
 *
 *	This sets the function callback function that will update the rules
 *	upon policy reloads.  This callback should rebuild all existing rules
 *	using selinux_audit_rule_init().
 */
void selinux_audit_set_callback(int (*callback)(void));

/**
 *	selinux_task_ctxid - determine a context ID for a process.
 *	@tsk: the task object
 *	@ctxid: ID value returned via this
 *
 *	On return, ctxid will contain an ID for the context.  This value
 *	should only be used opaquely.
 */
void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);

#else

static inline int selinux_audit_rule_init(u32 field, u32 op,
                                          char *rulestr,
                                          struct selinux_audit_rule **rule)
{
	return -ENOTSUPP;
}

static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
{
	return;
}

static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
                                           struct selinux_audit_rule *rule,
                                           struct audit_context *actx)
{
	return 0;
}

static inline void selinux_audit_set_callback(int (*callback)(void))
{
	return;
}

static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
{
	*ctxid = 0;
}

#endif	/* CONFIG_SECURITY_SELINUX */

#endif /* _LINUX_SELINUX_H */
Commit	Line	Data
376bd9cb DG	1	/*
	2	* SELinux services exported to the rest of the kernel.
	3	*
	4	* Author: James Morris <jmorris@redhat.com>
	5	*
	6	* Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
	7	* Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
	8	*
	9	* This program is free software; you can redistribute it and/or modify
	10	* it under the terms of the GNU General Public License version 2,
	11	* as published by the Free Software Foundation.
	12	*/
	13	#ifndef _LINUX_SELINUX_H
	14	#define _LINUX_SELINUX_H
	15
	16	struct selinux_audit_rule;
	17	struct audit_context;
	18
	19	#ifdef CONFIG_SECURITY_SELINUX
	20
	21	/**
	22	* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
	23	* @field: the field this rule refers to
	24	* @op: the operater the rule uses
	25	* @rulestr: the text "target" of the rule
	26	* @rule: pointer to the new rule structure returned via this
	27	*
	28	* Returns 0 if successful, -errno if not. On success, the rule structure
	29	* will be allocated internally. The caller must free this structure with
	30	* selinux_audit_rule_free() after use.
	31	*/
	32	int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
	33	struct selinux_audit_rule **rule);
	34
	35	/**
	36	* selinux_audit_rule_free - free an selinux audit rule structure.
	37	* @rule: pointer to the audit rule to be freed
	38	*
	39	* This will free all memory associated with the given rule.
	40	* If @rule is NULL, no operation is performed.
	41	*/
	42	void selinux_audit_rule_free(struct selinux_audit_rule *rule);
	43
	44	/**
	45	* selinux_audit_rule_match - determine if a context ID matches a rule.
	46	* @ctxid: the context ID to check
	47	* @field: the field this rule refers to
	48	* @op: the operater the rule uses
	49	* @rule: pointer to the audit rule to check against
	50	* @actx: the audit context (can be NULL) associated with the check
	51	*
	52	* Returns 1 if the context id matches the rule, 0 if it does not, and
	53	* -errno on failure.
	54	*/
	55	int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
	56	struct selinux_audit_rule *rule,
	57	struct audit_context *actx);
	58
	59	/**
	60	* selinux_audit_set_callback - set the callback for policy reloads.
	61	* @callback: the function to call when the policy is reloaded
	62	*
	63	* This sets the function callback function that will update the rules
	64	* upon policy reloads. This callback should rebuild all existing rules
65	* using selinux_audit_rule_init().
66	*/
67	void selinux_audit_set_callback(int (*callback)(void));
68
69	/**
70	* selinux_task_ctxid - determine a context ID for a process.
71	* @tsk: the task object
72	* @ctxid: ID value returned via this
73	*
74	* On return, ctxid will contain an ID for the context. This value
75	* should only be used opaquely.
76	*/
77	void selinux_task_ctxid(struct task_struct tsk, u32 ctxid);
78
79	#else
80
81	static inline int selinux_audit_rule_init(u32 field, u32 op,
82	char *rulestr,
83	struct selinux_audit_rule **rule)
84	{
85	return -ENOTSUPP;
86	}
87
88	static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
89	{
90	return;
91	}
92
93	static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
94	struct selinux_audit_rule *rule,
95	struct audit_context *actx)
96	{
97	return 0;
98	}
99
100	static inline void selinux_audit_set_callback(int (*callback)(void))
101	{
102	return;
103	}
104
105	static inline void selinux_task_ctxid(struct task_struct tsk, u32 ctxid)
106	{
107	*ctxid = 0;
108	}
109
110	#endif /* CONFIG_SECURITY_SELINUX */
111
112	#endif /* _LINUX_SELINUX_H */