SELinux: allow userspace to read policy back out of the kernel
authorEric Paris <eparis@redhat.com>
Wed, 13 Oct 2010 21:50:25 +0000 (17:50 -0400)
committerJames Morris <jmorris@namei.org>
Wed, 20 Oct 2010 23:12:58 +0000 (10:12 +1100)
commitcee74f47a6baba0ac457e87687fdcf0abd599f0a
tree3d9fdb073050664e62d9cdb6c28112090cd138da
parent00d85c83ac52e2c1a66397f1abc589f80c543425
SELinux: allow userspace to read policy back out of the kernel

There is interest in being able to see what the actual policy is that was
loaded into the kernel.  The patch creates a new selinuxfs file
/selinux/policy which can be read by userspace.  The actual policy that is
loaded into the kernel will be written back out to userspace.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
12 files changed:
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/selinuxfs.c
security/selinux/ss/avtab.c
security/selinux/ss/avtab.h
security/selinux/ss/conditional.c
security/selinux/ss/conditional.h
security/selinux/ss/ebitmap.c
security/selinux/ss/ebitmap.h
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h
security/selinux/ss/services.c