Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
objsec.h
Go to the documentation of this file.
1 /*
2  * NSA Security-Enhanced Linux (SELinux) security module
3  *
4  * This file contains the SELinux security data structures for kernel objects.
5  *
6  * Author(s): Stephen Smalley, <[email protected]>
7  * Chris Vance, <[email protected]>
8  * Wayne Salamon, <[email protected]>
9  * James Morris <[email protected]>
10  *
11  * Copyright (C) 2001,2002 Networks Associates Technology, Inc.
12  * Copyright (C) 2003 Red Hat, Inc., James Morris <[email protected]>
13  *
14  * This program is free software; you can redistribute it and/or modify
15  * it under the terms of the GNU General Public License version 2,
16  * as published by the Free Software Foundation.
17  */
18 #ifndef _SELINUX_OBJSEC_H_
19 #define _SELINUX_OBJSEC_H_
20 
21 #include <linux/list.h>
22 #include <linux/sched.h>
23 #include <linux/fs.h>
24 #include <linux/binfmts.h>
25 #include <linux/in.h>
26 #include <linux/spinlock.h>
27 #include "flask.h"
28 #include "avc.h"
29 
30 struct task_security_struct {
31  u32 osid; /* SID prior to last execve */
32  u32 sid; /* current SID */
33  u32 exec_sid; /* exec SID */
34  u32 create_sid; /* fscreate SID */
35  u32 keycreate_sid; /* keycreate SID */
36  u32 sockcreate_sid; /* fscreate SID */
37 };
38 
39 struct inode_security_struct {
40  struct inode *inode; /* back pointer to inode object */
41  struct list_head list; /* list of inode_security_struct */
42  u32 task_sid; /* SID of creating task */
43  u32 sid; /* SID of this object */
44  u16 sclass; /* security class of this object */
45  unsigned char initialized; /* initialization flag */
46  struct mutex lock;
47 };
48 
49 struct file_security_struct {
50  u32 sid; /* SID of open file description */
51  u32 fown_sid; /* SID of file owner (for SIGIO) */
52  u32 isid; /* SID of inode at the time of file open */
53  u32 pseqno; /* Policy seqno at the time of file open */
54 };
55 
56 struct superblock_security_struct {
57  struct super_block *sb; /* back pointer to sb object */
58  u32 sid; /* SID of file system superblock */
59  u32 def_sid; /* default SID for labeling */
60  u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
61  unsigned int behavior; /* labeling behavior */
62  unsigned char flags; /* which mount options were specified */
63  struct mutex lock;
64  struct list_head isec_head;
65  spinlock_t isec_lock;
66 };
67 
68 struct msg_security_struct {
69  u32 sid; /* SID of message */
70 };
71 
72 struct ipc_security_struct {
73  u16 sclass; /* security class of this object */
74  u32 sid; /* SID of IPC resource */
75 };
76 
77 struct netif_security_struct {
78  int ifindex; /* device index */
79  u32 sid; /* SID for this interface */
80 };
81 
82 struct netnode_security_struct {
83  union {
84  __be32 ipv4; /* IPv4 node address */
85  struct in6_addr ipv6; /* IPv6 node address */
86  } addr;
87  u32 sid; /* SID for this node */
88  u16 family; /* address family */
89 };
90 
91 struct netport_security_struct {
92  u32 sid; /* SID for this node */
93  u16 port; /* port number */
94  u8 protocol; /* transport protocol */
95 };
96 
97 struct sk_security_struct {
98 #ifdef CONFIG_NETLABEL
99  enum { /* NetLabel state */
100  NLBL_UNSET = 0,
101  NLBL_REQUIRE,
102  NLBL_LABELED,
103  NLBL_REQSKB,
104  NLBL_CONNLABELED,
105  } nlbl_state;
106  struct netlbl_lsm_secattr *nlbl_secattr; /* NetLabel sec attributes */
107 #endif
108  u32 sid; /* SID of this object */
109  u32 peer_sid; /* SID of peer */
110  u16 sclass; /* sock security class */
111 };
112 
113 struct key_security_struct {
114  u32 sid; /* SID of key */
115 };
116 
117 extern unsigned int selinux_checkreqprot;
118 
119 #endif /* _SELINUX_OBJSEC_H_ */
Generated on Thu Jan 10 2013 15:03:19 for Linux Kernel by   doxygen 1.8.2