|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
Go to the source code of this file.
Data Structures | |
| struct | av_decision |
| struct | selinux_kernel_status |
Enumerations | |
| enum | { POLICYDB_CAPABILITY_NETPEER, POLICYDB_CAPABILITY_OPENPERM, __POLICYDB_CAPABILITY_MAX } |
| #define AVD_FLAGS_PERMISSIVE 0x0001 |
Definition at line 106 of file security.h.
| #define CONTEXT_MNT 0x01 |
Definition at line 48 of file security.h.
| #define CONTEXT_STR "context=" |
Definition at line 57 of file security.h.
| #define DEFCONTEXT_MNT 0x08 |
Definition at line 51 of file security.h.
| #define DEFCONTEXT_STR "defcontext=" |
Definition at line 60 of file security.h.
| #define FSCONTEXT_MNT 0x02 |
Definition at line 49 of file security.h.
| #define FSCONTEXT_STR "fscontext=" |
Definition at line 58 of file security.h.
| #define LABELSUPP_STR "seclabel" |
Definition at line 61 of file security.h.
| #define POLICYDB_BOUNDS_MAXDEPTH 4 |
Definition at line 86 of file security.h.
| #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) |
Definition at line 73 of file security.h.
| #define POLICYDB_VERSION_AVTAB 20 |
Definition at line 27 of file security.h.
| #define POLICYDB_VERSION_BASE 15 |
Definition at line 21 of file security.h.
| #define POLICYDB_VERSION_BOOL 16 |
Definition at line 22 of file security.h.
| #define POLICYDB_VERSION_BOUNDARY 24 |
Definition at line 31 of file security.h.
| #define POLICYDB_VERSION_DEFAULT_TYPE 28 |
Definition at line 35 of file security.h.
| #define POLICYDB_VERSION_FILENAME_TRANS 25 |
Definition at line 32 of file security.h.
| #define POLICYDB_VERSION_IPV6 17 |
Definition at line 23 of file security.h.
| #define POLICYDB_VERSION_MAX POLICYDB_VERSION_DEFAULT_TYPE |
Definition at line 42 of file security.h.
| #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE |
Definition at line 38 of file security.h.
| #define POLICYDB_VERSION_MLS 19 |
Definition at line 26 of file security.h.
| #define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 27 |
Definition at line 34 of file security.h.
| #define POLICYDB_VERSION_NLCLASS 18 |
Definition at line 24 of file security.h.
| #define POLICYDB_VERSION_PERMISSIVE 23 |
Definition at line 30 of file security.h.
| #define POLICYDB_VERSION_POLCAP 22 |
Definition at line 29 of file security.h.
| #define POLICYDB_VERSION_RANGETRANS 21 |
Definition at line 28 of file security.h.
| #define POLICYDB_VERSION_ROLETRANS 26 |
Definition at line 33 of file security.h.
| #define POLICYDB_VERSION_VALIDATETRANS 19 |
Definition at line 25 of file security.h.
| #define ROOTCONTEXT_MNT 0x04 |
Definition at line 50 of file security.h.
| #define ROOTCONTEXT_STR "rootcontext=" |
Definition at line 59 of file security.h.
| #define SE_MNTMASK 0x0f |
Definition at line 46 of file security.h.
| #define SE_SBINITIALIZED 0x10 |
Definition at line 53 of file security.h.
| #define SE_SBLABELSUPP 0x40 |
Definition at line 55 of file security.h.
| #define SE_SBPROC 0x20 |
Definition at line 54 of file security.h.
| #define SECCLASS_NULL 0x0000 /* no class */ |
Definition at line 18 of file security.h.
| #define SECSID_NULL 0x00000000 /* unspecified SID */ |
Definition at line 16 of file security.h.
| #define SECSID_WILD 0xffffffff /* wildcard SID */ |
Definition at line 17 of file security.h.
Definition at line 169 of file security.h.
| #define SECURITY_FS_USE_MNTPOINT 6 /* use mountpoint labeling */ |
Definition at line 171 of file security.h.
Definition at line 170 of file security.h.
| #define SECURITY_FS_USE_TASK 3 /* use task SIDs, e.g. pipefs/sockfs */ |
Definition at line 168 of file security.h.
| #define SECURITY_FS_USE_TRANS 2 /* use transition SIDs, e.g. devpts/tmpfs */ |
Definition at line 167 of file security.h.
| #define SECURITY_FS_USE_XATTR 1 /* use xattr */ |
Definition at line 166 of file security.h.
| #define SEL_VEC_MAX 32 |
Definition at line 96 of file security.h.
| #define SELINUX_KERNEL_STATUS_VERSION 1 |
Definition at line 207 of file security.h.
| #define TYPEDATUM_PROPERTY_ATTRIBUTE 0x0002 |
Definition at line 83 of file security.h.
| #define TYPEDATUM_PROPERTY_PRIMARY 0x0001 |
Definition at line 82 of file security.h.
| anonymous enum |
Definition at line 68 of file security.h.
|
read |
mcontroller : adapter info structure for old mimd_t apps
: base address : irq number : number of logical drives : pci bus : pci device : pci function : pci id : vendor id : slot number : unique id
Definition at line 171 of file esd_usb2.c.
Definition at line 818 of file services.c.
security_change_sid - Compute the SID for object relabeling. : source security identifier : target security identifier : target security class : security identifier for selected member
Compute a SID to use for relabeling an object of class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the SID was computed successfully.
Definition at line 1620 of file services.c.
security_compute_av - Compute access vector decisions. : source security identifier : target security identifier : target security class : access vector decisions
Compute a set of access vector decisions based on the SID pair (, ) for the permissions in .
Definition at line 912 of file services.c.
Definition at line 959 of file services.c.
security_context_to_sid - Obtain a SID for a given security context. : security context : length in bytes : security identifier, SID
Obtains a SID associated with the security context that has the string representation specified by . Returns -EINVAL if the context is invalid, -ENOMEM if insufficient memory is available, or 0 on success.
Definition at line 1293 of file services.c.
| int security_context_to_sid_default | ( | const char * | scontext, |
| u32 | scontext_len, | ||
| u32 * | sid, | ||
| u32 | def_sid, | ||
| gfp_t | gfp_flags | ||
| ) |
security_context_to_sid_default - Obtain a SID for a given security context, falling back to specified default if needed.
: security context : length in bytes : security identifier, SID : default SID to assign on error
Obtains a SID associated with the security context that has the string representation specified by . The default SID is passed to the MLS layer to be used to allow kernel labeling of the MLS field if the MLS field is not present (for upgrading to MLS without full relabel). Implicitly forces adding of the context even if it cannot be mapped yet. Returns -EINVAL if the context is invalid, -ENOMEM if insufficient memory is available, or 0 on success.
Definition at line 1317 of file services.c.
Definition at line 1324 of file services.c.
security_fs_use - Determine how to handle labeling for a filesystem. : filesystem type : labeling behavior : SID for filesystem (superblock)
Definition at line 2330 of file services.c.
security_genfs_sid - Obtain a SID for a file in a filesystem : filesystem type : path from root of mount : file security class : SID for path
Obtain a SID to use for a file in a filesystem that cannot support xattr or use a fixed labeling behavior like transition SIDs or task SIDs.
Definition at line 2271 of file services.c.
Definition at line 2771 of file services.c.
Definition at line 2682 of file services.c.
Definition at line 1064 of file services.c.
Definition at line 2721 of file services.c.
Definition at line 2766 of file services.c.
security_get_user_sids - Obtain reachable SIDs for a user. : starting SID : username : array of reachable SIDs for user : number of elements in
Generate the set of SIDs for legal security contexts for a given user that can be reached by . Set * to point to a dynamically allocated array containing the set of SIDs. Set * to the number of elements in the array.
Definition at line 2161 of file services.c.
security_load_policy - Load a security policy configuration. : binary policy data : length of data in bytes
Load a new set of security policy configuration data, validate it and convert the SID table as necessary. This function will flush the access vector cache after loading the new policy.
Definition at line 1829 of file services.c.
security_member_sid - Compute the SID for member selection. : source security identifier : target security identifier : target security class : security identifier for selected member
Compute a SID to use when selecting a member of a polyinstantiated object of class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the SID was computed successfully.
Definition at line 1598 of file services.c.
Definition at line 254 of file services.c.
security_net_peersid_resolve - Compare and resolve two network peer SIDs : NetLabel SID : NetLabel labeling protocol type : XFRM SID
Description: Compare the and values and if the two SIDs can be resolved into a single SID it is returned via and the function returns zero. Otherwise is set to SECSID_NULL and the function returns a negative value. A table summarizing the behavior is below:
| function return | @sid
---------------------------—+--------------—+--------------— no peer labels | 0 | SECSID_NULL single peer label | 0 | <peer_label> multiple, consistent labels | 0 | <peer_label> multiple, inconsistent labels | -<errno> | SECSID_NULL
Definition at line 2607 of file services.c.
Definition at line 2022 of file services.c.
security_node_sid - Obtain the SID for a node (host). : communication domain aka address family : address : address length in bytes : security identifier
Definition at line 2078 of file services.c.
security_policycap_supported - Check for a specific policy capability : capability
Description: This function queries the currently loaded policy to see if it supports the capability specified by . Returns true (1) if the capability is supported, false (0) if it isn't supported.
Definition at line 2786 of file services.c.
Definition at line 1966 of file services.c.
Definition at line 1983 of file services.c.
security_read_policy - read the policy. : binary policy data : length of data in bytes
Definition at line 3223 of file services.c.
Definition at line 2524 of file services.c.
security_sid_to_context - Obtain a context for a given SID. : security identifier, SID : security context : length in bytes
Write the string representation of the context associated with into a dynamically allocated string of the correct size. Set to point to this string and set to the length of the string.
Definition at line 1131 of file services.c.
Definition at line 1136 of file services.c.
| int security_transition_sid | ( | u32 | ssid, |
| u32 | tsid, | ||
| u16 | tclass, | ||
| const struct qstr * | qstr, | ||
| u32 * | out_sid | ||
| ) |
security_transition_sid - Compute the SID for a new subject/object. : source security identifier : target security identifier : target security class : security identifier for new subject/object
Compute a SID to use for labeling a new subject or object in the class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the new SID was computed successfully.
Definition at line 1571 of file services.c.
| int security_transition_sid_user | ( | u32 | ssid, |
| u32 | tsid, | ||
| u16 | tclass, | ||
| const char * | objname, | ||
| u32 * | out_sid | ||
| ) |
Definition at line 1578 of file services.c.
Definition at line 743 of file services.c.
Definition at line 131 of file nlmsgtab.c.
| u32 deny_unknown |
Definition at line 222 of file security.h.
| u32 enforcing |
Definition at line 220 of file security.h.
| u32 policyload |
Definition at line 221 of file security.h.
Definition at line 1300 of file selinuxfs.c.
| int selinux_policycap_netpeer |
Definition at line 73 of file services.c.
| int selinux_policycap_openperm |
Definition at line 74 of file services.c.
Definition at line 1895 of file selinuxfs.c.
| u32 sequence |
Definition at line 219 of file security.h.
| u32 version |
Definition at line 218 of file security.h.
1.8.2