|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
#include <linux/kernel.h>#include <linux/slab.h>#include <linux/string.h>#include <linux/spinlock.h>#include <linux/rcupdate.h>#include <linux/errno.h>#include <linux/in.h>#include <linux/sched.h>#include <linux/audit.h>#include <linux/mutex.h>#include <linux/selinux.h>#include <linux/flex_array.h>#include <linux/vmalloc.h>#include <net/netlabel.h>#include "flask.h"#include "avc.h"#include "avc_ss.h"#include "security.h"#include "context.h"#include "policydb.h"#include "sidtab.h"#include "services.h"#include "conditional.h"#include "mls.h"#include "objsec.h"#include "netlabel.h"#include "xfrm.h"#include "ebitmap.h"#include "audit.h"#include "initial_sid_to_string.h"Go to the source code of this file.
Data Structures | |
| struct | selinux_mapping |
| struct | convert_context_args |
| struct | selinux_audit_rule |
Variables | |
| int | selinux_policycap_netpeer |
| int | selinux_policycap_openperm |
| struct policydb | policydb |
| int | ss_initialized |
| #define SIDS_NEL 25 |
Definition at line 2145 of file services.c.
| __initcall | ( | aurule_init | ) |
Definition at line 818 of file services.c.
security_change_sid - Compute the SID for object relabeling. : source security identifier : target security identifier : target security class : security identifier for selected member
Compute a SID to use for relabeling an object of class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the SID was computed successfully.
Definition at line 1620 of file services.c.
security_compute_av - Compute access vector decisions. : source security identifier : target security identifier : target security class : access vector decisions
Compute a set of access vector decisions based on the SID pair (, ) for the permissions in .
Definition at line 912 of file services.c.
Definition at line 959 of file services.c.
security_context_to_sid - Obtain a SID for a given security context. : security context : length in bytes : security identifier, SID
Obtains a SID associated with the security context that has the string representation specified by . Returns -EINVAL if the context is invalid, -ENOMEM if insufficient memory is available, or 0 on success.
Definition at line 1293 of file services.c.
| int security_context_to_sid_default | ( | const char * | scontext, |
| u32 | scontext_len, | ||
| u32 * | sid, | ||
| u32 | def_sid, | ||
| gfp_t | gfp_flags | ||
| ) |
security_context_to_sid_default - Obtain a SID for a given security context, falling back to specified default if needed.
: security context : length in bytes : security identifier, SID : default SID to assign on error
Obtains a SID associated with the security context that has the string representation specified by . The default SID is passed to the MLS layer to be used to allow kernel labeling of the MLS field if the MLS field is not present (for upgrading to MLS without full relabel). Implicitly forces adding of the context even if it cannot be mapped yet. Returns -EINVAL if the context is invalid, -ENOMEM if insufficient memory is available, or 0 on success.
Definition at line 1317 of file services.c.
Definition at line 1324 of file services.c.
security_fs_use - Determine how to handle labeling for a filesystem. : filesystem type : labeling behavior : SID for filesystem (superblock)
Definition at line 2330 of file services.c.
security_genfs_sid - Obtain a SID for a file in a filesystem : filesystem type : path from root of mount : file security class : SID for path
Obtain a SID to use for a file in a filesystem that cannot support xattr or use a fixed labeling behavior like transition SIDs or task SIDs.
Definition at line 2271 of file services.c.
Definition at line 2771 of file services.c.
Definition at line 2471 of file services.c.
Definition at line 2371 of file services.c.
Definition at line 2682 of file services.c.
Definition at line 1064 of file services.c.
Definition at line 2721 of file services.c.
Definition at line 2766 of file services.c.
security_get_user_sids - Obtain reachable SIDs for a user. : starting SID : username : array of reachable SIDs for user : number of elements in
Generate the set of SIDs for legal security contexts for a given user that can be reached by . Set * to point to a dynamically allocated array containing the set of SIDs. Set * to the number of elements in the array.
Definition at line 2161 of file services.c.
security_load_policy - Load a security policy configuration. : binary policy data : length of data in bytes
Load a new set of security policy configuration data, validate it and convert the SID table as necessary. This function will flush the access vector cache after loading the new policy.
Definition at line 1829 of file services.c.
security_member_sid - Compute the SID for member selection. : source security identifier : target security identifier : target security class : security identifier for selected member
Compute a SID to use when selecting a member of a polyinstantiated object of class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the SID was computed successfully.
Definition at line 1598 of file services.c.
Definition at line 254 of file services.c.
security_net_peersid_resolve - Compare and resolve two network peer SIDs : NetLabel SID : NetLabel labeling protocol type : XFRM SID
Description: Compare the and values and if the two SIDs can be resolved into a single SID it is returned via and the function returns zero. Otherwise is set to SECSID_NULL and the function returns a negative value. A table summarizing the behavior is below:
| function return | @sid
---------------------------—+--------------—+--------------— no peer labels | 0 | SECSID_NULL single peer label | 0 | <peer_label> multiple, consistent labels | 0 | <peer_label> multiple, inconsistent labels | -<errno> | SECSID_NULL
Definition at line 2607 of file services.c.
Definition at line 2022 of file services.c.
security_node_sid - Obtain the SID for a node (host). : communication domain aka address family : address : address length in bytes : security identifier
Definition at line 2078 of file services.c.
security_policycap_supported - Check for a specific policy capability : capability
Description: This function queries the currently loaded policy to see if it supports the capability specified by . Returns true (1) if the capability is supported, false (0) if it isn't supported.
Definition at line 2786 of file services.c.
Definition at line 1966 of file services.c.
Definition at line 1983 of file services.c.
security_read_policy - read the policy. : binary policy data : length of data in bytes
Definition at line 3223 of file services.c.
Definition at line 2422 of file services.c.
Definition at line 2524 of file services.c.
security_sid_to_context - Obtain a context for a given SID. : security identifier, SID : security context : length in bytes
Write the string representation of the context associated with into a dynamically allocated string of the correct size. Set to point to this string and set to the length of the string.
Definition at line 1131 of file services.c.
Definition at line 1136 of file services.c.
| int security_transition_sid | ( | u32 | ssid, |
| u32 | tsid, | ||
| u16 | tclass, | ||
| const struct qstr * | qstr, | ||
| u32 * | out_sid | ||
| ) |
security_transition_sid - Compute the SID for a new subject/object. : source security identifier : target security identifier : target security class : security identifier for new subject/object
Compute a SID to use for labeling a new subject or object in the class based on a SID pair (, ). Return -EINVAL if any of the parameters are invalid, -ENOMEM if insufficient memory is available, or %0 if the new SID was computed successfully.
Definition at line 1571 of file services.c.
| int security_transition_sid_user | ( | u32 | ssid, |
| u32 | tsid, | ||
| u16 | tclass, | ||
| const char * | objname, | ||
| u32 * | out_sid | ||
| ) |
Definition at line 1578 of file services.c.
Definition at line 743 of file services.c.
selinux_audit_rule_free - free an selinux audit rule structure. : pointer to the audit rule to be freed
This will free all memory associated with the given rule. If is NULL, no operation is performed.
Definition at line 2802 of file services.c.
selinux_audit_rule_init - alloc/init an selinux audit rule structure. : the field this rule refers to : the operater the rule uses : the text "target" of the rule : pointer to the new rule structure returned via this
Returns 0 if successful, -errno if not. On success, the rule structure will be allocated internally. The caller must free this structure with selinux_audit_rule_free() after use.
Definition at line 2812 of file services.c.
| int selinux_audit_rule_known | ( | struct audit_krule * | krule | ) |
selinux_audit_rule_known - check to see if rule contains selinux fields. : rule to be checked Returns 1 if there are selinux fields specified in the rule, 0 otherwise.
Definition at line 2909 of file services.c.
| int selinux_audit_rule_match | ( | u32 | sid, |
| u32 | field, | ||
| u32 | op, | ||
| void * | rule, | ||
| struct audit_context * | actx | ||
| ) |
selinux_audit_rule_match - determine if a context ID matches a rule. : the context ID to check : the field this rule refers to : the operater the rule uses : pointer to the audit rule to check against : the audit context (can be NULL) associated with the check
Returns 1 if the context id matches the rule, 0 if it does not, and -errno on failure.
Definition at line 2933 of file services.c.
Definition at line 79 of file services.c.
| int selinux_policycap_netpeer |
Definition at line 73 of file services.c.
| int selinux_policycap_openperm |
Definition at line 74 of file services.c.
| int ss_initialized |
Definition at line 80 of file services.c.
1.8.2