2006-02-25 00:44:05 +03:00
/*
* SELinux services exported to the rest of the kernel .
*
* Author : James Morris < jmorris @ redhat . com >
*
* Copyright ( C ) 2005 Red Hat , Inc . , James Morris < jmorris @ redhat . com >
* Copyright ( C ) 2006 Trusted Computer Solutions , Inc . < dgoeddel @ trustedcs . com >
2006-04-03 17:08:13 +04:00
* Copyright ( C ) 2006 IBM Corporation , Timothy R . Chavez < tinytim @ us . ibm . com >
2006-02-25 00:44:05 +03:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License version 2 ,
* as published by the Free Software Foundation .
*/
# include <linux/types.h>
# include <linux/kernel.h>
# include <linux/module.h>
# include <linux/selinux.h>
2006-04-03 22:06:13 +04:00
# include <linux/fs.h>
2006-04-01 00:22:49 +04:00
# include <linux/ipc.h>
2008-01-29 16:43:36 +03:00
# include <asm/atomic.h>
2006-02-25 00:44:05 +03:00
# include "security.h"
# include "objsec.h"
2008-01-29 16:43:36 +03:00
/* SECMARK reference count */
extern atomic_t selinux_secmark_refcount ;
2006-09-26 10:31:57 +04:00
int selinux_sid_to_string ( u32 sid , char * * ctx , u32 * ctxlen )
2006-04-03 22:06:13 +04:00
{
if ( selinux_enabled )
2006-09-26 10:31:57 +04:00
return security_sid_to_context ( sid , ctx , ctxlen ) ;
2006-04-03 22:06:13 +04:00
else {
* ctx = NULL ;
* ctxlen = 0 ;
}
return 0 ;
}
void selinux_get_inode_sid ( const struct inode * inode , u32 * sid )
{
if ( selinux_enabled ) {
struct inode_security_struct * isec = inode - > i_security ;
* sid = isec - > sid ;
return ;
}
* sid = 0 ;
}
2006-04-01 00:22:49 +04:00
void selinux_get_ipc_sid ( const struct kern_ipc_perm * ipcp , u32 * sid )
{
if ( selinux_enabled ) {
struct ipc_security_struct * isec = ipcp - > security ;
* sid = isec - > sid ;
return ;
}
* sid = 0 ;
}
2006-04-03 17:08:13 +04:00
void selinux_get_task_sid ( struct task_struct * tsk , u32 * sid )
{
if ( selinux_enabled ) {
struct task_security_struct * tsec = tsk - > security ;
* sid = tsec - > sid ;
return ;
}
* sid = 0 ;
}
2006-06-09 11:28:25 +04:00
int selinux_string_to_sid ( char * str , u32 * sid )
{
if ( selinux_enabled )
return security_context_to_sid ( str , strlen ( str ) , sid ) ;
else {
* sid = 0 ;
return 0 ;
}
}
EXPORT_SYMBOL_GPL ( selinux_string_to_sid ) ;
2008-01-29 16:43:36 +03:00
int selinux_secmark_relabel_packet_permission ( u32 sid )
2006-06-09 11:28:25 +04:00
{
if ( selinux_enabled ) {
struct task_security_struct * tsec = current - > security ;
return avc_has_perm ( tsec - > sid , sid , SECCLASS_PACKET ,
PACKET__RELABELTO , NULL ) ;
}
return 0 ;
}
2008-01-29 16:43:36 +03:00
EXPORT_SYMBOL_GPL ( selinux_secmark_relabel_packet_permission ) ;
void selinux_secmark_refcount_inc ( void )
{
atomic_inc ( & selinux_secmark_refcount ) ;
}
EXPORT_SYMBOL_GPL ( selinux_secmark_refcount_inc ) ;
void selinux_secmark_refcount_dec ( void )
{
atomic_dec ( & selinux_secmark_refcount ) ;
}
EXPORT_SYMBOL_GPL ( selinux_secmark_refcount_dec ) ;