1/* 2 * SELinux services exported to the rest of the kernel. 3 * 4 * Author: James Morris <jmorris@redhat.com> 5 * 6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> 7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 8 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License version 2, 12 * as published by the Free Software Foundation. 13 */ 14#ifndef _LINUX_SELINUX_H 15#define _LINUX_SELINUX_H 16 17struct selinux_audit_rule; 18struct audit_context; 19struct kern_ipc_perm; 20 21#ifdef CONFIG_SECURITY_SELINUX 22 23/** 24 * selinux_string_to_sid - map a security context string to a security ID 25 * @str: the security context string to be mapped 26 * @sid: ID value returned via this. 27 * 28 * Returns 0 if successful, with the SID stored in sid. A value 29 * of zero for sid indicates no SID could be determined (but no error 30 * occurred). 31 */ 32int selinux_string_to_sid(char *str, u32 *sid); 33 34/** 35 * selinux_secmark_relabel_packet_permission - secmark permission check 36 * @sid: SECMARK ID value to be applied to network packet 37 * 38 * Returns 0 if the current task is allowed to set the SECMARK label of 39 * packets with the supplied security ID. Note that it is implicit that 40 * the packet is always being relabeled from the default unlabeled value, 41 * and that the access control decision is made in the AVC. 42 */ 43int selinux_secmark_relabel_packet_permission(u32 sid); 44 45/** 46 * selinux_secmark_refcount_inc - increments the secmark use counter 47 * 48 * SELinux keeps track of the current SECMARK targets in use so it knows 49 * when to apply SECMARK label access checks to network packets. This 50 * function incements this reference count to indicate that a new SECMARK 51 * target has been configured. 52 */ 53void selinux_secmark_refcount_inc(void); 54 55/** 56 * selinux_secmark_refcount_dec - decrements the secmark use counter 57 * 58 * SELinux keeps track of the current SECMARK targets in use so it knows 59 * when to apply SECMARK label access checks to network packets. This 60 * function decements this reference count to indicate that one of the 61 * existing SECMARK targets has been removed/flushed. 62 */ 63void selinux_secmark_refcount_dec(void); 64 65/** 66 * selinux_is_enabled - is SELinux enabled? 67 */ 68bool selinux_is_enabled(void); 69#else 70 71static inline int selinux_string_to_sid(const char *str, u32 *sid) 72{ 73 *sid = 0; 74 return 0; 75} 76 77static inline int selinux_secmark_relabel_packet_permission(u32 sid) 78{ 79 return 0; 80} 81 82static inline void selinux_secmark_refcount_inc(void) 83{ 84 return; 85} 86 87static inline void selinux_secmark_refcount_dec(void) 88{ 89 return; 90} 91 92static inline bool selinux_is_enabled(void) 93{ 94 return false; 95} 96#endif /* CONFIG_SECURITY_SELINUX */ 97 98#endif /* _LINUX_SELINUX_H */ 99