#include <linux/fs.h>
#include <linux/binfmts.h>
#include <linux/in.h>
+#include <linux/spinlock.h>
#include "flask.h"
#include "avc.h"
struct task_security_struct {
- unsigned long magic; /* magic number for this module */
struct task_struct *task; /* back pointer to task object */
u32 osid; /* SID prior to last execve */
u32 sid; /* current SID */
u32 exec_sid; /* exec SID */
u32 create_sid; /* fscreate SID */
- u32 ptrace_sid; /* SID of ptrace parent */
+ u32 keycreate_sid; /* keycreate SID */
+ u32 sockcreate_sid; /* fscreate SID */
};
struct inode_security_struct {
- unsigned long magic; /* magic number for this module */
struct inode *inode; /* back pointer to inode object */
struct list_head list; /* list of inode_security_struct */
u32 task_sid; /* SID of creating task */
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
unsigned char initialized; /* initialization flag */
- struct semaphore sem;
+ struct mutex lock;
unsigned char inherit; /* inherit SID from parent entry */
};
struct file_security_struct {
- unsigned long magic; /* magic number for this module */
struct file *file; /* back pointer to file object */
u32 sid; /* SID of open file description */
u32 fown_sid; /* SID of file owner (for SIGIO) */
};
struct superblock_security_struct {
- unsigned long magic; /* magic number for this module */
struct super_block *sb; /* back pointer to sb object */
struct list_head list; /* list of superblock_security_struct */
- u32 sid; /* SID of file system */
+ u32 sid; /* SID of file system superblock */
u32 def_sid; /* default SID for labeling */
+ u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
unsigned int behavior; /* labeling behavior */
unsigned char initialized; /* initialization flag */
unsigned char proc; /* proc fs */
- struct semaphore sem;
+ struct mutex lock;
struct list_head isec_head;
spinlock_t isec_lock;
};
struct msg_security_struct {
- unsigned long magic; /* magic number for this module */
struct msg_msg *msg; /* back pointer */
u32 sid; /* SID of message */
};
struct ipc_security_struct {
- unsigned long magic; /* magic number for this module */
struct kern_ipc_perm *ipc_perm; /* back pointer */
u16 sclass; /* security class of this object */
u32 sid; /* SID of IPC resource */
};
struct bprm_security_struct {
- unsigned long magic; /* magic number for this module */
struct linux_binprm *bprm; /* back pointer to bprm object */
u32 sid; /* SID for transformed process */
unsigned char set;
};
struct sk_security_struct {
- unsigned long magic; /* magic number for this module */
struct sock *sk; /* back pointer to sk object */
+ u32 sid; /* SID of this object */
u32 peer_sid; /* SID of peer */
+#ifdef CONFIG_NETLABEL
+ u16 sclass; /* sock security class */
+ enum { /* NetLabel state */
+ NLBL_UNSET = 0,
+ NLBL_REQUIRE,
+ NLBL_LABELED,
+ } nlbl_state;
+ spinlock_t nlbl_lock; /* protects nlbl_state */
+#endif
};
-extern int inode_security_set_sid(struct inode *inode, u32 sid);
+struct key_security_struct {
+ struct key *obj; /* back pointer */
+ u32 sid; /* SID of key */
+};
+
+extern unsigned int selinux_checkreqprot;
#endif /* _SELINUX_OBJSEC_H_ */