summaryrefslogtreecommitdiffstats
path: root/security/selinux/include/security.h
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-01-29 08:38:23 -0500
committerJames Morris <jmorris@namei.org>2008-01-30 08:17:25 +1100
commit220deb966ea51e0dedb6a187c0763120809f3e64 (patch)
tree7d0e5dd8048907c364b4eeff294991937b466c7e /security/selinux/include/security.h
parentf67f4f315f31e7907779adb3296fb6682e755342 (diff)
downloadlinux-220deb966ea51e0dedb6a187c0763120809f3e64.tar.gz
linux-220deb966ea51e0dedb6a187c0763120809f3e64.tar.bz2
linux-220deb966ea51e0dedb6a187c0763120809f3e64.zip
SELinux: Better integration between peer labeling subsystems
Rework the handling of network peer labels so that the different peer labeling subsystems work better together. This includes moving both subsystems to a single "peer" object class which involves not only changes to the permission checks but an improved method of consolidating multiple packet peer labels. As part of this work the inbound packet permission check code has been heavily modified to handle both the old and new behavior in as sane a fashion as possible. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/include/security.h')
-rw-r--r--security/selinux/include/security.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index a22de9771806..9347e2daa8d4 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -99,6 +99,10 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);
+int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
+ u32 xfrm_sid,
+ u32 *peer_sid);
+
int security_get_classes(char ***classes, int *nclasses);
int security_get_permissions(char *class, char ***perms, int *nperms);
int security_get_reject_unknown(void);