diff options
Diffstat (limited to 'xen/xsm/flask/include/security.h')
-rw-r--r-- | xen/xsm/flask/include/security.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/xen/xsm/flask/include/security.h b/xen/xsm/flask/include/security.h index 37c9913988..149caf753c 100644 --- a/xen/xsm/flask/include/security.h +++ b/xen/xsm/flask/include/security.h @@ -26,10 +26,14 @@ #define POLICYDB_VERSION_VALIDATETRANS 19 #define POLICYDB_VERSION_MLS 19 #define POLICYDB_VERSION_AVTAB 20 +#define POLICYDB_VERSION_RANGETRANS 21 +#define POLICYDB_VERSION_POLCAP 22 +#define POLICYDB_VERSION_PERMISSIVE 23 +#define POLICYDB_VERSION_BOUNDARY 24 /* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE -#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB +#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY #ifdef FLASK_BOOTPARAM extern int flask_enabled; @@ -43,12 +47,15 @@ int security_load_policy(void * data, size_t len); struct av_decision { u32 allowed; - u32 decided; u32 auditallow; u32 auditdeny; u32 seqno; + u32 flags; }; +/* definitions of av_decision.flags */ +#define AVD_FLAGS_PERMISSIVE 0x0001 + int security_compute_av(u32 ssid, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd); @@ -62,9 +69,6 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len); int security_context_to_sid(char *scontext, u32 scontext_len, u32 *out_sid); -int security_context_to_sid_default(char *scontext, u32 scontext_len, - u32 *out_sid, u32 def_sid); - int security_get_user_sids(u32 callsid, char *username, u32 **sids, u32 *nel); int security_pirq_sid(int pirq, u32 *out_sid); |