aboutsummaryrefslogtreecommitdiffstats
path: root/xen/xsm/flask/include/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'xen/xsm/flask/include/security.h')
-rw-r--r--xen/xsm/flask/include/security.h14
1 files changed, 9 insertions, 5 deletions
diff --git a/xen/xsm/flask/include/security.h b/xen/xsm/flask/include/security.h
index 37c9913988..149caf753c 100644
--- a/xen/xsm/flask/include/security.h
+++ b/xen/xsm/flask/include/security.h
@@ -26,10 +26,14 @@
#define POLICYDB_VERSION_VALIDATETRANS 19
#define POLICYDB_VERSION_MLS 19
#define POLICYDB_VERSION_AVTAB 20
+#define POLICYDB_VERSION_RANGETRANS 21
+#define POLICYDB_VERSION_POLCAP 22
+#define POLICYDB_VERSION_PERMISSIVE 23
+#define POLICYDB_VERSION_BOUNDARY 24
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_BOUNDARY
#ifdef FLASK_BOOTPARAM
extern int flask_enabled;
@@ -43,12 +47,15 @@ int security_load_policy(void * data, size_t len);
struct av_decision {
u32 allowed;
- u32 decided;
u32 auditallow;
u32 auditdeny;
u32 seqno;
+ u32 flags;
};
+/* definitions of av_decision.flags */
+#define AVD_FLAGS_PERMISSIVE 0x0001
+
int security_compute_av(u32 ssid, u32 tsid, u16 tclass, u32 requested,
struct av_decision *avd);
@@ -62,9 +69,6 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len);
int security_context_to_sid(char *scontext, u32 scontext_len, u32 *out_sid);
-int security_context_to_sid_default(char *scontext, u32 scontext_len,
- u32 *out_sid, u32 def_sid);
-
int security_get_user_sids(u32 callsid, char *username, u32 **sids, u32 *nel);
int security_pirq_sid(int pirq, u32 *out_sid);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 01:53:10 +0000