LCOV - code coverage report
Current view: top level - include/linux - selinux.h (source / functions) Hit Total Coverage
Test: coverage.info Lines: 1 1 100.0 %
Date: 2017-01-25 Functions: 0 0 -

          Line data    Source code
       1             : /*
       2             :  * SELinux services exported to the rest of the kernel.
       3             :  *
       4             :  * Author: James Morris <jmorris@redhat.com>
       5             :  *
       6             :  * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
       7             :  * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
       8             :  * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
       9             :  *
      10             :  * This program is free software; you can redistribute it and/or modify
      11             :  * it under the terms of the GNU General Public License version 2,
      12             :  * as published by the Free Software Foundation.
      13             :  */
      14             : #ifndef _LINUX_SELINUX_H
      15             : #define _LINUX_SELINUX_H
      16             : 
      17             : struct selinux_audit_rule;
      18             : struct audit_context;
      19             : struct kern_ipc_perm;
      20             : 
      21             : #ifdef CONFIG_SECURITY_SELINUX
      22             : 
      23             : /**
      24             :  *     selinux_string_to_sid - map a security context string to a security ID
      25             :  *     @str: the security context string to be mapped
      26             :  *     @sid: ID value returned via this.
      27             :  *
      28             :  *     Returns 0 if successful, with the SID stored in sid.  A value
      29             :  *     of zero for sid indicates no SID could be determined (but no error
      30             :  *     occurred).
      31             :  */
      32             : int selinux_string_to_sid(char *str, u32 *sid);
      33             : 
      34             : /**
      35             :  *     selinux_secmark_relabel_packet_permission - secmark permission check
      36             :  *     @sid: SECMARK ID value to be applied to network packet
      37             :  *
      38             :  *     Returns 0 if the current task is allowed to set the SECMARK label of
      39             :  *     packets with the supplied security ID.  Note that it is implicit that
      40             :  *     the packet is always being relabeled from the default unlabeled value,
      41             :  *     and that the access control decision is made in the AVC.
      42             :  */
      43             : int selinux_secmark_relabel_packet_permission(u32 sid);
      44             : 
      45             : /**
      46             :  *     selinux_secmark_refcount_inc - increments the secmark use counter
      47             :  *
      48             :  *     SELinux keeps track of the current SECMARK targets in use so it knows
      49             :  *     when to apply SECMARK label access checks to network packets.  This
      50             :  *     function incements this reference count to indicate that a new SECMARK
      51             :  *     target has been configured.
      52             :  */
      53             : void selinux_secmark_refcount_inc(void);
      54             : 
      55             : /**
      56             :  *     selinux_secmark_refcount_dec - decrements the secmark use counter
      57             :  *
      58             :  *     SELinux keeps track of the current SECMARK targets in use so it knows
      59             :  *     when to apply SECMARK label access checks to network packets.  This
      60             :  *     function decements this reference count to indicate that one of the
      61             :  *     existing SECMARK targets has been removed/flushed.
      62             :  */
      63             : void selinux_secmark_refcount_dec(void);
      64             : 
      65             : /**
      66             :  * selinux_is_enabled - is SELinux enabled?
      67             :  */
      68             : bool selinux_is_enabled(void);
      69             : #else
      70             : 
      71             : static inline int selinux_string_to_sid(const char *str, u32 *sid)
      72             : {
      73             :        *sid = 0;
      74             :        return 0;
      75             : }
      76             : 
      77             : static inline int selinux_secmark_relabel_packet_permission(u32 sid)
      78             : {
      79             :         return 0;
      80             : }
      81             : 
      82             : static inline void selinux_secmark_refcount_inc(void)
      83             : {
      84             :         return;
      85             : }
      86             : 
      87             : static inline void selinux_secmark_refcount_dec(void)
      88             : {
      89             :         return;
      90             : }
      91             : 
      92             : static inline bool selinux_is_enabled(void)
      93             : {
      94             :         return false;
      95             : }
      96           1 : #endif  /* CONFIG_SECURITY_SELINUX */
      97             : 
      98             : #endif /* _LINUX_SELINUX_H */

Generated by: LCOV version 1.10