Merge branch 'r6040' of git://git.kernel.org/pub/scm/linux/kernel/git/romieu/netdev...

[linux-2.6] / security / selinux / ss / policydb.h

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index b1340711f721b71954806a4f858e60d99d0617cd..c4ce996e202c1c62357bdaf7bcd02d5988bb4fff 100644 (file)
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -106,9 +106,10 @@ struct cat_datum {
 };
 
 struct range_trans {
-       u32 dom;                        /* current process domain */
-       u32 type;                       /* program executable type */
-       struct mls_range range;         /* new range */
+       u32 source_type;
+       u32 target_type;
+       u32 target_class;
+       struct mls_range target_range;
        struct range_trans *next;
 };
 
@@ -240,18 +241,31 @@ struct policydb {
        /* type -> attribute reverse mapping */
        struct ebitmap *type_attr_map;
 
+       struct ebitmap policycaps;
+
        unsigned int policyvers;
+
+       unsigned int reject_unknown : 1;
+       unsigned int allow_unknown : 1;
+       u32 *undefined_perms;
 };
 
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
+extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
+extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
+extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
 extern int policydb_read(struct policydb *p, void *fp);
 
 #define PERM_SYMTAB_SIZE 32
 
 #define POLICYDB_CONFIG_MLS    1
 
+/* the config flags related to unknown classes/perms are bits 2 and 3 */
+#define REJECT_UNKNOWN 0x00000002
+#define ALLOW_UNKNOWN  0x00000004
+
 #define OBJECT_R "object_r"
 #define OBJECT_R_VAL 1