[PATCH 04/58] LSM: Create an lsm_export data structure.
Casey Schaufler
casey at schaufler-ca.com
Fri May 31 23:09:26 UTC 2019
When more than one security module is exporting data to
audit and networking sub-systems a single 32 bit integer
is no longer sufficient to represent the data. Add a
structure to be used instead.
Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
---
include/linux/security.h | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 49f2685324b0..81f9f79f9a1e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -76,6 +76,18 @@ enum lsm_event {
LSM_POLICY_CHANGE,
};
+/* Data exported by the security modules */
+struct lsm_export {
+ u32 selinux;
+ u32 smack;
+ u32 apparmor;
+ u32 flags;
+};
+#define LSM_EXPORT_NONE 0x00
+#define LSM_EXPORT_SELINUX 0x01
+#define LSM_EXPORT_SMACK 0x02
+#define LSM_EXPORT_APPARMOR 0x04
+
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
int cap, unsigned int opts);
--
2.19.1
More information about the Linux-security-module-archive
mailing list