netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / include / linux / selinux.h
blob20f965d4b041ca664847478ee89acca7a2e5d154
1 /*
2 * SELinux services exported to the rest of the kernel.
4 * Author: James Morris <jmorris@redhat.com>
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
14 #ifndef _LINUX_SELINUX_H
15 #define _LINUX_SELINUX_H
17 struct selinux_audit_rule;
18 struct audit_context;
19 struct kern_ipc_perm;
21 #ifdef CONFIG_SECURITY_SELINUX
23 /**
24 * selinux_string_to_sid - map a security context string to a security ID
25 * @str: the security context string to be mapped
26 * @sid: ID value returned via this.
28 * Returns 0 if successful, with the SID stored in sid. A value
29 * of zero for sid indicates no SID could be determined (but no error
30 * occurred).
32 int selinux_string_to_sid(char *str, u32 *sid);
34 /**
35 * selinux_secmark_relabel_packet_permission - secmark permission check
36 * @sid: SECMARK ID value to be applied to network packet
38 * Returns 0 if the current task is allowed to set the SECMARK label of
39 * packets with the supplied security ID. Note that it is implicit that
40 * the packet is always being relabeled from the default unlabeled value,
41 * and that the access control decision is made in the AVC.
43 int selinux_secmark_relabel_packet_permission(u32 sid);
45 /**
46 * selinux_secmark_refcount_inc - increments the secmark use counter
48 * SELinux keeps track of the current SECMARK targets in use so it knows
49 * when to apply SECMARK label access checks to network packets. This
50 * function incements this reference count to indicate that a new SECMARK
51 * target has been configured.
53 void selinux_secmark_refcount_inc(void);
55 /**
56 * selinux_secmark_refcount_dec - decrements the secmark use counter
58 * SELinux keeps track of the current SECMARK targets in use so it knows
59 * when to apply SECMARK label access checks to network packets. This
60 * function decements this reference count to indicate that one of the
61 * existing SECMARK targets has been removed/flushed.
63 void selinux_secmark_refcount_dec(void);
64 #else
66 static inline int selinux_string_to_sid(const char *str, u32 *sid)
68 *sid = 0;
69 return 0;
72 static inline int selinux_secmark_relabel_packet_permission(u32 sid)
74 return 0;
77 static inline void selinux_secmark_refcount_inc(void)
79 return;
82 static inline void selinux_secmark_refcount_dec(void)
84 return;
87 #endif /* CONFIG_SECURITY_SELINUX */
89 #endif /* _LINUX_SELINUX_H */