diff options
| author |   Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-01 22:03:14 +0200 |
|---|---|---|
| committer |   James Morris <jmorris@namei.org> | 2008-04-19 09:53:46 +1000 |
| commit | 9d57a7f9e23dc30783d245280fc9907cf2c87837 (patch) | |
| tree | 508b81e213f5dca1097ccf0ece8ba092b168607b /include/linux/selinux.h | |
| parent | Audit: internally use the new LSM audit hooks (diff) | |
| download | linux-dev-9d57a7f9e23dc30783d245280fc9907cf2c87837.tar.xz linux-dev-9d57a7f9e23dc30783d245280fc9907cf2c87837.zip | |
SELinux: use new audit hooks, remove redundant exports
Setup the new Audit LSM hooks for SELinux.
Remove the now redundant exported SELinux Audit interface.
Audit: Export 'audit_krule' and 'audit_field' to the public
since their internals are needed by the implementation of the
new LSM hook 'audit_rule_known'.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/selinux.h')
| -rw-r--r-- | include/linux/selinux.h | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/include/linux/selinux.h b/include/linux/selinux.h index 24b0af1c4cac..20f965d4b041 100644 --- a/include/linux/selinux.h +++ b/include/linux/selinux.h @@ -21,54 +21,6 @@ struct kern_ipc_perm; #ifdef CONFIG_SECURITY_SELINUX /** - * selinux_audit_rule_init - alloc/init an selinux audit rule structure. - * @field: the field this rule refers to - * @op: the operater the rule uses - * @rulestr: the text "target" of the rule - * @rule: pointer to the new rule structure returned via this - * - * Returns 0 if successful, -errno if not. On success, the rule structure - * will be allocated internally. The caller must free this structure with - * selinux_audit_rule_free() after use. - */ -int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, - struct selinux_audit_rule **rule); - -/** - * selinux_audit_rule_free - free an selinux audit rule structure. - * @rule: pointer to the audit rule to be freed - * - * This will free all memory associated with the given rule. - * If @rule is NULL, no operation is performed. - */ -void selinux_audit_rule_free(struct selinux_audit_rule *rule); - -/** - * selinux_audit_rule_match - determine if a context ID matches a rule. - * @sid: the context ID to check - * @field: the field this rule refers to - * @op: the operater the rule uses - * @rule: pointer to the audit rule to check against - * @actx: the audit context (can be NULL) associated with the check - * - * Returns 1 if the context id matches the rule, 0 if it does not, and - * -errno on failure. - */ -int selinux_audit_rule_match(u32 sid, u32 field, u32 op, - struct selinux_audit_rule *rule, - struct audit_context *actx); - -/** - * selinux_audit_set_callback - set the callback for policy reloads. - * @callback: the function to call when the policy is reloaded - * - * This sets the function callback function that will update the rules - * upon policy reloads. This callback should rebuild all existing rules - * using selinux_audit_rule_init(). - */ -void selinux_audit_set_callback(int (*callback)(void)); - -/** * selinux_string_to_sid - map a security context string to a security ID * @str: the security context string to be mapped * @sid: ID value returned via this. @@ -111,30 +63,6 @@ void selinux_secmark_refcount_inc(void); void selinux_secmark_refcount_dec(void); #else -static inline int selinux_audit_rule_init(u32 field, u32 op, - char *rulestr, - struct selinux_audit_rule **rule) -{ - return -EOPNOTSUPP; -} - -static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) -{ - return; -} - -static inline int selinux_audit_rule_match(u32 sid, u32 field, u32 op, - struct selinux_audit_rule *rule, - struct audit_context *actx) -{ - return 0; -} - -static inline void selinux_audit_set_callback(int (*callback)(void)) -{ - return; -} - static inline int selinux_string_to_sid(const char *str, u32 *sid) { *sid = 0; |