OpenCloudOS-Kernel/security/selinux/ss
Andrew Perepechko f9df645821 selinux: export validatetrans decisions
Make validatetrans decisions available through selinuxfs.
"/validatetrans" is added to selinuxfs for this purpose.
This functionality is needed by file system servers
implemented in userspace or kernelspace without the VFS
layer.

Writing "$oldcontext $newcontext $tclass $taskcontext"
to /validatetrans is expected to return 0 if the transition
is allowed and -EPERM otherwise.

Signed-off-by: Andrew Perepechko <anserper@ya.ru>
CC: andrew.perepechko@seagate.com
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-12-24 11:09:41 -05:00
..
avtab.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
avtab.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
conditional.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
conditional.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
constraint.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
context.h SELinux: allow default source/target selectors for user/role/range 2012-04-09 12:22:47 -04:00
ebitmap.c selinux: don't waste ebitmap space when importing NetLabel categories 2015-07-09 14:20:36 -04:00
ebitmap.h netlabel: shorter names for the NetLabel catmap funcs/structs 2014-08-01 11:17:37 -04:00
hashtab.c selinux: conditionally reschedule in hashtab_insert while loading selinux policy 2014-05-15 17:07:55 -04:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls.c selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat() 2015-04-06 20:15:55 -04:00
mls.h doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
mls_types.h SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
policydb.c selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
policydb.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
services.c selinux: export validatetrans decisions 2015-12-24 11:09:41 -05:00
services.h selinux: extended permissions for ioctls 2015-07-13 13:31:58 -04:00
sidtab.c selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00