linux_dsm_epyc7002/security/selinux/include
Andrew Perepechko f9df645821 selinux: export validatetrans decisions
Make validatetrans decisions available through selinuxfs.
"/validatetrans" is added to selinuxfs for this purpose.
This functionality is needed by file system servers
implemented in userspace or kernelspace without the VFS
layer.

Writing "$oldcontext $newcontext $tclass $taskcontext"
to /validatetrans is expected to return 0 if the transition
is allowed and -EPERM otherwise.

Signed-off-by: Andrew Perepechko <anserper@ya.ru>
CC: andrew.perepechko@seagate.com
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
2015-12-24 11:09:41 -05:00
..
audit.h
avc_ss.h
avc.h Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
classmap.h selinux: export validatetrans decisions 2015-12-24 11:09:41 -05:00
conditional.h
initial_sid_to_string.h
netif.h selinux: make the netif cache namespace aware 2014-09-10 17:09:57 -04:00
netlabel.h
netnode.h selinux: reduce the number of calls to synchronize_net() when flushing caches 2014-06-26 14:33:56 -04:00
netport.h selinux: reduce the number of calls to synchronize_net() when flushing caches 2014-06-26 14:33:56 -04:00
objsec.h security: Add hook to invalidate inode security labels 2015-12-24 11:09:40 -05:00
security.h selinux: export validatetrans decisions 2015-12-24 11:09:41 -05:00
xfrm.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-03-25 20:29:20 -04:00