selinux: export validatetrans decisions
Make validatetrans decisions available through selinuxfs. "/validatetrans" is added to selinuxfs for this purpose. This functionality is needed by file system servers implemented in userspace or kernelspace without the VFS layer. Writing "$oldcontext $newcontext $tclass $taskcontext" to /validatetrans is expected to return 0 if the transition is allowed and -EPERM otherwise. Signed-off-by:Andrew Perepechko <anserper@ya.ru> CC: andrew.perepechko@seagate.com Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by:
Paul Moore <pmoore@redhat.com>
Showing
- security/selinux/include/classmap.h 1 addition, 1 deletionsecurity/selinux/include/classmap.h
- security/selinux/include/security.h 3 additions, 0 deletionssecurity/selinux/include/security.h
- security/selinux/selinuxfs.c 80 additions, 0 deletionssecurity/selinux/selinuxfs.c
- security/selinux/ss/services.c 27 additions, 7 deletionssecurity/selinux/ss/services.c
Loading
Please register or sign in to comment