SELinux: Update policy version to support constraints info

Update the policy version (POLICYDB_VERSION_CONSTRAINT_NAMES) to allow holding of policy source info for constraints. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Richard Haines <richard_c_haines@btinternet.com> 2013-11-19 17:34:23 -0500
committer: Paul Moore <pmoore@redhat.com> 2013-11-19 17:34:23 -0500
commit: a660bec1d84ad19a39e380af129e207b3b8f609e (patch)
tree: 7dce6178a20225dacb833cec5d3b781d1b3626ac /security/selinux/ss/policydb.h
parent: 94851b18d4eb94f8bbf0d9176f7429bd8e371f62 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index da637471d4ce..725d5945a97e 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -154,6 +154,17 @@ struct cond_bool_datum {
 struct cond_node;
 
 /*
+ * type set preserves data needed to determine constraint info from
+ * policy source. This is not used by the kernel policy but allows
+ * utilities such as audit2allow to determine constraint denials.
+ */
+struct type_set {
+	struct ebitmap types;
+	struct ebitmap negset;
+	u32 flags;
+};
+
+/*
  * The configuration data includes security contexts for
  * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
  * network interfaces, and nodes.  This structure stores the
author	Richard Haines <richard_c_haines@btinternet.com>	2013-11-19 17:34:23 -0500
committer	Paul Moore <pmoore@redhat.com>	2013-11-19 17:34:23 -0500
commit	a660bec1d84ad19a39e380af129e207b3b8f609e (patch)
tree	7dce6178a20225dacb833cec5d3b781d1b3626ac /security/selinux/ss/policydb.h
parent	94851b18d4eb94f8bbf0d9176f7429bd8e371f62 (diff)