SELinux: allow userspace to read policy back out of the kernel There is interest in being able to see what the actual policy is that was loaded into the kernel. The patch creates a new selinuxfs file /selinux/policy which can be read by userspace. The actual policy that is loaded into the kernel will be written back out to userspace. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: cee74f47a6baba0ac457e87687fdcf0abd599f0a [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Oct 13 17:50:25 2010 -0400
committer: James Morris <jmorris@namei.org> Thu Oct 21 10:12:58 2010 +1100
tree: 3d9fdb073050664e62d9cdb6c28112090cd138da
parent: 00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]
diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h
index f283b43..1f4e93c 100644
--- a/security/selinux/ss/ebitmap.h
+++ b/security/selinux/ss/ebitmap.h

@@ -123,6 +123,7 @@
 int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value);
 void ebitmap_destroy(struct ebitmap *e);
 int ebitmap_read(struct ebitmap *e, void *fp);
+int ebitmap_write(struct ebitmap *e, void *fp);
 
 #ifdef CONFIG_NETLABEL
 int ebitmap_netlbl_export(struct ebitmap *ebmap,
commit	cee74f47a6baba0ac457e87687fdcf0abd599f0a	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Oct 13 17:50:25 2010 -0400
committer	James Morris <jmorris@namei.org>	Thu Oct 21 10:12:58 2010 +1100
tree	3d9fdb073050664e62d9cdb6c28112090cd138da
parent	00d85c83ac52e2c1a66397f1abc589f80c543425 [diff] [blame]