security/selinux/ss/mls_types.h

   1 /*
   2  * Type definitions for the multi-level security (MLS) policy.
   3  *
   4  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
   5  */
   6 #ifndef _SS_MLS_TYPES_H_
   7 #define _SS_MLS_TYPES_H_
   8
   9 struct mls_level {
  10         u32 sens;               /* sensitivity */
  11         struct ebitmap cat;     /* category set */
  12 };
  13
  14 struct mls_range {
  15         struct mls_level level[2]; /* low == level[0], high == level[1] */
  16 };
  17
  18 struct mls_range_list {
  19         struct mls_range range;
  20         struct mls_range_list *next;
  21 };
  22
  23 #define MLS_RELATION_DOM        1 /* source dominates */
  24 #define MLS_RELATION_DOMBY      2 /* target dominates */
  25 #define MLS_RELATION_EQ         4 /* source and target are equivalent */
  26 #define MLS_RELATION_INCOMP     8 /* source and target are incomparable */
  27
  28 #define mls_level_eq(l1,l2) \
  29 (((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat))
  30
  31 #define mls_level_relation(l1,l2) ( \
  32 (((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat)) ? \
  33                                     MLS_RELATION_EQ : \
  34 (((l1).sens >= (l2).sens) && ebitmap_contains(&(l1).cat, &(l2).cat)) ? \
  35                                     MLS_RELATION_DOM : \
  36 (((l2).sens >= (l1).sens) && ebitmap_contains(&(l2).cat, &(l1).cat)) ? \
  37                                     MLS_RELATION_DOMBY : \
  38                                     MLS_RELATION_INCOMP )
  39
  40 #define mls_range_contains(r1,r2) \
  41 ((mls_level_relation((r1).level[0], (r2).level[0]) & \
  42           (MLS_RELATION_EQ | MLS_RELATION_DOMBY)) && \
  43          (mls_level_relation((r1).level[1], (r2).level[1]) & \
  44           (MLS_RELATION_EQ | MLS_RELATION_DOM)))
  45
  46 /*
  47  * Every access vector permission is mapped to a set of MLS base
  48  * permissions, based on the flow properties of the corresponding
  49  * operation.
  50  */
  51 struct mls_perms {
  52         u32 read;     /* permissions that map to `read' */
  53         u32 readby;   /* permissions that map to `readby' */
  54         u32 write;    /* permissions that map to `write' */
  55         u32 writeby;  /* permissions that map to `writeby' */
  56 };
  57
  58 #endif  /* _SS_MLS_TYPES_H_ */