diff options
Diffstat (limited to 'security/selinux/ss/mls.h')
-rw-r--r-- | security/selinux/ss/mls.h | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h new file mode 100644 index 0000000000..107681dd18 --- /dev/null +++ b/security/selinux/ss/mls.h @@ -0,0 +1,116 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Multi-level security (MLS) policy operations. + * + * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> + */ +/* + * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> + * + * Support for enhanced MLS infrastructure. + * + * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. + */ +/* + * Updated: Hewlett-Packard <paul@paul-moore.com> + * + * Added support to import/export the MLS label from NetLabel + * + * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 + */ + +#ifndef _SS_MLS_H_ +#define _SS_MLS_H_ + +#include <linux/jhash.h> + +#include "context.h" +#include "ebitmap.h" +#include "policydb.h" + +int mls_compute_context_len(struct policydb *p, struct context *context); +void mls_sid_to_context(struct policydb *p, struct context *context, + char **scontext); +int mls_context_isvalid(struct policydb *p, struct context *c); +int mls_range_isvalid(struct policydb *p, struct mls_range *r); +int mls_level_isvalid(struct policydb *p, struct mls_level *l); + +int mls_context_to_sid(struct policydb *p, + char oldc, + char *scontext, + struct context *context, + struct sidtab *s, + u32 def_sid); + +int mls_from_string(struct policydb *p, char *str, struct context *context, + gfp_t gfp_mask); + +int mls_range_set(struct context *context, struct mls_range *range); + +int mls_convert_context(struct policydb *oldp, + struct policydb *newp, + struct context *oldc, + struct context *newc); + +int mls_compute_sid(struct policydb *p, + struct context *scontext, + struct context *tcontext, + u16 tclass, + u32 specified, + struct context *newcontext, + bool sock); + +int mls_setup_user_range(struct policydb *p, + struct context *fromcon, struct user_datum *user, + struct context *usercon); + +#ifdef CONFIG_NETLABEL +void mls_export_netlbl_lvl(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr); +void mls_import_netlbl_lvl(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr); +int mls_export_netlbl_cat(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr); +int mls_import_netlbl_cat(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr); +#else +static inline void mls_export_netlbl_lvl(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return; +} +static inline void mls_import_netlbl_lvl(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return; +} +static inline int mls_export_netlbl_cat(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return -ENOMEM; +} +static inline int mls_import_netlbl_cat(struct policydb *p, + struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return -ENOMEM; +} +#endif + +static inline u32 mls_range_hash(const struct mls_range *r, u32 hash) +{ + hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); + hash = ebitmap_hash(&r->level[0].cat, hash); + hash = ebitmap_hash(&r->level[1].cat, hash); + return hash; +} + +#endif /* _SS_MLS_H */ + |