X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Fmls.h;h=096d1b4ef7fbb7cd7759cd9148840df3e0e2af5c;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=01c3fc81fc3d41f7b9d19736af8af59da136b7c0;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 01c3fc81f..096d1b4ef 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h @@ -3,26 +3,38 @@ * * Author : Stephen Smalley, */ +/* + * Updated: Trusted Computer Solutions, Inc. + * + * Support for enhanced MLS infrastructure. + * + * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. + */ +/* + * Updated: Hewlett-Packard + * + * Added support to import/export the MLS label from NetLabel + * + * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 + */ + #ifndef _SS_MLS_H_ #define _SS_MLS_H_ #include "context.h" #include "policydb.h" -#ifdef CONFIG_SECURITY_SELINUX_MLS - -void mls_compute_av(struct context *scontext, - struct context *tcontext, - struct class_datum *tclass, - u32 *allowed); - int mls_compute_context_len(struct context *context); -int mls_sid_to_context(struct context *context, char **scontext); +void mls_sid_to_context(struct context *context, char **scontext); int mls_context_isvalid(struct policydb *p, struct context *c); int mls_context_to_sid(char oldc, char **scontext, - struct context *context); + struct context *context, + struct sidtab *s, + u32 def_sid); + +int mls_from_string(char *str, struct context *context, gfp_t gfp_mask); int mls_convert_context(struct policydb *oldp, struct policydb *newp, @@ -34,65 +46,39 @@ int mls_compute_sid(struct context *scontext, u32 specified, struct context *newcontext); -int sens_index(void *key, void *datum, void *datap); -int cat_index(void *key, void *datum, void *datap); -int sens_destroy(void *key, void *datum, void *p); -int cat_destroy(void *key, void *datum, void *p); -int sens_read(struct policydb *p, struct hashtab *h, void *fp); -int cat_read(struct policydb *p, struct hashtab *h, void *fp); - -#define mls_for_user_ranges(user, usercon) { \ -struct mls_range_list *__ranges; \ -for (__ranges = user->ranges; __ranges; __ranges = __ranges->next) { \ -usercon.range = __ranges->range; - -#define mls_end_user_ranges } } - -#define mls_symtab_names "levels", "categories", -#define mls_symtab_sizes 16, 16, -#define mls_index_f sens_index, cat_index, -#define mls_destroy_f sens_destroy, cat_destroy, -#define mls_read_f sens_read, cat_read, -#define mls_write_f sens_write, cat_write, -#define mls_policydb_index_others(p) printk(", %d levels", p->nlevels); - -#define mls_set_config(config) config |= POLICYDB_CONFIG_MLS - -void mls_user_destroy(struct user_datum *usrdatum); -int mls_read_range(struct context *c, void *fp); -int mls_read_perm(struct perm_datum *perdatum, void *fp); -int mls_read_class(struct class_datum *cladatum, void *fp); -int mls_read_user(struct user_datum *usrdatum, void *fp); -int mls_read_nlevels(struct policydb *p, void *fp); -int mls_read_trusted(struct policydb *p, void *fp); - +int mls_setup_user_range(struct context *fromcon, struct user_datum *user, + struct context *usercon); + +#ifdef CONFIG_NETLABEL +void mls_export_netlbl_lvl(struct context *context, + struct netlbl_lsm_secattr *secattr); +void mls_import_netlbl_lvl(struct context *context, + struct netlbl_lsm_secattr *secattr); +int mls_export_netlbl_cat(struct context *context, + struct netlbl_lsm_secattr *secattr); +int mls_import_netlbl_cat(struct context *context, + struct netlbl_lsm_secattr *secattr); #else - -#define mls_compute_av(scontext, tcontext, tclass_datum, allowed) -#define mls_compute_context_len(context) 0 -#define mls_sid_to_context(context, scontextpp) -#define mls_context_isvalid(p, c) 1 -#define mls_context_to_sid(oldc, context_str, context) 0 -#define mls_convert_context(oldp, newp, c) 0 -#define mls_compute_sid(scontext, tcontext, tclass, specified, newcontextp) 0 -#define mls_for_user_ranges(user, usercon) -#define mls_end_user_ranges -#define mls_symtab_names -#define mls_symtab_sizes -#define mls_index_f -#define mls_destroy_f -#define mls_read_f -#define mls_write_f -#define mls_policydb_index_others(p) -#define mls_set_config(config) -#define mls_user_destroy(usrdatum) -#define mls_read_range(c, fp) 0 -#define mls_read_perm(p, fp) 0 -#define mls_read_class(c, fp) 0 -#define mls_read_user(u, fp) 0 -#define mls_read_nlevels(p, fp) 0 -#define mls_read_trusted(p, fp) 0 - +static inline void mls_export_netlbl_lvl(struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return; +} +static inline void mls_import_netlbl_lvl(struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return; +} +static inline int mls_export_netlbl_cat(struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return -ENOMEM; +} +static inline int mls_import_netlbl_cat(struct context *context, + struct netlbl_lsm_secattr *secattr) +{ + return -ENOMEM; +} #endif #endif /* _SS_MLS_H */