*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
*/
+/*
+ * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
+ *
+ * Support for enhanced MLS infrastructure.
+ *
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
+ */
+
#ifndef _SS_MLS_TYPES_H_
#define _SS_MLS_TYPES_H_
+#include "security.h"
+
struct mls_level {
u32 sens; /* sensitivity */
struct ebitmap cat; /* category set */
struct mls_level level[2]; /* low == level[0], high == level[1] */
};
-struct mls_range_list {
- struct mls_range range;
- struct mls_range_list *next;
-};
+static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2)
+{
+ if (!selinux_mls_enabled)
+ return 1;
-#define MLS_RELATION_DOM 1 /* source dominates */
-#define MLS_RELATION_DOMBY 2 /* target dominates */
-#define MLS_RELATION_EQ 4 /* source and target are equivalent */
-#define MLS_RELATION_INCOMP 8 /* source and target are incomparable */
-
-#define mls_level_eq(l1,l2) \
-(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat))
-
-#define mls_level_relation(l1,l2) ( \
-(((l1).sens == (l2).sens) && ebitmap_cmp(&(l1).cat,&(l2).cat)) ? \
- MLS_RELATION_EQ : \
-(((l1).sens >= (l2).sens) && ebitmap_contains(&(l1).cat, &(l2).cat)) ? \
- MLS_RELATION_DOM : \
-(((l2).sens >= (l1).sens) && ebitmap_contains(&(l2).cat, &(l1).cat)) ? \
- MLS_RELATION_DOMBY : \
- MLS_RELATION_INCOMP )
-
-#define mls_range_contains(r1,r2) \
-((mls_level_relation((r1).level[0], (r2).level[0]) & \
- (MLS_RELATION_EQ | MLS_RELATION_DOMBY)) && \
- (mls_level_relation((r1).level[1], (r2).level[1]) & \
- (MLS_RELATION_EQ | MLS_RELATION_DOM)))
+ return ((l1->sens == l2->sens) &&
+ ebitmap_cmp(&l1->cat, &l2->cat));
+}
-/*
- * Every access vector permission is mapped to a set of MLS base
- * permissions, based on the flow properties of the corresponding
- * operation.
- */
-struct mls_perms {
- u32 read; /* permissions that map to `read' */
- u32 readby; /* permissions that map to `readby' */
- u32 write; /* permissions that map to `write' */
- u32 writeby; /* permissions that map to `writeby' */
-};
+static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2)
+{
+ if (!selinux_mls_enabled)
+ return 1;
+
+ return ((l1->sens >= l2->sens) &&
+ ebitmap_contains(&l1->cat, &l2->cat));
+}
+
+#define mls_level_incomp(l1, l2) \
+(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
+
+#define mls_level_between(l1, l2, l3) \
+(mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
+
+#define mls_range_contains(r1, r2) \
+(mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
+ mls_level_dom(&(r1).level[1], &(r2).level[1]))
#endif /* _SS_MLS_TYPES_H_ */
git://git.onelab.eu / linux-2.6.git / blobdiff