| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2001-2002 Silicon Graphics, Inc. All Rights Reserved. |
| 3 | * |
| 4 | * This program is free software; you can redistribute it and/or modify it |
| 5 | * under the terms of version 2 of the GNU General Public License as |
| 6 | * published by the Free Software Foundation. |
| 7 | * |
| 8 | * This program is distributed in the hope that it would be useful, but |
| 9 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
| 11 | * |
| 12 | * Further, this software is distributed without any warranty that it is |
| 13 | * free of the rightful claim of any third person regarding infringement |
| 14 | * or the like. Any license provided herein, whether implied or |
| 15 | * otherwise, applies only to this software file. Patent licenses, if |
| 16 | * any, provided herein do not apply to combinations of this program with |
| 17 | * other software, or any other product whatsoever. |
| 18 | * |
| 19 | * You should have received a copy of the GNU General Public License along |
| 20 | * with this program; if not, write the Free Software Foundation, Inc., 59 |
| 21 | * Temple Place - Suite 330, Boston MA 02111-1307, USA. |
| 22 | * |
| 23 | * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, |
| 24 | * Mountain View, CA 94043, or: |
| 25 | * |
| 26 | * http://www.sgi.com |
| 27 | * |
| 28 | * For further information regarding this notice, see: |
| 29 | * |
| 30 | * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ |
| 31 | */ |
| 32 | #ifndef __XFS_MAC_H__ |
| 33 | #define __XFS_MAC_H__ |
| 34 | |
| 35 | /* |
| 36 | * Mandatory Access Control |
| 37 | * |
| 38 | * Layout of a composite MAC label: |
| 39 | * ml_list contains the list of categories (MSEN) followed by the list of |
| 40 | * divisions (MINT). This is actually a header for the data structure which |
| 41 | * will have an ml_list with more than one element. |
| 42 | * |
| 43 | * ------------------------------- |
| 44 | * | ml_msen_type | ml_mint_type | |
| 45 | * ------------------------------- |
| 46 | * | ml_level | ml_grade | |
| 47 | * ------------------------------- |
| 48 | * | ml_catcount | |
| 49 | * ------------------------------- |
| 50 | * | ml_divcount | |
| 51 | * ------------------------------- |
| 52 | * | category 1 | |
| 53 | * | . . . | |
| 54 | * | category N | (where N = ml_catcount) |
| 55 | * ------------------------------- |
| 56 | * | division 1 | |
| 57 | * | . . . | |
| 58 | * | division M | (where M = ml_divcount) |
| 59 | * ------------------------------- |
| 60 | */ |
| 61 | #define XFS_MAC_MAX_SETS 250 |
| 62 | typedef struct xfs_mac_label { |
| 63 | __uint8_t ml_msen_type; /* MSEN label type */ |
| 64 | __uint8_t ml_mint_type; /* MINT label type */ |
| 65 | __uint8_t ml_level; /* Hierarchical level */ |
| 66 | __uint8_t ml_grade; /* Hierarchical grade */ |
| 67 | __uint16_t ml_catcount; /* Category count */ |
| 68 | __uint16_t ml_divcount; /* Division count */ |
| 69 | /* Category set, then Division set */ |
| 70 | __uint16_t ml_list[XFS_MAC_MAX_SETS]; |
| 71 | } xfs_mac_label_t; |
| 72 | |
| 73 | /* MSEN label type names. Choose an upper case ASCII character. */ |
| 74 | #define XFS_MSEN_ADMIN_LABEL 'A' /* Admin: low<admin != tcsec<high */ |
| 75 | #define XFS_MSEN_EQUAL_LABEL 'E' /* Wildcard - always equal */ |
| 76 | #define XFS_MSEN_HIGH_LABEL 'H' /* System High - always dominates */ |
| 77 | #define XFS_MSEN_MLD_HIGH_LABEL 'I' /* System High, multi-level dir */ |
| 78 | #define XFS_MSEN_LOW_LABEL 'L' /* System Low - always dominated */ |
| 79 | #define XFS_MSEN_MLD_LABEL 'M' /* TCSEC label on a multi-level dir */ |
| 80 | #define XFS_MSEN_MLD_LOW_LABEL 'N' /* System Low, multi-level dir */ |
| 81 | #define XFS_MSEN_TCSEC_LABEL 'T' /* TCSEC label */ |
| 82 | #define XFS_MSEN_UNKNOWN_LABEL 'U' /* unknown label */ |
| 83 | |
| 84 | /* MINT label type names. Choose a lower case ASCII character. */ |
| 85 | #define XFS_MINT_BIBA_LABEL 'b' /* Dual of a TCSEC label */ |
| 86 | #define XFS_MINT_EQUAL_LABEL 'e' /* Wildcard - always equal */ |
| 87 | #define XFS_MINT_HIGH_LABEL 'h' /* High Grade - always dominates */ |
| 88 | #define XFS_MINT_LOW_LABEL 'l' /* Low Grade - always dominated */ |
| 89 | |
| 90 | /* On-disk XFS extended attribute names */ |
| 91 | #define SGI_MAC_FILE "SGI_MAC_FILE" |
| 92 | #define SGI_MAC_FILE_SIZE (sizeof(SGI_MAC_FILE)-1) |
| 93 | |
| 94 | |
| 95 | #ifdef __KERNEL__ |
| 96 | |
| 97 | #ifdef CONFIG_FS_POSIX_MAC |
| 98 | |
| 99 | /* NOT YET IMPLEMENTED */ |
| 100 | |
| 101 | #define MACEXEC 00100 |
| 102 | #define MACWRITE 00200 |
| 103 | #define MACREAD 00400 |
| 104 | |
| 105 | struct xfs_inode; |
| 106 | extern int xfs_mac_iaccess(struct xfs_inode *, mode_t, cred_t *); |
| 107 | |
| 108 | #define _MAC_XFS_IACCESS(i,m,c) (xfs_mac_iaccess(i,m,c)) |
| 109 | #define _MAC_VACCESS(v,c,m) (xfs_mac_vaccess(v,c,m)) |
| 110 | #define _MAC_EXISTS xfs_mac_vhaslabel |
| 111 | |
| 112 | #else |
| 113 | #define _MAC_XFS_IACCESS(i,m,c) (0) |
| 114 | #define _MAC_VACCESS(v,c,m) (0) |
| 115 | #define _MAC_EXISTS (NULL) |
| 116 | #endif |
| 117 | |
| 118 | #endif /* __KERNEL__ */ |
| 119 | |
| 120 | #endif /* __XFS_MAC_H__ */ |