Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Type definitions for the multi-level security (MLS) policy. |
| 3 | * |
| 4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> |
| 5 | */ |
| 6 | /* |
| 7 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> |
| 8 | * |
| 9 | * Support for enhanced MLS infrastructure. |
| 10 | * |
| 11 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. |
| 12 | */ |
| 13 | |
| 14 | #ifndef _SS_MLS_TYPES_H_ |
| 15 | #define _SS_MLS_TYPES_H_ |
| 16 | |
| 17 | #include "security.h" |
| 18 | |
| 19 | struct mls_level { |
| 20 | u32 sens; /* sensitivity */ |
| 21 | struct ebitmap cat; /* category set */ |
| 22 | }; |
| 23 | |
| 24 | struct mls_range { |
| 25 | struct mls_level level[2]; /* low == level[0], high == level[1] */ |
| 26 | }; |
| 27 | |
| 28 | static inline int mls_level_eq(struct mls_level *l1, struct mls_level *l2) |
| 29 | { |
| 30 | if (!selinux_mls_enabled) |
| 31 | return 1; |
| 32 | |
| 33 | return ((l1->sens == l2->sens) && |
| 34 | ebitmap_cmp(&l1->cat, &l2->cat)); |
| 35 | } |
| 36 | |
| 37 | static inline int mls_level_dom(struct mls_level *l1, struct mls_level *l2) |
| 38 | { |
| 39 | if (!selinux_mls_enabled) |
| 40 | return 1; |
| 41 | |
| 42 | return ((l1->sens >= l2->sens) && |
| 43 | ebitmap_contains(&l1->cat, &l2->cat)); |
| 44 | } |
| 45 | |
| 46 | #define mls_level_incomp(l1, l2) \ |
| 47 | (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1))) |
| 48 | |
| 49 | #define mls_level_between(l1, l2, l3) \ |
| 50 | (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1))) |
| 51 | |
| 52 | #define mls_range_contains(r1, r2) \ |
| 53 | (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \ |
| 54 | mls_level_dom(&(r1).level[1], &(r2).level[1])) |
| 55 | |
| 56 | #endif /* _SS_MLS_TYPES_H_ */ |