1255e72915d4cbddceb435e13d81601755714e9fSE Android 2255e72915d4cbddceb435e13d81601755714e9fSE Android/* -*- linux-c -*- */ 3255e72915d4cbddceb435e13d81601755714e9fSE Android 4255e72915d4cbddceb435e13d81601755714e9fSE Android/* 5255e72915d4cbddceb435e13d81601755714e9fSE Android * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 6255e72915d4cbddceb435e13d81601755714e9fSE Android */ 7255e72915d4cbddceb435e13d81601755714e9fSE Android 8255e72915d4cbddceb435e13d81601755714e9fSE Android#ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ 9255e72915d4cbddceb435e13d81601755714e9fSE Android#define _SEPOL_POLICYDB_FLASK_TYPES_H_ 10255e72915d4cbddceb435e13d81601755714e9fSE Android 11255e72915d4cbddceb435e13d81601755714e9fSE Android/* 12255e72915d4cbddceb435e13d81601755714e9fSE Android * The basic Flask types and constants. 13255e72915d4cbddceb435e13d81601755714e9fSE Android */ 14255e72915d4cbddceb435e13d81601755714e9fSE Android 15255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sys/types.h> 16255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stdint.h> 17255e72915d4cbddceb435e13d81601755714e9fSE Android 18255e72915d4cbddceb435e13d81601755714e9fSE Android/* 19255e72915d4cbddceb435e13d81601755714e9fSE Android * A security context is a set of security attributes 20255e72915d4cbddceb435e13d81601755714e9fSE Android * associated with each subject and object controlled 21255e72915d4cbddceb435e13d81601755714e9fSE Android * by the security policy. The security context type 22255e72915d4cbddceb435e13d81601755714e9fSE Android * is defined as a variable-length string that can be 23255e72915d4cbddceb435e13d81601755714e9fSE Android * interpreted by any application or user with an 24255e72915d4cbddceb435e13d81601755714e9fSE Android * understanding of the security policy. 25255e72915d4cbddceb435e13d81601755714e9fSE Android */ 26255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef char *sepol_security_context_t; 27255e72915d4cbddceb435e13d81601755714e9fSE Android 28255e72915d4cbddceb435e13d81601755714e9fSE Android/* 29255e72915d4cbddceb435e13d81601755714e9fSE Android * An access vector (AV) is a collection of related permissions 30255e72915d4cbddceb435e13d81601755714e9fSE Android * for a pair of SIDs. The bits within an access vector 31255e72915d4cbddceb435e13d81601755714e9fSE Android * are interpreted differently depending on the class of 32255e72915d4cbddceb435e13d81601755714e9fSE Android * the object. The access vector interpretations are specified 33255e72915d4cbddceb435e13d81601755714e9fSE Android * in flask/access_vectors, and the corresponding constants 34255e72915d4cbddceb435e13d81601755714e9fSE Android * for permissions are defined in the automatically generated 35255e72915d4cbddceb435e13d81601755714e9fSE Android * header file av_permissions.h. 36255e72915d4cbddceb435e13d81601755714e9fSE Android */ 37255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef uint32_t sepol_access_vector_t; 38255e72915d4cbddceb435e13d81601755714e9fSE Android 39255e72915d4cbddceb435e13d81601755714e9fSE Android/* 40255e72915d4cbddceb435e13d81601755714e9fSE Android * Each object class is identified by a fixed-size value. 41255e72915d4cbddceb435e13d81601755714e9fSE Android * The set of security classes is specified in flask/security_classes, 42255e72915d4cbddceb435e13d81601755714e9fSE Android * with the corresponding constants defined in the automatically 43255e72915d4cbddceb435e13d81601755714e9fSE Android * generated header file flask.h. 44255e72915d4cbddceb435e13d81601755714e9fSE Android */ 45255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef uint16_t sepol_security_class_t; 46255e72915d4cbddceb435e13d81601755714e9fSE Android#define SEPOL_SECCLASS_NULL 0x0000 /* no class */ 47255e72915d4cbddceb435e13d81601755714e9fSE Android 48255e72915d4cbddceb435e13d81601755714e9fSE Android#define SELINUX_MAGIC 0xf97cff8c 49255e72915d4cbddceb435e13d81601755714e9fSE Android#define SELINUX_MOD_MAGIC 0xf97cff8d 50255e72915d4cbddceb435e13d81601755714e9fSE Android 51255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef uint32_t sepol_security_id_t; 52255e72915d4cbddceb435e13d81601755714e9fSE Android#define SEPOL_SECSID_NULL 0 53255e72915d4cbddceb435e13d81601755714e9fSE Android 54255e72915d4cbddceb435e13d81601755714e9fSE Androidstruct sepol_av_decision { 55255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_access_vector_t allowed; 56255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_access_vector_t decided; 57255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_access_vector_t auditallow; 58255e72915d4cbddceb435e13d81601755714e9fSE Android sepol_access_vector_t auditdeny; 59255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t seqno; 60255e72915d4cbddceb435e13d81601755714e9fSE Android}; 61255e72915d4cbddceb435e13d81601755714e9fSE Android 62255e72915d4cbddceb435e13d81601755714e9fSE Android#endif 63