113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* -*- linux-c -*- */ 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define _SEPOL_POLICYDB_FLASK_TYPES_H_ 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * The basic Flask types and constants. 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdint.h> 16ed7a6ba24ad3241e696fa7bc9bb56bb4f373147bdcashman 17cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley#ifdef __cplusplus 18cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalleyextern "C" { 19cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley#endif 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * A security context is a set of security attributes 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * associated with each subject and object controlled 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * by the security policy. The security context type 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * is defined as a variable-length string that can be 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * interpreted by any application or user with an 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * understanding of the security policy. 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypedef char *sepol_security_context_t; 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * An access vector (AV) is a collection of related permissions 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * for a pair of SIDs. The bits within an access vector 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * are interpreted differently depending on the class of 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the object. The access vector interpretations are specified 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * in flask/access_vectors, and the corresponding constants 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * for permissions are defined in the automatically generated 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * header file av_permissions.h. 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypedef uint32_t sepol_access_vector_t; 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Each object class is identified by a fixed-size value. 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * The set of security classes is specified in flask/security_classes, 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * with the corresponding constants defined in the automatically 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * generated header file flask.h. 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypedef uint16_t sepol_security_class_t; 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SEPOL_SECCLASS_NULL 0x0000 /* no class */ 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SELINUX_MAGIC 0xf97cff8c 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SELINUX_MOD_MAGIC 0xf97cff8d 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypedef uint32_t sepol_security_id_t; 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define SEPOL_SECSID_NULL 0 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct sepol_av_decision { 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_access_vector_t allowed; 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_access_vector_t decided; 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_access_vector_t auditallow; 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_access_vector_t auditdeny; 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uint32_t seqno; 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 65cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley#ifdef __cplusplus 66cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley} 67cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley#endif 68cf8625be58e3fe29e7a45331a47dde03e107b340Stephen Smalley 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#endif 70