OSCL-LXR |
|
|
|
|||
0001 /* SPDX-License-Identifier: GPL-2.0 */ 0002 /* 0003 * A constraint is a condition that must be satisfied in 0004 * order for one or more permissions to be granted. 0005 * Constraints are used to impose additional restrictions 0006 * beyond the type-based rules in `te' or the role-based 0007 * transition rules in `rbac'. Constraints are typically 0008 * used to prevent a process from transitioning to a new user 0009 * identity or role unless it is in a privileged type. 0010 * Constraints are likewise typically used to prevent a 0011 * process from labeling an object with a different user 0012 * identity. 0013 * 0014 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 0015 */ 0016 #ifndef _SS_CONSTRAINT_H_ 0017 #define _SS_CONSTRAINT_H_ 0018 0019 #include "ebitmap.h" 0020 0021 #define CEXPR_MAXDEPTH 5 0022 0023 struct constraint_expr { 0024 #define CEXPR_NOT 1 /* not expr */ 0025 #define CEXPR_AND 2 /* expr and expr */ 0026 #define CEXPR_OR 3 /* expr or expr */ 0027 #define CEXPR_ATTR 4 /* attr op attr */ 0028 #define CEXPR_NAMES 5 /* attr op names */ 0029 u32 expr_type; /* expression type */ 0030 0031 #define CEXPR_USER 1 /* user */ 0032 #define CEXPR_ROLE 2 /* role */ 0033 #define CEXPR_TYPE 4 /* type */ 0034 #define CEXPR_TARGET 8 /* target if set, source otherwise */ 0035 #define CEXPR_XTARGET 16 /* special 3rd target for validatetrans rule */ 0036 #define CEXPR_L1L2 32 /* low level 1 vs. low level 2 */ 0037 #define CEXPR_L1H2 64 /* low level 1 vs. high level 2 */ 0038 #define CEXPR_H1L2 128 /* high level 1 vs. low level 2 */ 0039 #define CEXPR_H1H2 256 /* high level 1 vs. high level 2 */ 0040 #define CEXPR_L1H1 512 /* low level 1 vs. high level 1 */ 0041 #define CEXPR_L2H2 1024 /* low level 2 vs. high level 2 */ 0042 u32 attr; /* attribute */ 0043 0044 #define CEXPR_EQ 1 /* == or eq */ 0045 #define CEXPR_NEQ 2 /* != */ 0046 #define CEXPR_DOM 3 /* dom */ 0047 #define CEXPR_DOMBY 4 /* domby */ 0048 #define CEXPR_INCOMP 5 /* incomp */ 0049 u32 op; /* operator */ 0050 0051 struct ebitmap names; /* names */ 0052 struct type_set *type_names; 0053 0054 struct constraint_expr *next; /* next expression */ 0055 }; 0056 0057 struct constraint_node { 0058 u32 permissions; /* constrained permissions */ 0059 struct constraint_expr *expr; /* constraint on permissions */ 0060 struct constraint_node *next; /* next constraint */ 0061 }; 0062 0063 #endif /* _SS_CONSTRAINT_H_ */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.1.0 LXR engine. The LXR team |
|