selinux_native/jni/libsepol/include/sepol/policydb/mls_types.h
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*
* Support for enhanced MLS infrastructure.
*
* Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* FLASK */
/*
* Type definitions for the multi-level security (MLS) policy.
*/
#ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
#define _SEPOL_POLICYDB_MLS_TYPES_H_
#include <stdint.h>
#include <stdlib.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>
typedef struct mls_level {
uint32_t sens; /* sensitivity */
ebitmap_t cat; /* category set */
} mls_level_t;
typedef struct mls_range {
mls_level_t level[2]; /* low == level[0], high == level[1] */
} mls_range_t;
static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
{
dst->sens = src->sens;
if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
return -1;
return 0;
}
static inline void mls_level_init(struct mls_level *level)
{
memset(level, 0, sizeof(mls_level_t));
}
static inline void mls_level_destroy(struct mls_level *level)
{
if (level == NULL)
return;
ebitmap_destroy(&level->cat);
mls_level_init(level);
}
static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
}
static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
{
return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
}
#define mls_level_incomp(l1, l2) \
(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
#define mls_level_between(l1, l2, l3) \
(mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
#define mls_range_contains(r1, r2) \
(mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
mls_level_dom(&(r1).level[1], &(r2).level[1]))
static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
{
if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
goto err;
if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
goto err_destroy;
return 0;
err_destroy:
mls_level_destroy(&dst->level[0]);
err:
return -1;
}
static inline void mls_range_init(struct mls_range *r)
{
mls_level_init(&r->level[0]);
mls_level_init(&r->level[1]);
}
static inline void mls_range_destroy(struct mls_range *r)
{
mls_level_destroy(&r->level[0]);
mls_level_destroy(&r->level[1]);
}
static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
{
return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
mls_level_eq(&r1->level[1], &r2->level[1]));
}
typedef struct mls_semantic_cat {
uint32_t low; /* first bit this struct represents */
uint32_t high; /* last bit represented - equals low for a single cat */
struct mls_semantic_cat *next;
} mls_semantic_cat_t;
typedef struct mls_semantic_level {
uint32_t sens;
mls_semantic_cat_t *cat;
} mls_semantic_level_t;
typedef struct mls_semantic_range {
mls_semantic_level_t level[2];
} mls_semantic_range_t;
extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
extern void mls_semantic_level_init(mls_semantic_level_t *l);
extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
extern void mls_semantic_range_init(mls_semantic_range_t *r);
extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
#endif