diff options
author | Venkat Yekkirala <vyekkirala@TrustedCS.com> | 2006-07-25 02:27:16 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 17:53:21 -0400 |
commit | 08554d6b33e60aa8ee40bbef94505941c0eefef2 (patch) | |
tree | 1610750ccd13872a33fffffcce057e10aa785d2e /security/selinux/ss/mls.h | |
parent | 51bd39860ff829475aef611a3234309e37e090d9 (diff) |
[MLSXFRM]: Define new SELinux service routine
This defines a routine that combines the Type Enforcement portion of
one sid with the MLS portion from the other sid to arrive at a new
sid. This would be used to define a sid for a security association
that is to be negotiated by IKE as well as for determing the sid for
open requests and connection-oriented child sockets.
Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux/ss/mls.h')
-rw-r--r-- | security/selinux/ss/mls.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index fbb42f07dd7c..90c5e88987fa 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
@@ -17,6 +17,26 @@ | |||
17 | #include "context.h" | 17 | #include "context.h" |
18 | #include "policydb.h" | 18 | #include "policydb.h" |
19 | 19 | ||
20 | /* | ||
21 | * Copies the MLS range from `src' into `dst'. | ||
22 | */ | ||
23 | static inline int mls_copy_context(struct context *dst, | ||
24 | struct context *src) | ||
25 | { | ||
26 | int l, rc = 0; | ||
27 | |||
28 | /* Copy the MLS range from the source context */ | ||
29 | for (l = 0; l < 2; l++) { | ||
30 | dst->range.level[l].sens = src->range.level[l].sens; | ||
31 | rc = ebitmap_cpy(&dst->range.level[l].cat, | ||
32 | &src->range.level[l].cat); | ||
33 | if (rc) | ||
34 | break; | ||
35 | } | ||
36 | |||
37 | return rc; | ||
38 | } | ||
39 | |||
20 | int mls_compute_context_len(struct context *context); | 40 | int mls_compute_context_len(struct context *context); |
21 | void mls_sid_to_context(struct context *context, char **scontext); | 41 | void mls_sid_to_context(struct context *context, char **scontext); |
22 | int mls_context_isvalid(struct policydb *p, struct context *c); | 42 | int mls_context_isvalid(struct policydb *p, struct context *c); |