diff options
| author | Paul Moore <paul.moore@hp.com> | 2006-11-29 13:18:18 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:36 -0500 |
| commit | 02752760359db6b00a3ffb1acfc13ef8d9eb1e3f (patch) | |
| tree | 796cd65fd4cd732b295e61dac194efbf36b78842 /security/selinux/ss/mls.h | |
| parent | ef91fd522ba3c88d9c68261c243567bc4c5a8f55 (diff) | |
NetLabel: convert to an extensibile/sparse category bitmap
The original NetLabel category bitmap was a straight char bitmap which worked
fine for the initial release as it only supported 240 bits due to limitations
in the CIPSO restricted bitmap tag (tag type 0x01). This patch converts that
straight char bitmap into an extensibile/sparse bitmap in order to lay the
foundation for other CIPSO tag types and protocols.
This patch also has a nice side effect in that all of the security attributes
passed by NetLabel into the LSM are now in a format which is in the host's
native byte/bit ordering which makes the LSM specific code much simpler; look
at the changes in security/selinux/ss/ebitmap.c as an example.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/mls.h')
| -rw-r--r-- | security/selinux/ss/mls.h | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index df6032c6d492..661d6fc76966 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
| @@ -13,7 +13,7 @@ | |||
| 13 | /* | 13 | /* |
| 14 | * Updated: Hewlett-Packard <paul.moore@hp.com> | 14 | * Updated: Hewlett-Packard <paul.moore@hp.com> |
| 15 | * | 15 | * |
| 16 | * Added support to import/export the MLS label | 16 | * Added support to import/export the MLS label from NetLabel |
| 17 | * | 17 | * |
| 18 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 | 18 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 |
| 19 | */ | 19 | */ |
| @@ -69,19 +69,37 @@ int mls_compute_sid(struct context *scontext, | |||
| 69 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | 69 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, |
| 70 | struct context *usercon); | 70 | struct context *usercon); |
| 71 | 71 | ||
| 72 | void mls_export_lvl(const struct context *context, u32 *low, u32 *high); | 72 | #ifdef CONFIG_NETLABEL |
| 73 | void mls_import_lvl(struct context *context, u32 low, u32 high); | 73 | void mls_export_netlbl_lvl(struct context *context, |
| 74 | 74 | struct netlbl_lsm_secattr *secattr); | |
| 75 | int mls_export_cat(const struct context *context, | 75 | void mls_import_netlbl_lvl(struct context *context, |
| 76 | unsigned char **low, | 76 | struct netlbl_lsm_secattr *secattr); |
| 77 | size_t *low_len, | 77 | int mls_export_netlbl_cat(struct context *context, |
| 78 | unsigned char **high, | 78 | struct netlbl_lsm_secattr *secattr); |
| 79 | size_t *high_len); | 79 | int mls_import_netlbl_cat(struct context *context, |
| 80 | int mls_import_cat(struct context *context, | 80 | struct netlbl_lsm_secattr *secattr); |
| 81 | const unsigned char *low, | 81 | #else |
| 82 | size_t low_len, | 82 | static inline void mls_export_netlbl_lvl(struct context *context, |
| 83 | const unsigned char *high, | 83 | struct netlbl_lsm_secattr *secattr) |
| 84 | size_t high_len); | 84 | { |
| 85 | return; | ||
| 86 | } | ||
| 87 | static inline void mls_import_netlbl_lvl(struct context *context, | ||
| 88 | struct netlbl_lsm_secattr *secattr) | ||
| 89 | { | ||
| 90 | return; | ||
| 91 | } | ||
| 92 | static inline int mls_export_netlbl_cat(struct context *context, | ||
| 93 | struct netlbl_lsm_secattr *secattr) | ||
| 94 | { | ||
| 95 | return -ENOMEM; | ||
| 96 | } | ||
| 97 | static inline int mls_import_netlbl_cat(struct context *context, | ||
| 98 | struct netlbl_lsm_secattr *secattr) | ||
| 99 | { | ||
| 100 | return -ENOMEM; | ||
| 101 | } | ||
| 102 | #endif | ||
| 85 | 103 | ||
| 86 | #endif /* _SS_MLS_H */ | 104 | #endif /* _SS_MLS_H */ |
| 87 | 105 | ||