1 /* -*- linux-c -*- */ 2 3 /* 4 * Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> 5 */ 6 7 #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ 8 #define _SEPOL_POLICYDB_FLASK_TYPES_H_ 9 10 /* 11 * The basic Flask types and constants. 12 */ 13 14 #include <sys/types.h> 15 #include <stdint.h> 16 #include <sys/cdefs.h> 17 18 __BEGIN_DECLS 19 20 /* 21 * A security context is a set of security attributes 22 * associated with each subject and object controlled 23 * by the security policy. The security context type 24 * is defined as a variable-length string that can be 25 * interpreted by any application or user with an 26 * understanding of the security policy. 27 */ 28 typedef char *sepol_security_context_t; 29 30 /* 31 * An access vector (AV) is a collection of related permissions 32 * for a pair of SIDs. The bits within an access vector 33 * are interpreted differently depending on the class of 34 * the object. The access vector interpretations are specified 35 * in flask/access_vectors, and the corresponding constants 36 * for permissions are defined in the automatically generated 37 * header file av_permissions.h. 38 */ 39 typedef uint32_t sepol_access_vector_t; 40 41 /* 42 * Each object class is identified by a fixed-size value. 43 * The set of security classes is specified in flask/security_classes, 44 * with the corresponding constants defined in the automatically 45 * generated header file flask.h. 46 */ 47 typedef uint16_t sepol_security_class_t; 48 #define SEPOL_SECCLASS_NULL 0x0000 /* no class */ 49 50 #define SELINUX_MAGIC 0xf97cff8c 51 #define SELINUX_MOD_MAGIC 0xf97cff8d 52 53 typedef uint32_t sepol_security_id_t; 54 #define SEPOL_SECSID_NULL 0 55 56 struct sepol_av_decision { 57 sepol_access_vector_t allowed; 58 sepol_access_vector_t decided; 59 sepol_access_vector_t auditallow; 60 sepol_access_vector_t auditdeny; 61 uint32_t seqno; 62 }; 63 64 __END_DECLS 65 #endif 66
