~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/ss/constraint.h

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/selinux/ss/constraint.h (Version linux-6.12-rc7) and /security/selinux/ss/constraint.h (Version linux-5.0.21)

  1 /* SPDX-License-Identifier: GPL-2.0 */              1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*                                                  2 /*
  3  * A constraint is a condition that must be sa      3  * A constraint is a condition that must be satisfied in
  4  * order for one or more permissions to be gra      4  * order for one or more permissions to be granted.
  5  * Constraints are used to impose additional r      5  * Constraints are used to impose additional restrictions
  6  * beyond the type-based rules in `te' or the       6  * beyond the type-based rules in `te' or the role-based
  7  * transition rules in `rbac'.  Constraints ar      7  * transition rules in `rbac'.  Constraints are typically
  8  * used to prevent a process from transitionin      8  * used to prevent a process from transitioning to a new user
  9  * identity or role unless it is in a privileg      9  * identity or role unless it is in a privileged type.
 10  * Constraints are likewise typically used to      10  * Constraints are likewise typically used to prevent a
 11  * process from labeling an object with a diff     11  * process from labeling an object with a different user
 12  * identity.                                       12  * identity.
 13  *                                                 13  *
 14  * Author : Stephen Smalley, <stephen.smalley. !!  14  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
 15  */                                                15  */
 16                                                << 
 17 #ifndef _SS_CONSTRAINT_H_                          16 #ifndef _SS_CONSTRAINT_H_
 18 #define _SS_CONSTRAINT_H_                          17 #define _SS_CONSTRAINT_H_
 19                                                    18 
 20 #include "ebitmap.h"                               19 #include "ebitmap.h"
 21                                                    20 
 22 #define CEXPR_MAXDEPTH 5                           21 #define CEXPR_MAXDEPTH 5
 23                                                    22 
 24 struct constraint_expr {                           23 struct constraint_expr {
 25 #define CEXPR_NOT   1 /* not expr */           !!  24 #define CEXPR_NOT               1 /* not expr */
 26 #define CEXPR_AND   2 /* expr and expr */      !!  25 #define CEXPR_AND               2 /* expr and expr */
 27 #define CEXPR_OR    3 /* expr or expr */       !!  26 #define CEXPR_OR                3 /* expr or expr */
 28 #define CEXPR_ATTR  4 /* attr op attr */       !!  27 #define CEXPR_ATTR              4 /* attr op attr */
 29 #define CEXPR_NAMES 5 /* attr op names */      !!  28 #define CEXPR_NAMES             5 /* attr op names */
 30         u32 expr_type; /* expression type */   !!  29         u32 expr_type;          /* expression type */
 31                                                !!  30 
 32 #define CEXPR_USER    1 /* user */             !!  31 #define CEXPR_USER 1            /* user */
 33 #define CEXPR_ROLE    2 /* role */             !!  32 #define CEXPR_ROLE 2            /* role */
 34 #define CEXPR_TYPE    4 /* type */             !!  33 #define CEXPR_TYPE 4            /* type */
 35 #define CEXPR_TARGET  8 /* target if set, sour !!  34 #define CEXPR_TARGET 8          /* target if set, source otherwise */
 36 #define CEXPR_XTARGET 16 /* special 3rd target !!  35 #define CEXPR_XTARGET 16        /* special 3rd target for validatetrans rule */
 37 #define CEXPR_L1L2    32 /* low level 1 vs. lo !!  36 #define CEXPR_L1L2 32           /* low level 1 vs. low level 2 */
 38 #define CEXPR_L1H2    64 /* low level 1 vs. hi !!  37 #define CEXPR_L1H2 64           /* low level 1 vs. high level 2 */
 39 #define CEXPR_H1L2    128 /* high level 1 vs.  !!  38 #define CEXPR_H1L2 128          /* high level 1 vs. low level 2 */
 40 #define CEXPR_H1H2    256 /* high level 1 vs.  !!  39 #define CEXPR_H1H2 256          /* high level 1 vs. high level 2 */
 41 #define CEXPR_L1H1    512 /* low level 1 vs. h !!  40 #define CEXPR_L1H1 512          /* low level 1 vs. high level 1 */
 42 #define CEXPR_L2H2    1024 /* low level 2 vs.  !!  41 #define CEXPR_L2H2 1024         /* low level 2 vs. high level 2 */
 43         u32 attr; /* attribute */              !!  42         u32 attr;               /* attribute */
 44                                                !!  43 
 45 #define CEXPR_EQ     1 /* == or eq */          !!  44 #define CEXPR_EQ     1          /* == or eq */
 46 #define CEXPR_NEQ    2 /* != */                !!  45 #define CEXPR_NEQ    2          /* != */
 47 #define CEXPR_DOM    3 /* dom */               !!  46 #define CEXPR_DOM    3          /* dom */
 48 #define CEXPR_DOMBY  4 /* domby  */            !!  47 #define CEXPR_DOMBY  4          /* domby  */
 49 #define CEXPR_INCOMP 5 /* incomp */            !!  48 #define CEXPR_INCOMP 5          /* incomp */
 50         u32 op; /* operator */                 !!  49         u32 op;                 /* operator */
 51                                                    50 
 52         struct ebitmap names; /* names */      !!  51         struct ebitmap names;   /* names */
 53         struct type_set *type_names;               52         struct type_set *type_names;
 54                                                    53 
 55         struct constraint_expr *next; /* next  !!  54         struct constraint_expr *next;   /* next expression */
 56 };                                                 55 };
 57                                                    56 
 58 struct constraint_node {                           57 struct constraint_node {
 59         u32 permissions; /* constrained permis !!  58         u32 permissions;        /* constrained permissions */
 60         struct constraint_expr *expr; /* const !!  59         struct constraint_expr *expr;   /* constraint on permissions */
 61         struct constraint_node *next; /* next  !!  60         struct constraint_node *next;   /* next constraint */
 62 };                                                 61 };
 63                                                    62 
 64 #endif /* _SS_CONSTRAINT_H_ */                 !!  63 #endif  /* _SS_CONSTRAINT_H_ */
 65                                                    64
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php