Linux/security/selinux/ss/constraint.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * A constraint is a condition that must be satisfied in 4 * order for one or more permissions to be granted. 5 * Constraints are used to impose additional restrictions 6 * beyond the type-based rules in `te' or the role-based 7 * transition rules in `rbac'. Constraints are typically 8 * used to prevent a process from transitioning to a new user 9 * identity or role unless it is in a privileged type. 10 * Constraints are likewise typically used to prevent a 11 * process from labeling an object with a different user 12 * identity. 13 * 14 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 15 */ 16 17 #ifndef _SS_CONSTRAINT_H_ 18 #define _SS_CONSTRAINT_H_ 19 20 #include "ebitmap.h" 21 22 #define CEXPR_MAXDEPTH 5 23 24 struct constraint_expr { 25 #define CEXPR_NOT 1 /* not expr */ 26 #define CEXPR_AND 2 /* expr and expr */ 27 #define CEXPR_OR 3 /* expr or expr */ 28 #define CEXPR_ATTR 4 /* attr op attr */ 29 #define CEXPR_NAMES 5 /* attr op names */ 30 u32 expr_type; /* expression type */ 31 32 #define CEXPR_USER 1 /* user */ 33 #define CEXPR_ROLE 2 /* role */ 34 #define CEXPR_TYPE 4 /* type */ 35 #define CEXPR_TARGET 8 /* target if set, source otherwise */ 36 #define CEXPR_XTARGET 16 /* special 3rd target for validatetrans rule */ 37 #define CEXPR_L1L2 32 /* low level 1 vs. low level 2 */ 38 #define CEXPR_L1H2 64 /* low level 1 vs. high level 2 */ 39 #define CEXPR_H1L2 128 /* high level 1 vs. low level 2 */ 40 #define CEXPR_H1H2 256 /* high level 1 vs. high level 2 */ 41 #define CEXPR_L1H1 512 /* low level 1 vs. high level 1 */ 42 #define CEXPR_L2H2 1024 /* low level 2 vs. high level 2 */ 43 u32 attr; /* attribute */ 44 45 #define CEXPR_EQ 1 /* == or eq */ 46 #define CEXPR_NEQ 2 /* != */ 47 #define CEXPR_DOM 3 /* dom */ 48 #define CEXPR_DOMBY 4 /* domby */ 49 #define CEXPR_INCOMP 5 /* incomp */ 50 u32 op; /* operator */ 51 52 struct ebitmap names; /* names */ 53 struct type_set *type_names; 54 55 struct constraint_expr *next; /* next expression */ 56 }; 57 58 struct constraint_node { 59 u32 permissions; /* constrained permissions */ 60 struct constraint_expr *expr; /* constraint on permissions */ 61 struct constraint_node *next; /* next constraint */ 62 }; 63 64 #endif /* _SS_CONSTRAINT_H_ */ 65

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/security/selinux/ss/constraint.h

TOMOYO Linux Cross Reference
Linux/security/selinux/ss/constraint.h