diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-10-21 18:42:01 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-10-21 18:42:01 +0000 |
commit | 63323cc3aec332230923139e004f15a08fa171d1 (patch) | |
tree | 229228b753fcff46679f1fee5df00dfaf6292d68 /sys/security/mac_mls/mac_mls.h | |
parent | 54f5e2ef60254c34c2bb84b9948f7678ae758d31 (diff) | |
download | FreeBSD-src-63323cc3aec332230923139e004f15a08fa171d1.zip FreeBSD-src-63323cc3aec332230923139e004f15a08fa171d1.tar.gz |
Add compartment support to Biba and MLS policies. The logic of the
policies remains the same: subjects and objects are labeled for
integrity or sensitivity, and a dominance operator determines whether
or not subject/object accesses are permitted to limit inappropriate
information flow. Compartments are a non-hierarchal component to
the label, so add a bitfield to the label element for each, and a
set check as part of the dominance operator. This permits the
implementation of "need to know" elements of MLS.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_mls/mac_mls.h')
-rw-r--r-- | sys/security/mac_mls/mac_mls.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sys/security/mac_mls/mac_mls.h b/sys/security/mac_mls/mac_mls.h index bb99a36..bf255a1 100644 --- a/sys/security/mac_mls/mac_mls.h +++ b/sys/security/mac_mls/mac_mls.h @@ -58,4 +58,14 @@ #define MAC_MLS_TYPE_EQUAL 4 /* Equivilent to any * MAC_MLS_TYPE_LABEL. */ +/* + * MLS compartments bit test/set macros. + * The range is 1 to MAC_MLS_MAX_COMPARTMENTS. + */ +#define MAC_MLS_BIT_TEST(b, w) \ + ((w)[(((b) - 1) >> 3)] & (1 << (((b) - 1) & 7))) +#define MAC_MLS_BIT_SET(b, w) \ + ((w)[(((b) - 1) >> 3)] |= (1 << (((b) - 1) & 7))) +#define MAC_MLS_BIT_SET_EMPTY(set) mls_bit_set_empty(set) + #endif /* !_SYS_SECURITY_MAC_MLS_H */ |