From 71ce8bbc83c48ab4b6876cd489d4bc102d1bc859 Mon Sep 17 00:00:00 2001 From: rwatson Date: Mon, 28 Oct 2002 19:44:05 +0000 Subject: Remove all reference to 'struct oldmac', since it's no longer required with the new VFS/EA semantics in the MAC framework. Move the per-policy structures out to per-policy include files, removing all policy-specific defines and structures out of the base framework includes and implementation, making mac_biba and mac_mls entirely self-contained. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_mls/mac_mls.h | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'sys/security/mac_mls') diff --git a/sys/security/mac_mls/mac_mls.h b/sys/security/mac_mls/mac_mls.h index 23296dd..2e464dc 100644 --- a/sys/security/mac_mls/mac_mls.h +++ b/sys/security/mac_mls/mac_mls.h @@ -61,6 +61,38 @@ * MAC_MLS_TYPE_LABEL. */ /* + * Structures and constants associated with a Multi-Level Security policy. + * mac_mls represents an MLS label, with mm_type determining its properties, + * and mm_level represents the hierarchal sensitivity level if valid for the + * current mm_type. If compartments are used, the same semantics apply as + * long as the suject is in every compartment the object is in. LOW, EQUAL + * and HIGH cannot be in compartments. + */ + +/* + * MLS compartments bit set size (in bits). + */ +#define MAC_MLS_MAX_COMPARTMMENTS 256 + +struct mac_mls_element { + u_short mme_type; + u_short mme_level; + u_char mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3]; +}; + +/* + * MLS labels consist of two components: a single label, and a label + * range. Depending on the context, one or both may be used; the mb_flags + * field permits the provider to indicate what fields are intended for + * use. + */ +struct mac_mls { + int mm_flags; + struct mac_mls_element mm_single; + struct mac_mls_element mm_rangelow, mm_rangehigh; +}; + +/* * MLS compartments bit test/set macros. * The range is 1 to MAC_MLS_MAX_COMPARTMENTS. */ -- cgit v1.1