2 * Copyright (c) 2001-2002,2005 Silicon Graphics, Inc.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 * Mandatory Access Control
24 * Layout of a composite MAC label:
25 * ml_list contains the list of categories (MSEN) followed by the list of
26 * divisions (MINT). This is actually a header for the data structure which
27 * will have an ml_list with more than one element.
29 * -------------------------------
30 * | ml_msen_type | ml_mint_type |
31 * -------------------------------
32 * | ml_level | ml_grade |
33 * -------------------------------
35 * -------------------------------
37 * -------------------------------
40 * | category N | (where N = ml_catcount)
41 * -------------------------------
44 * | division M | (where M = ml_divcount)
45 * -------------------------------
47 #define XFS_MAC_MAX_SETS 250
48 typedef struct xfs_mac_label {
49 __uint8_t ml_msen_type; /* MSEN label type */
50 __uint8_t ml_mint_type; /* MINT label type */
51 __uint8_t ml_level; /* Hierarchical level */
52 __uint8_t ml_grade; /* Hierarchical grade */
53 __uint16_t ml_catcount; /* Category count */
54 __uint16_t ml_divcount; /* Division count */
55 /* Category set, then Division set */
56 __uint16_t ml_list[XFS_MAC_MAX_SETS];
59 /* MSEN label type names. Choose an upper case ASCII character. */
60 #define XFS_MSEN_ADMIN_LABEL 'A' /* Admin: low<admin != tcsec<high */
61 #define XFS_MSEN_EQUAL_LABEL 'E' /* Wildcard - always equal */
62 #define XFS_MSEN_HIGH_LABEL 'H' /* System High - always dominates */
63 #define XFS_MSEN_MLD_HIGH_LABEL 'I' /* System High, multi-level dir */
64 #define XFS_MSEN_LOW_LABEL 'L' /* System Low - always dominated */
65 #define XFS_MSEN_MLD_LABEL 'M' /* TCSEC label on a multi-level dir */
66 #define XFS_MSEN_MLD_LOW_LABEL 'N' /* System Low, multi-level dir */
67 #define XFS_MSEN_TCSEC_LABEL 'T' /* TCSEC label */
68 #define XFS_MSEN_UNKNOWN_LABEL 'U' /* unknown label */
70 /* MINT label type names. Choose a lower case ASCII character. */
71 #define XFS_MINT_BIBA_LABEL 'b' /* Dual of a TCSEC label */
72 #define XFS_MINT_EQUAL_LABEL 'e' /* Wildcard - always equal */
73 #define XFS_MINT_HIGH_LABEL 'h' /* High Grade - always dominates */
74 #define XFS_MINT_LOW_LABEL 'l' /* Low Grade - always dominated */
76 /* On-disk XFS extended attribute names */
77 #define SGI_MAC_FILE "SGI_MAC_FILE"
78 #define SGI_MAC_FILE_SIZE (sizeof(SGI_MAC_FILE)-1)
83 #ifdef CONFIG_FS_POSIX_MAC
85 /* NOT YET IMPLEMENTED */
88 #define MACWRITE 00200
92 extern int xfs_mac_iaccess(struct xfs_inode *, mode_t, cred_t *);
94 #define _MAC_XFS_IACCESS(i,m,c) (xfs_mac_iaccess(i,m,c))
95 #define _MAC_VACCESS(v,c,m) (xfs_mac_vaccess(v,c,m))
96 #define _MAC_EXISTS xfs_mac_vhaslabel
99 #define _MAC_XFS_IACCESS(i,m,c) (0)
100 #define _MAC_VACCESS(v,c,m) (0)
101 #define _MAC_EXISTS (NULL)
104 #endif /* __KERNEL__ */
106 #endif /* __XFS_MAC_H__ */