fs/xfs/xfs_mac.h

   1 /*
   2  * Copyright (c) 2001-2002 Silicon Graphics, Inc.  All Rights Reserved.
   3  *
   4  * This program is free software; you can redistribute it and/or modify it
   5  * under the terms of version 2 of the GNU General Public License as
   6  * published by the Free Software Foundation.
   7  *
   8  * This program is distributed in the hope that it would be useful, but
   9  * WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  11  *
  12  * Further, this software is distributed without any warranty that it is
  13  * free of the rightful claim of any third person regarding infringement
  14  * or the like.  Any license provided herein, whether implied or
  15  * otherwise, applies only to this software file.  Patent licenses, if
  16  * any, provided herein do not apply to combinations of this program with
  17  * other software, or any other product whatsoever.
  18  *
  19  * You should have received a copy of the GNU General Public License along
  20  * with this program; if not, write the Free Software Foundation, Inc., 59
  21  * Temple Place - Suite 330, Boston MA 02111-1307, USA.
  22  *
  23  * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
  24  * Mountain View, CA  94043, or:
  25  *
  26  * http://www.sgi.com
  27  *
  28  * For further information regarding this notice, see:
  29  *
  30  * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
  31  */
  32 #ifndef __XFS_MAC_H__
  33 #define __XFS_MAC_H__
  34
  35 /*
  36  * Mandatory Access Control
  37  *
  38  * Layout of a composite MAC label:
  39  * ml_list contains the list of categories (MSEN) followed by the list of
  40  * divisions (MINT). This is actually a header for the data structure which
  41  * will have an ml_list with more than one element.
  42  *
  43  *      -------------------------------
  44  *      | ml_msen_type | ml_mint_type |
  45  *      -------------------------------
  46  *      | ml_level     | ml_grade     |
  47  *      -------------------------------
  48  *      | ml_catcount                 |
  49  *      -------------------------------
  50  *      | ml_divcount                 |
  51  *      -------------------------------
  52  *      | category 1                  |
  53  *      | . . .                       |
  54  *      | category N                  | (where N = ml_catcount)
  55  *      -------------------------------
  56  *      | division 1                  |
  57  *      | . . .                       |
  58  *      | division M                  | (where M = ml_divcount)
  59  *      -------------------------------
  60  */
  61 #define XFS_MAC_MAX_SETS        250
  62 typedef struct xfs_mac_label {
  63         __uint8_t       ml_msen_type;   /* MSEN label type */
  64         __uint8_t       ml_mint_type;   /* MINT label type */
  65         __uint8_t       ml_level;       /* Hierarchical level */
  66         __uint8_t       ml_grade;       /* Hierarchical grade */
  67         __uint16_t      ml_catcount;    /* Category count */
  68         __uint16_t      ml_divcount;    /* Division count */
  69                                         /* Category set, then Division set */
  70         __uint16_t      ml_list[XFS_MAC_MAX_SETS];
  71 } xfs_mac_label_t;
  72
  73 /* MSEN label type names. Choose an upper case ASCII character.  */
  74 #define XFS_MSEN_ADMIN_LABEL    'A'     /* Admin: low<admin != tcsec<high */
  75 #define XFS_MSEN_EQUAL_LABEL    'E'     /* Wildcard - always equal */
  76 #define XFS_MSEN_HIGH_LABEL     'H'     /* System High - always dominates */
  77 #define XFS_MSEN_MLD_HIGH_LABEL 'I'     /* System High, multi-level dir */
  78 #define XFS_MSEN_LOW_LABEL      'L'     /* System Low - always dominated */
  79 #define XFS_MSEN_MLD_LABEL      'M'     /* TCSEC label on a multi-level dir */
  80 #define XFS_MSEN_MLD_LOW_LABEL  'N'     /* System Low, multi-level dir */
  81 #define XFS_MSEN_TCSEC_LABEL    'T'     /* TCSEC label */
  82 #define XFS_MSEN_UNKNOWN_LABEL  'U'     /* unknown label */
  83
  84 /* MINT label type names. Choose a lower case ASCII character.  */
  85 #define XFS_MINT_BIBA_LABEL     'b'     /* Dual of a TCSEC label */
  86 #define XFS_MINT_EQUAL_LABEL    'e'     /* Wildcard - always equal */
  87 #define XFS_MINT_HIGH_LABEL     'h'     /* High Grade - always dominates */
  88 #define XFS_MINT_LOW_LABEL      'l'     /* Low Grade - always dominated */
  89
  90 /* On-disk XFS extended attribute names */
  91 #define SGI_MAC_FILE    "SGI_MAC_FILE"
  92 #define SGI_MAC_FILE_SIZE       (sizeof(SGI_MAC_FILE)-1)
  93
  94
  95 #ifdef __KERNEL__
  96
  97 #ifdef CONFIG_FS_POSIX_MAC
  98
  99 /* NOT YET IMPLEMENTED */
 100
 101 #define MACEXEC         00100
 102 #define MACWRITE        00200
 103 #define MACREAD         00400
 104
 105 struct xfs_inode;
 106 extern int  xfs_mac_iaccess(struct xfs_inode *, mode_t, cred_t *);
 107
 108 #define _MAC_XFS_IACCESS(i,m,c) (xfs_mac_iaccess(i,m,c))
 109 #define _MAC_VACCESS(v,c,m)     (xfs_mac_vaccess(v,c,m))
 110 #define _MAC_EXISTS             xfs_mac_vhaslabel
 111
 112 #else
 113 #define _MAC_XFS_IACCESS(i,m,c) (0)
 114 #define _MAC_VACCESS(v,c,m)     (0)
 115 #define _MAC_EXISTS             (NULL)
 116 #endif
 117
 118 #endif  /* __KERNEL__ */
 119
 120 #endif  /* __XFS_MAC_H__ */