1 /* -*- linux-c -*- */ 2 3 /* 4 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 5 */ 6 7 #ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_ 8 #define _SEPOL_POLICYDB_FLASK_TYPES_H_ 9 10 /* 11 * The basic Flask types and constants. 12 */ 13 14 #include <sys/types.h> 15 #include <stdint.h> 16 17 #ifdef __cplusplus 18 extern "C" { 19 #endif 20 21 /* 22 * A security context is a set of security attributes 23 * associated with each subject and object controlled 24 * by the security policy. The security context type 25 * is defined as a variable-length string that can be 26 * interpreted by any application or user with an 27 * understanding of the security policy. 28 */ 29 typedef char *sepol_security_context_t; 30 31 /* 32 * An access vector (AV) is a collection of related permissions 33 * for a pair of SIDs. The bits within an access vector 34 * are interpreted differently depending on the class of 35 * the object. The access vector interpretations are specified 36 * in policy. 37 */ 38 typedef uint32_t sepol_access_vector_t; 39 40 /* 41 * Each object class is identified by a fixed-size value. 42 * The set of security classes is specified in policy. 43 */ 44 typedef uint16_t sepol_security_class_t; 45 #define SEPOL_SECCLASS_NULL 0x0000 /* no class */ 46 47 #define SELINUX_MAGIC 0xf97cff8c 48 #define SELINUX_MOD_MAGIC 0xf97cff8d 49 50 typedef uint32_t sepol_security_id_t; 51 #define SEPOL_SECSID_NULL 0 52 53 struct sepol_av_decision { 54 sepol_access_vector_t allowed; 55 sepol_access_vector_t decided; 56 sepol_access_vector_t auditallow; 57 sepol_access_vector_t auditdeny; 58 uint32_t seqno; 59 }; 60 61 #ifdef __cplusplus 62 } 63 #endif 64 65 #endif 66