1 /*
2  * Copyright (c) 2001-2002 Silicon Graphics, Inc.  All Rights Reserved.
3  *
4  * This program is free software; you can redistribute it and/or modify it
5  * under the terms of version 2 of the GNU General Public License as
6  * published by the Free Software Foundation.
7  *
8  * This program is distributed in the hope that it would be useful, but
9  * WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11  *
12  * Further, this software is distributed without any warranty that it is
13  * free of the rightful claim of any third person regarding infringement
14  * or the like.  Any license provided herein, whether implied or
15  * otherwise, applies only to this software file.  Patent licenses, if
16  * any, provided herein do not apply to combinations of this program with
17  * other software, or any other product whatsoever.
18  *
19  * You should have received a copy of the GNU General Public License along
20  * with this program; if not, write the Free Software Foundation, Inc., 59
21  * Temple Place - Suite 330, Boston MA 02111-1307, USA.
22  *
23  * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
24  * Mountain View, CA  94043, or:
25  *
26  * http://www.sgi.com
27  *
28  * For further information regarding this notice, see:
29  *
30  * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
31  */
32 #ifndef __XFS_MAC_H__
33 #define __XFS_MAC_H__
34 
35 /*
36  * Mandatory Access Control
37  *
38  * Layout of a composite MAC label:
39  * ml_list contains the list of categories (MSEN) followed by the list of
40  * divisions (MINT). This is actually a header for the data structure which
41  * will have an ml_list with more than one element.
42  *
43  *      -------------------------------
44  *      | ml_msen_type | ml_mint_type |
45  *      -------------------------------
46  *      | ml_level     | ml_grade     |
47  *      -------------------------------
48  *      | ml_catcount                 |
49  *      -------------------------------
50  *      | ml_divcount                 |
51  *      -------------------------------
52  *      | category 1                  |
53  *      | . . .                       |
54  *      | category N                  | (where N = ml_catcount)
55  *      -------------------------------
56  *      | division 1                  |
57  *      | . . .                       |
58  *      | division M                  | (where M = ml_divcount)
59  *      -------------------------------
60  */
61 #define XFS_MAC_MAX_SETS	250
62 typedef struct xfs_mac_label {
63 	__uint8_t	ml_msen_type;	/* MSEN label type */
64 	__uint8_t	ml_mint_type;	/* MINT label type */
65 	__uint8_t	ml_level;	/* Hierarchical level */
66 	__uint8_t	ml_grade;	/* Hierarchical grade */
67 	__uint16_t	ml_catcount;	/* Category count */
68 	__uint16_t	ml_divcount;	/* Division count */
69 					/* Category set, then Division set */
70 	__uint16_t	ml_list[XFS_MAC_MAX_SETS];
71 } xfs_mac_label_t;
72 
73 /* MSEN label type names. Choose an upper case ASCII character.  */
74 #define XFS_MSEN_ADMIN_LABEL	'A'	/* Admin: low<admin != tcsec<high */
75 #define XFS_MSEN_EQUAL_LABEL	'E'	/* Wildcard - always equal */
76 #define XFS_MSEN_HIGH_LABEL	'H'	/* System High - always dominates */
77 #define XFS_MSEN_MLD_HIGH_LABEL	'I'	/* System High, multi-level dir */
78 #define XFS_MSEN_LOW_LABEL	'L'	/* System Low - always dominated */
79 #define XFS_MSEN_MLD_LABEL	'M'	/* TCSEC label on a multi-level dir */
80 #define XFS_MSEN_MLD_LOW_LABEL	'N'	/* System Low, multi-level dir */
81 #define XFS_MSEN_TCSEC_LABEL	'T'	/* TCSEC label */
82 #define XFS_MSEN_UNKNOWN_LABEL	'U'	/* unknown label */
83 
84 /* MINT label type names. Choose a lower case ASCII character.  */
85 #define XFS_MINT_BIBA_LABEL	'b'	/* Dual of a TCSEC label */
86 #define XFS_MINT_EQUAL_LABEL	'e'	/* Wildcard - always equal */
87 #define XFS_MINT_HIGH_LABEL	'h'	/* High Grade - always dominates */
88 #define XFS_MINT_LOW_LABEL	'l'	/* Low Grade - always dominated */
89 
90 /* On-disk XFS extended attribute names */
91 #define SGI_MAC_FILE	"SGI_MAC_FILE"
92 #define SGI_MAC_FILE_SIZE	(sizeof(SGI_MAC_FILE)-1)
93 
94 
95 #ifdef __KERNEL__
96 
97 #ifdef CONFIG_FS_POSIX_MAC
98 
99 /* NOT YET IMPLEMENTED */
100 
101 #define MACEXEC		00100
102 #define MACWRITE	00200
103 #define MACREAD		00400
104 
105 struct xfs_inode;
106 extern int  xfs_mac_iaccess(struct xfs_inode *, mode_t, cred_t *);
107 
108 #define _MAC_XFS_IACCESS(i,m,c) (xfs_mac_iaccess(i,m,c))
109 #define _MAC_VACCESS(v,c,m)	(xfs_mac_vaccess(v,c,m))
110 #define _MAC_EXISTS		xfs_mac_vhaslabel
111 
112 #else
113 #define _MAC_XFS_IACCESS(i,m,c)	(0)
114 #define _MAC_VACCESS(v,c,m)	(0)
115 #define _MAC_EXISTS		(NULL)
116 #endif
117 
118 #endif	/* __KERNEL__ */
119 
120 #endif	/* __XFS_MAC_H__ */
121