[PATCH] selinux: Conditional policy extension and MLS detection support

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch extends the SELinux policy engine to support conditional policy
logic based on a set of policy booleans, allowing well-formed changes to
the policy to be defined within and mediated by the policy itself.

The conditional policy extensions were implemented and contributed by
Tresys Technology.

Userland packages that support these extensions are already available from
nsa.gov/selinux, and backward compatibility is provided for the prior
policy version.

The patch also includes a small change to enable detection of the optional
MLS policy model on a SELinux system and fixes to the conditional policy
extensions to allow the MLS policy to work correctly with them that were
implemented and contributed by Trusted Computer Solutions.

1 files changed, 22 insertions, 0 deletions

diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
new file mode 100644
index 000000000000..67ce7a8d8301
--- /dev/null
+++ b/security/selinux/include/conditional.h
@@ -0,0 +1,22 @@
+/*
+ * Interface to booleans in the security server. This is exported
+ * for the selinuxfs.
+ *
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ *	This program is free software; you can redistribute it and/or modify
+ *  	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation, version 2.
+ */
+
+#ifndef _SELINUX_CONDITIONAL_H_
+#define _SELINUX_CONDITIONAL_H_
+
+int security_get_bools(int *len, char ***names, int **values);
+
+int security_set_bools(int len, int *values);
+
+int security_get_bool_value(int bool);
+
+#endif