From e5c539b8e8d3aa788d2738add7c85e6ff6f2163e Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Mon, 15 Mar 2004 15:15:51 -0800 Subject: [PATCH] selinux: Conditional policy extension and MLS detection support From: Stephen Smalley This patch extends the SELinux policy engine to support conditional policy logic based on a set of policy booleans, allowing well-formed changes to the policy to be defined within and mediated by the policy itself. The conditional policy extensions were implemented and contributed by Tresys Technology. Userland packages that support these extensions are already available from nsa.gov/selinux, and backward compatibility is provided for the prior policy version. The patch also includes a small change to enable detection of the optional MLS policy model on a SELinux system and fixes to the conditional policy extensions to allow the MLS policy to work correctly with them that were implemented and contributed by Trusted Computer Solutions. --- security/selinux/include/conditional.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 security/selinux/include/conditional.h (limited to 'security/selinux/include/conditional.h') diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h new file mode 100644 index 000000000000..67ce7a8d8301 --- /dev/null +++ b/security/selinux/include/conditional.h @@ -0,0 +1,22 @@ +/* + * Interface to booleans in the security server. This is exported + * for the selinuxfs. + * + * Author: Karl MacMillan + * + * Copyright (C) 2003 - 2004 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ + +#ifndef _SELINUX_CONDITIONAL_H_ +#define _SELINUX_CONDITIONAL_H_ + +int security_get_bools(int *len, char ***names, int **values); + +int security_set_bools(int len, int *values); + +int security_get_bool_value(int bool); + +#endif -- cgit v1.2.3