PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/usr/include/sepol/policydb/
Upload File :
Current File : //usr/include/sepol/policydb/policydb.h
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */

/*
 * Updated: Joshua Brindle <jbrindle@tresys.com>
 *	    Karl MacMillan <kmacmillan@tresys.com>
 *	    Jason Tang <jtang@tresys.com>
 *	    
 *	Module support
 *
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 *	Support for enhanced MLS infrastructure.
 *
 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 *
 * 	Added conditional policy language extensions
 *
 * Updated: Red Hat, Inc.  James Morris <jmorris@redhat.com>
 *
 *      Fine-grained netlink support
 *      IPv6 support
 *      Code cleanup
 *
 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
 * Copyright (C) 2003 - 2004 Red Hat, Inc.
 * Copyright (C) 2017 Mellanox Techonolgies Inc.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

/* FLASK */

/*
 * A policy database (policydb) specifies the 
 * configuration data for the security policy.
 */

#ifndef _SEPOL_POLICYDB_POLICYDB_H_
#define _SEPOL_POLICYDB_POLICYDB_H_

#include <stdio.h>
#include <stddef.h>

#include <sepol/policydb.h>

#include <sepol/policydb/flask_types.h>
#include <sepol/policydb/symtab.h>
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/context.h>
#include <sepol/policydb/constraint.h>
#include <sepol/policydb/sidtab.h>
#include <sys/cdefs.h>

#define ERRMSG_LEN 1024

#define POLICYDB_SUCCESS      0
#define POLICYDB_ERROR       -1
#define POLICYDB_UNSUPPORTED -2

__BEGIN_DECLS

#define IB_DEVICE_NAME_MAX 64

/*
 * A datum type is defined for each kind of symbol 
 * in the configuration data:  individual permissions, 
 * common prefixes for access vectors, classes,
 * users, roles, types, sensitivities, categories, etc.
 */

/* type set preserves data needed by modules such as *, ~ and attributes */
typedef struct type_set {
	ebitmap_t types;
	ebitmap_t negset;
#define TYPE_STAR 1
#define TYPE_COMP 2
	uint32_t flags;
} type_set_t;

typedef struct role_set {
	ebitmap_t roles;
#define ROLE_STAR 1
#define ROLE_COMP 2
	uint32_t flags;
} role_set_t;

/* Permission attributes */
typedef struct perm_datum {
	symtab_datum_t s;
} perm_datum_t;

/* Attributes of a common prefix for access vectors */
typedef struct common_datum {
	symtab_datum_t s;
	symtab_t permissions;	/* common permissions */
} common_datum_t;

/* Class attributes */
typedef struct class_datum {
	symtab_datum_t s;
	char *comkey;		/* common name */
	common_datum_t *comdatum;	/* common datum */
	symtab_t permissions;	/* class-specific permission symbol table */
	constraint_node_t *constraints;	/* constraints on class permissions */
	constraint_node_t *validatetrans;	/* special transition rules */
/* Options how a new object user and role should be decided */
#define DEFAULT_SOURCE		1
#define DEFAULT_TARGET		2
	char default_user;
	char default_role;
	char default_type;
/* Options how a new object range should be decided */
#define DEFAULT_SOURCE_LOW	1
#define DEFAULT_SOURCE_HIGH	2
#define DEFAULT_SOURCE_LOW_HIGH	3
#define DEFAULT_TARGET_LOW	4
#define DEFAULT_TARGET_HIGH	5
#define DEFAULT_TARGET_LOW_HIGH	6
	char default_range;
} class_datum_t;

/* Role attributes */
typedef struct role_datum {
	symtab_datum_t s;
	ebitmap_t dominates;	/* set of roles dominated by this role */
	type_set_t types;	/* set of authorized types for role */
	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
	uint32_t bounds;	/* bounds role, if exist */
#define ROLE_ROLE 0		/* regular role in kernel policies */
#define ROLE_ATTRIB 1		/* attribute */
	uint32_t flavor;
	ebitmap_t roles;	/* roles with this attribute */
} role_datum_t;

typedef struct role_trans {
	uint32_t role;		/* current role */
	uint32_t type;		/* program executable type, or new object type */
	uint32_t tclass;	/* process class, or new object class */
	uint32_t new_role;	/* new role */
	struct role_trans *next;
} role_trans_t;

typedef struct role_allow {
	uint32_t role;		/* current role */
	uint32_t new_role;	/* new role */
	struct role_allow *next;
} role_allow_t;

/* filename_trans rules */
typedef struct filename_trans {
	uint32_t stype;
	uint32_t ttype;
	uint32_t tclass;
	char *name;
	uint32_t otype;
	struct filename_trans *next;
} filename_trans_t;

/* Type attributes */
typedef struct type_datum {
	symtab_datum_t s;
	uint32_t primary;	/* primary name? can be set to primary value if below is TYPE_ */
#define TYPE_TYPE 0		/* regular type or alias in kernel policies */
#define TYPE_ATTRIB 1		/* attribute */
#define TYPE_ALIAS 2		/* alias in modular policy */
	uint32_t flavor;
	ebitmap_t types;	/* types with this attribute */
#define TYPE_FLAGS_PERMISSIVE	0x01
	uint32_t flags;
	uint32_t bounds;	/* bounds type, if exist */
} type_datum_t;

/*
 * Properties of type_datum
 * available on the policy version >= (MOD_)POLICYDB_VERSION_BOUNDARY
 */
#define TYPEDATUM_PROPERTY_PRIMARY	0x0001
#define TYPEDATUM_PROPERTY_ATTRIBUTE	0x0002
#define TYPEDATUM_PROPERTY_ALIAS	0x0004	/* userspace only */
#define TYPEDATUM_PROPERTY_PERMISSIVE	0x0008	/* userspace only */

/* User attributes */
typedef struct user_datum {
	symtab_datum_t s;
	role_set_t roles;	/* set of authorized roles for user */
	mls_semantic_range_t range;	/* MLS range (min. - max.) for user */
	mls_semantic_level_t dfltlevel;	/* default login MLS level for user */
	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
	mls_range_t exp_range;     /* expanded range used for validation */
	mls_level_t exp_dfltlevel; /* expanded range used for validation */
	uint32_t bounds;	/* bounds user, if exist */
} user_datum_t;

/* Sensitivity attributes */
typedef struct level_datum {
	mls_level_t *level;	/* sensitivity and associated categories */
	unsigned char isalias;	/* is this sensitivity an alias for another? */
	unsigned char defined;
} level_datum_t;

/* Category attributes */
typedef struct cat_datum {
	symtab_datum_t s;
	unsigned char isalias;	/* is this category an alias for another? */
} cat_datum_t;

typedef struct range_trans {
	uint32_t source_type;
	uint32_t target_type;
	uint32_t target_class;
	mls_range_t target_range;
	struct range_trans *next;
} range_trans_t;

/* Boolean data type */
typedef struct cond_bool_datum {
	symtab_datum_t s;
	int state;
#define COND_BOOL_FLAGS_TUNABLE	0x01	/* is this a tunable? */
	uint32_t flags;
} cond_bool_datum_t;

struct cond_node;

typedef struct cond_node cond_list_t;
struct cond_av_list;

typedef struct class_perm_node {
	uint32_t tclass;
	uint32_t data;		/* permissions or new type */
	struct class_perm_node *next;
} class_perm_node_t;

#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
#define EXTENDED_PERMS_LEN 8

typedef struct av_extended_perms {
#define AVRULE_XPERMS_IOCTLFUNCTION	0x01
#define AVRULE_XPERMS_IOCTLDRIVER	0x02
	uint8_t specified;
	uint8_t driver;
	/* 256 bits of permissions */
	uint32_t perms[EXTENDED_PERMS_LEN];
} av_extended_perms_t;

typedef struct avrule {
/* these typedefs are almost exactly the same as those in avtab.h - they are
 * here because of the need to include neverallow and dontaudit messages */
#define AVRULE_ALLOWED			0x0001
#define AVRULE_AUDITALLOW		0x0002
#define AVRULE_AUDITDENY		0x0004
#define AVRULE_DONTAUDIT		0x0008
#define AVRULE_NEVERALLOW		0x0080
#define AVRULE_AV         (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW)
#define AVRULE_TRANSITION		0x0010
#define AVRULE_MEMBER			0x0020
#define AVRULE_CHANGE			0x0040
#define AVRULE_TYPE       (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE)
#define AVRULE_XPERMS_ALLOWED 		0x0100
#define AVRULE_XPERMS_AUDITALLOW	0x0200
#define AVRULE_XPERMS_DONTAUDIT		0x0400
#define AVRULE_XPERMS_NEVERALLOW	0x0800
#define AVRULE_XPERMS	(AVRULE_XPERMS_ALLOWED | AVRULE_XPERMS_AUDITALLOW | \
				AVRULE_XPERMS_DONTAUDIT | AVRULE_XPERMS_NEVERALLOW)
	uint32_t specified;
#define RULE_SELF 1
	uint32_t flags;
	type_set_t stypes;
	type_set_t ttypes;
	class_perm_node_t *perms;
	av_extended_perms_t *xperms;
	unsigned long line;	/* line number from policy.conf where
				 * this rule originated  */
	/* source file name and line number (e.g. .te file) */
	char *source_filename;
	unsigned long source_line;
	struct avrule *next;
} avrule_t;

typedef struct role_trans_rule {
	role_set_t roles;	/* current role */
	type_set_t types;	/* program executable type, or new object type */
	ebitmap_t classes;	/* process class, or new object class */
	uint32_t new_role;	/* new role */
	struct role_trans_rule *next;
} role_trans_rule_t;

typedef struct role_allow_rule {
	role_set_t roles;	/* current role */
	role_set_t new_roles;	/* new roles */
	struct role_allow_rule *next;
} role_allow_rule_t;

typedef struct filename_trans_rule {
	type_set_t stypes;
	type_set_t ttypes;
	uint32_t tclass;
	char *name;
	uint32_t otype;	/* new type */
	struct filename_trans_rule *next;
} filename_trans_rule_t;

typedef struct range_trans_rule {
	type_set_t stypes;
	type_set_t ttypes;
	ebitmap_t tclasses;
	mls_semantic_range_t trange;
	struct range_trans_rule *next;
} range_trans_rule_t;

/*
 * The configuration data includes security contexts for 
 * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 
 * network interfaces, and nodes.  This structure stores the
 * relevant data for one such entry.  Entries of the same kind
 * (e.g. all initial SIDs) are linked together into a list.
 */
typedef struct ocontext {
	union {
		char *name;	/* name of initial SID, fs, netif, fstype, path */
		struct {
			uint8_t protocol;
			uint16_t low_port;
			uint16_t high_port;
		} port;		/* TCP or UDP port information */
		struct {
			uint32_t addr; /* network order */
			uint32_t mask; /* network order */
		} node;		/* node information */
		struct {
			uint32_t addr[4]; /* network order */
			uint32_t mask[4]; /* network order */
		} node6;	/* IPv6 node information */
		uint32_t device;
		uint16_t pirq;
		struct {
			uint64_t low_iomem;
			uint64_t high_iomem;
		} iomem;
		struct {
			uint32_t low_ioport;
			uint32_t high_ioport;
		} ioport;
		struct {
			uint64_t subnet_prefix;
			uint16_t low_pkey;
			uint16_t high_pkey;
		} ibpkey;
		struct {
			char *dev_name;
			uint8_t port;
		} ibendport;
	} u;
	union {
		uint32_t sclass;	/* security class for genfs */
		uint32_t behavior;	/* labeling behavior for fs_use */
	} v;
	context_struct_t context[2];	/* security context(s) */
	sepol_security_id_t sid[2];	/* SID(s) */
	struct ocontext *next;
} ocontext_t;

typedef struct genfs {
	char *fstype;
	struct ocontext *head;
	struct genfs *next;
} genfs_t;

/* symbol table array indices */
#define SYM_COMMONS 0
#define SYM_CLASSES 1
#define SYM_ROLES   2
#define SYM_TYPES   3
#define SYM_USERS   4
#define SYM_BOOLS   5
#define SYM_LEVELS  6
#define SYM_CATS    7
#define SYM_NUM     8

/* object context array indices */
#define OCON_ISID  0	/* initial SIDs */
#define OCON_FS    1	/* unlabeled file systems */
#define OCON_PORT  2	/* TCP and UDP port numbers */
#define OCON_NETIF 3	/* network interfaces */
#define OCON_NODE  4	/* nodes */
#define OCON_FSUSE 5	/* fs_use */
#define OCON_NODE6 6	/* IPv6 nodes */
#define OCON_IBPKEY 7	/* Infiniband PKEY */
#define OCON_IBENDPORT 8	/* Infiniband End Port */

/* object context array indices for Xen */
#define OCON_XEN_ISID  	    0    /* initial SIDs */
#define OCON_XEN_PIRQ       1    /* physical irqs */
#define OCON_XEN_IOPORT     2    /* io ports */
#define OCON_XEN_IOMEM	    3    /* io memory */
#define OCON_XEN_PCIDEVICE  4    /* pci devices */
#define OCON_XEN_DEVICETREE 5    /* device tree node */

/* OCON_NUM needs to be the largest index in any platform's ocontext array */
#define OCON_NUM   9

/* section: module information */

/* scope_index_t holds all of the symbols that are in scope in a
 * particular situation.  The bitmaps are indices (and thus must
 * subtract one) into the global policydb->scope array. */
typedef struct scope_index {
	ebitmap_t scope[SYM_NUM];
#define p_classes_scope scope[SYM_CLASSES]
#define p_roles_scope scope[SYM_ROLES]
#define p_types_scope scope[SYM_TYPES]
#define p_users_scope scope[SYM_USERS]
#define p_bools_scope scope[SYM_BOOLS]
#define p_sens_scope scope[SYM_LEVELS]
#define p_cat_scope scope[SYM_CATS]

	/* this array maps from class->value to the permissions within
	 * scope.  if bit (perm->value - 1) is set in map
	 * class_perms_map[class->value - 1] then that permission is
	 * enabled for this class within this decl.  */
	ebitmap_t *class_perms_map;
	/* total number of classes in class_perms_map array */
	uint32_t class_perms_len;
} scope_index_t;

/* a list of declarations for a particular avrule_decl */

/* These two structs declare a block of policy that has TE and RBAC
 * statements and declarations.  The root block (the global policy)
 * can never have an ELSE branch. */
typedef struct avrule_decl {
	uint32_t decl_id;
	uint32_t enabled;	/* whether this block is enabled */

	cond_list_t *cond_list;
	avrule_t *avrules;
	role_trans_rule_t *role_tr_rules;
	role_allow_rule_t *role_allow_rules;
	range_trans_rule_t *range_tr_rules;
	scope_index_t required;	/* symbols needed to activate this block */
	scope_index_t declared;	/* symbols declared within this block */

	/* type transition rules with a 'name' component */
	filename_trans_rule_t *filename_trans_rules;

	/* for additive statements (type attribute, roles, and users) */
	symtab_t symtab[SYM_NUM];

	/* In a linked module this will contain the name of the module
	 * from which this avrule_decl originated. */
	char *module_name;

	struct avrule_decl *next;
} avrule_decl_t;

typedef struct avrule_block {
	avrule_decl_t *branch_list;
	avrule_decl_t *enabled;	/* pointer to which branch is enabled.  this is
				   used in linking and never written to disk */
#define AVRULE_OPTIONAL 1
	uint32_t flags;		/* any flags for this block, currently just optional */
	struct avrule_block *next;
} avrule_block_t;

/* Every identifier has its own scope datum.  The datum describes if
 * the item is to be included into the final policy during
 * expansion. */
typedef struct scope_datum {
/* Required for this decl */
#define SCOPE_REQ  1
/* Declared in this decl */
#define SCOPE_DECL 2
	uint32_t scope;
	uint32_t *decl_ids;
	uint32_t decl_ids_len;
	/* decl_ids is a list of avrule_decl's that declare/require
	 * this symbol.  If scope==SCOPE_DECL then this is a list of
	 * declarations.  If the symbol may only be declared once
	 * (types, bools) then decl_ids_len will be exactly 1.  For
	 * implicitly declared things (roles, users) then decl_ids_len
	 * will be at least 1. */
} scope_datum_t;

/* The policy database */
typedef struct policydb {
#define POLICY_KERN SEPOL_POLICY_KERN
#define POLICY_BASE SEPOL_POLICY_BASE
#define POLICY_MOD SEPOL_POLICY_MOD
	uint32_t policy_type;
	char *name;
	char *version;
	int  target_platform;

	/* Set when the policydb is modified such that writing is unsupported */
	int unsupported_format;

	/* Whether this policydb is mls, should always be set */
	int mls;

	/* symbol tables */
	symtab_t symtab[SYM_NUM];
#define p_commons symtab[SYM_COMMONS]
#define p_classes symtab[SYM_CLASSES]
#define p_roles symtab[SYM_ROLES]
#define p_types symtab[SYM_TYPES]
#define p_users symtab[SYM_USERS]
#define p_bools symtab[SYM_BOOLS]
#define p_levels symtab[SYM_LEVELS]
#define p_cats symtab[SYM_CATS]

	/* symbol names indexed by (value - 1) */
	char **sym_val_to_name[SYM_NUM];
#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
#define p_user_val_to_name sym_val_to_name[SYM_USERS]
#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
#define p_cat_val_to_name sym_val_to_name[SYM_CATS]

	/* class, role, and user attributes indexed by (value - 1) */
	class_datum_t **class_val_to_struct;
	role_datum_t **role_val_to_struct;
	user_datum_t **user_val_to_struct;
	type_datum_t **type_val_to_struct;

	/* module stuff section -- used in parsing and for modules */

	/* keep track of the scope for every identifier.  these are
	 * hash tables, where the key is the identifier name and value
	 * a scope_datum_t.  as a convenience, one may use the
	 * p_*_macros (cf. struct scope_index_t declaration). */
	symtab_t scope[SYM_NUM];

	/* module rule storage */
	avrule_block_t *global;
	/* avrule_decl index used for link/expand */
	avrule_decl_t **decl_val_to_struct;

	/* compiled storage of rules - use for the kernel policy */

	/* type enforcement access vectors and transitions */
	avtab_t te_avtab;

	/* bools indexed by (value - 1) */
	cond_bool_datum_t **bool_val_to_struct;
	/* type enforcement conditional access vectors and transitions */
	avtab_t te_cond_avtab;
	/* linked list indexing te_cond_avtab by conditional */
	cond_list_t *cond_list;

	/* role transitions */
	role_trans_t *role_tr;

	/* type transition rules with a 'name' component */
	filename_trans_t *filename_trans;

	/* role allows */
	role_allow_t *role_allow;

	/* security contexts of initial SIDs, unlabeled file systems,
	   TCP or UDP port numbers, network interfaces and nodes */
	ocontext_t *ocontexts[OCON_NUM];

	/* security contexts for files in filesystems that cannot support
	   a persistent label mapping or use another 
	   fixed labeling behavior. */
	genfs_t *genfs;

	/* range transitions */
	range_trans_t *range_tr;

	ebitmap_t *type_attr_map;

	ebitmap_t *attr_type_map;	/* not saved in the binary policy */

	ebitmap_t policycaps;

	/* this bitmap is referenced by type NOT the typical type-1 used in other
	   bitmaps.  Someday the 0 bit may be used for global permissive */
	ebitmap_t permissive_map;

	unsigned policyvers;

	unsigned handle_unknown;
} policydb_t;

struct sepol_policydb {
	struct policydb p;
};

extern int policydb_init(policydb_t * p);

extern int policydb_from_image(sepol_handle_t * handle,
			       void *data, size_t len, policydb_t * policydb);

extern int policydb_to_image(sepol_handle_t * handle,
			     policydb_t * policydb, void **newdata,
			     size_t * newlen);

extern int policydb_index_classes(policydb_t * p);

extern int policydb_index_bools(policydb_t * p);

extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
				 unsigned int verbose);

extern int policydb_reindex_users(policydb_t * p);

extern void policydb_destroy(policydb_t * p);

extern int policydb_load_isids(policydb_t * p, sidtab_t * s);

/* Deprecated */
extern int policydb_context_isvalid(const policydb_t * p,
				    const context_struct_t * c);

extern void symtabs_destroy(symtab_t * symtab);
extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
					void *args);
extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);

extern void class_perm_node_init(class_perm_node_t * x);
extern void type_set_init(type_set_t * x);
extern void type_set_destroy(type_set_t * x);
extern int type_set_cpy(type_set_t * dst, type_set_t * src);
extern int type_set_or_eq(type_set_t * dst, type_set_t * other);
extern void role_set_init(role_set_t * x);
extern void role_set_destroy(role_set_t * x);
extern void avrule_init(avrule_t * x);
extern void avrule_destroy(avrule_t * x);
extern void avrule_list_destroy(avrule_t * x);
extern void role_trans_rule_init(role_trans_rule_t * x);
extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
extern void filename_trans_rule_init(filename_trans_rule_t * x);
extern void filename_trans_rule_list_destroy(filename_trans_rule_t * x);

extern void role_datum_init(role_datum_t * x);
extern void role_datum_destroy(role_datum_t * x);
extern void role_allow_rule_init(role_allow_rule_t * x);
extern void role_allow_rule_destroy(role_allow_rule_t * x);
extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
extern void range_trans_rule_init(range_trans_rule_t *x);
extern void range_trans_rule_destroy(range_trans_rule_t *x);
extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
extern void type_datum_init(type_datum_t * x);
extern void type_datum_destroy(type_datum_t * x);
extern void user_datum_init(user_datum_t * x);
extern void user_datum_destroy(user_datum_t * x);
extern void level_datum_init(level_datum_t * x);
extern void level_datum_destroy(level_datum_t * x);
extern void cat_datum_init(cat_datum_t * x);
extern void cat_datum_destroy(cat_datum_t * x);
extern int check_assertion(policydb_t *p, avrule_t *avrule);
extern int check_assertions(sepol_handle_t * handle,
			    policydb_t * p, avrule_t * avrules);

extern int symtab_insert(policydb_t * x, uint32_t sym,
			 hashtab_key_t key, hashtab_datum_t datum,
			 uint32_t scope, uint32_t avrule_decl_id,
			 uint32_t * value);

/* A policy "file" may be a memory region referenced by a (data, len) pair
   or a file referenced by a FILE pointer. */
typedef struct policy_file {
#define PF_USE_MEMORY  0
#define PF_USE_STDIO   1
#define PF_LEN         2	/* total up length in len field */
	unsigned type;
	char *data;
	size_t len;
	size_t size;
	FILE *fp;
	struct sepol_handle *handle;
} policy_file_t;

struct sepol_policy_file {
	struct policy_file pf;
};

extern void policy_file_init(policy_file_t * x);

extern int policydb_read(policydb_t * p, struct policy_file *fp,
			 unsigned int verbose);
extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
			    struct policy_file *fp);

extern int policydb_write(struct policydb *p, struct policy_file *pf);
extern int policydb_set_target_platform(policydb_t *p, int platform);

#define PERM_SYMTAB_SIZE 32

/* Identify specific policy version changes */
#define POLICYDB_VERSION_BASE		15
#define POLICYDB_VERSION_BOOL		16
#define POLICYDB_VERSION_IPV6		17
#define POLICYDB_VERSION_NLCLASS	18
#define POLICYDB_VERSION_VALIDATETRANS	19
#define POLICYDB_VERSION_MLS		19
#define POLICYDB_VERSION_AVTAB		20
#define POLICYDB_VERSION_RANGETRANS	21
#define POLICYDB_VERSION_POLCAP		22
#define POLICYDB_VERSION_PERMISSIVE	23
#define POLICYDB_VERSION_BOUNDARY	24
#define POLICYDB_VERSION_FILENAME_TRANS	25
#define POLICYDB_VERSION_ROLETRANS	26
#define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	27
#define POLICYDB_VERSION_DEFAULT_TYPE	28
#define POLICYDB_VERSION_CONSTRAINT_NAMES	29
#define POLICYDB_VERSION_XEN_DEVICETREE		30 /* Xen-specific */
#define POLICYDB_VERSION_XPERMS_IOCTL	30 /* Linux-specific */
#define POLICYDB_VERSION_INFINIBAND		31 /* Linux-specific */

/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN	POLICYDB_VERSION_BASE
#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_INFINIBAND

/* Module versions and specific changes*/
#define MOD_POLICYDB_VERSION_BASE		4
#define MOD_POLICYDB_VERSION_VALIDATETRANS	5
#define MOD_POLICYDB_VERSION_MLS		5
#define MOD_POLICYDB_VERSION_RANGETRANS 	6
#define MOD_POLICYDB_VERSION_MLS_USERS		6
#define MOD_POLICYDB_VERSION_POLCAP		7
#define MOD_POLICYDB_VERSION_PERMISSIVE		8
#define MOD_POLICYDB_VERSION_BOUNDARY		9
#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS	10
#define MOD_POLICYDB_VERSION_FILENAME_TRANS	11
#define MOD_POLICYDB_VERSION_ROLETRANS		12
#define MOD_POLICYDB_VERSION_ROLEATTRIB		13
#define MOD_POLICYDB_VERSION_TUNABLE_SEP	14
#define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	15
#define MOD_POLICYDB_VERSION_DEFAULT_TYPE	16
#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES  17
#define MOD_POLICYDB_VERSION_XPERMS_IOCTL  18
#define MOD_POLICYDB_VERSION_INFINIBAND		19

#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_INFINIBAND

#define POLICYDB_CONFIG_MLS    1

/* macros to check policy feature */

/* TODO: add other features here */

#define policydb_has_boundary_feature(p)			\
	(((p)->policy_type == POLICY_KERN			\
	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
	 ((p)->policy_type != POLICY_KERN			\
	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))

/* the config flags related to unknown classes/perms are bits 2 and 3 */
#define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
#define REJECT_UNKNOWN	SEPOL_REJECT_UNKNOWN
#define ALLOW_UNKNOWN 	SEPOL_ALLOW_UNKNOWN

#define POLICYDB_CONFIG_UNKNOWN_MASK	(DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)

#define OBJECT_R "object_r"
#define OBJECT_R_VAL 1

#define POLICYDB_MAGIC SELINUX_MAGIC
#define POLICYDB_STRING "SE Linux"
#define POLICYDB_XEN_STRING "XenFlask"
#define POLICYDB_STRING_MAX_LENGTH 32
#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
#define POLICYDB_MOD_STRING "SE Linux Module"

__END_DECLS
#endif				/* _POLICYDB_H_ */

/* FLASK */