1ifdef(`enable_mls',`
2#
3# Define sensitivities
4#
5# Domination of sensitivities is in increasin
6# numerical order, with s0 being the lowest
7
8gen_sens(mls_num_sens)
9
10#
11# Define the categories
12#
13# Generate declarations
14
15gen_cats(mls_num_cats)
16
17#
18# Each MLS level specifies a sensitivity and zero or more categories which may
19# be associated with that sensitivity.
20#
21# Generate levels from all sensitivities
22# with all categories
23
24gen_levels(mls_num_sens,mls_num_cats)
25
26#
27# Define the MLS policy
28#
29# mlsconstrain class_set perm_set expression ;
30#
31# mlsvalidatetrans class_set expression ;
32#
33# expression : ( expression )
34#	     | not expression
35#	     | expression and expression
36#	     | expression or expression
37#	     | u1 op u2
38#	     | r1 role_mls_op r2
39#	     | t1 op t2
40#	     | l1 role_mls_op l2
41#	     | l1 role_mls_op h2
42#	     | h1 role_mls_op l2
43#	     | h1 role_mls_op h2
44#	     | l1 role_mls_op h1
45#	     | l2 role_mls_op h2
46#	     | u1 op names
47#	     | u2 op names
48#	     | r1 op names
49#	     | r2 op names
50#	     | t1 op names
51#	     | t2 op names
52#	     | u3 op names (NOTE: this is only available for mlsvalidatetrans)
53#	     | r3 op names (NOTE: this is only available for mlsvalidatetrans)
54#	     | t3 op names (NOTE: this is only available for mlsvalidatetrans)
55#
56# op : == | !=
57# role_mls_op : == | != | eq | dom | domby | incomp
58#
59# names : name | { name_list }
60# name_list : name | name_list name
61#
62
63#
64# MLS policy for the domain class
65#
66
67# new domain labels must be dominated by the calling subject clearance
68# and sensitivity level changes require privilege
69mlsconstrain domain transition
70	(( h1 dom h2 ) and (( l1 eq l2 ) or (t1 == mls_priv)));
71
72# all the domain "read" ops
73mlsconstrain domain { getaffinity getdomaininfo getvcpuinfo getvcpucontext getaddrsize getextvcpucontext }
74	((l1 dom l2) or (t1 == mls_priv));
75
76# all the domain "write" ops
77mlsconstrain domain { setvcpucontext pause unpause resume create max_vcpus destroy setaffinity scheduler setdomainmaxmem setdomainhandle setdebugging hypercall settime set_target shutdown setaddrsize trigger setextvcpucontext }
78	((l1 eq l2) or (t1 == mls_priv));
79
80# This is incomplete - similar constraints must be written for all classes
81# and permissions for which MLS enforcement is desired.
82
83') dnl end enable_mls
84