[MLSXFRM]: Define new SELinux service routine

int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,

                                 u16 tclass);

int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid);

#define SECURITY_FS_USE_XATTR		1 /* use xattr */

#define SECURITY_FS_USE_TRANS		2 /* use transition SIDs, e.g. devpts/tmpfs */

#define SECURITY_FS_USE_TASK		3 /* use task SIDs, e.g. pipefs/sockfs */

	return 1;

}

/*

 * Copies the MLS range from `src' into `dst'.

 */

static inline int mls_copy_context(struct context *dst,

				   struct context *src)

{

	int l, rc = 0;

	/* Copy the MLS range from the source context */

	for (l = 0; l < 2; l++) {

		dst->range.level[l].sens = src->range.level[l].sens;

		rc = ebitmap_cpy(&dst->range.level[l].cat,

				 &src->range.level[l].cat);

		if (rc)

			break;

	}

	return rc;

}

/*

 * Set the MLS fields in the security context structure

 * `context' based on the string representation in

#include "context.h"

#include "policydb.h"

/*

 * Copies the MLS range from `src' into `dst'.

 */

static inline int mls_copy_context(struct context *dst,

				   struct context *src)

{

	int l, rc = 0;

	/* Copy the MLS range from the source context */

	for (l = 0; l < 2; l++) {

		dst->range.level[l].sens = src->range.level[l].sens;

		rc = ebitmap_cpy(&dst->range.level[l].cat,

				 &src->range.level[l].cat);

		if (rc)

			break;

	}

	return rc;

}

int mls_compute_context_len(struct context *context);

void mls_sid_to_context(struct context *context, char **scontext);

int mls_context_isvalid(struct policydb *p, struct context *c);

	return rc;

}

/*

 * security_sid_mls_copy() - computes a new sid based on the given

 * sid and the mls portion of mls_sid.

 */

int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)

{

	struct context *context1;

	struct context *context2;

	struct context newcon;

	char *s;

	u32 len;

	int rc = 0;

	if (!ss_initialized) {

		*new_sid = sid;

		goto out;

	}

	context_init(&newcon);

	POLICY_RDLOCK;

	context1 = sidtab_search(&sidtab, sid);

	if (!context1) {

		printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "

		       "%d\n", sid);

		rc = -EINVAL;

		goto out_unlock;

	}

	context2 = sidtab_search(&sidtab, mls_sid);

	if (!context2) {

		printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "

		       "%d\n", mls_sid);

		rc = -EINVAL;

		goto out_unlock;

	}

	newcon.user = context1->user;

	newcon.role = context1->role;

	newcon.type = context1->type;

	rc = mls_copy_context(&newcon, context2);

	if (rc)

		goto out_unlock;

	/* Check the validity of the new context. */

	if (!policydb_context_isvalid(&policydb, &newcon)) {

		rc = convert_context_handle_invalid_context(&newcon);

		if (rc)

			goto bad;

	}

	rc = sidtab_context_to_sid(&sidtab, &newcon, new_sid);

	goto out_unlock;

bad:

	if (!context_struct_to_string(&newcon, &s, &len)) {

		audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,

			  "security_sid_mls_copy: invalid context %s", s);

		kfree(s);

	}

out_unlock:

	POLICY_RDUNLOCK;

	context_destroy(&newcon);

out:

	return rc;

}

struct selinux_audit_rule {

	u32 au_seqno;

	struct context au_ctxt;