1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _SYS_TSOL_LABEL_H
#define _SYS_TSOL_LABEL_H
#include <sys/types.h>
#ifdef _KERNEL
#include <sys/cred.h>
#include <sys/vnode.h>
#include <sys/tsol/label_macro.h>
#endif /* _KERNEL */
#ifdef __cplusplus
extern "C" {
#endif
/*
* types of label comparison
*/
#define EQUALITY_CHECK 0
#define DOMINANCE_CHECK 1
/* Manifest human readable label names */
#define ADMIN_LOW "ADMIN_LOW"
#define ADMIN_HIGH "ADMIN_HIGH"
/* Binary Label Structure Definitions */
typedef struct _mac_label_impl m_label_t;
typedef m_label_t blevel_t, /* compatibility */
bslabel_t, /* Sensitivity Label */
bclear_t; /* Clearance */
typedef struct _tsol_binary_level_lrange { /* Level Range */
m_label_t *lower_bound;
m_label_t *upper_bound;
} m_range_t;
typedef m_range_t blrange_t;
typedef struct tsol_mlp_s {
uchar_t mlp_ipp;
uint16_t mlp_port;
uint16_t mlp_port_upper;
} tsol_mlp_t;
/* Procedure Interface Definitions available to user and kernel */
extern int bltype(const void *, uint8_t);
extern int blequal(const m_label_t *, const m_label_t *);
extern int bldominates(const m_label_t *, const m_label_t *);
extern int blstrictdom(const m_label_t *, const m_label_t *);
extern int blinrange(const m_label_t *, const m_range_t *);
extern void blmaximum(m_label_t *, const m_label_t *);
extern void blminimum(m_label_t *, const m_label_t *);
extern void bsllow(m_label_t *);
extern void bslhigh(m_label_t *);
extern void bclearlow(m_label_t *);
extern void bclearhigh(m_label_t *);
extern void bslundef(m_label_t *);
extern void bclearundef(m_label_t *);
extern void setbltype(void *, uint8_t);
extern boolean_t bisinvalid(const void *);
#ifdef _KERNEL
typedef struct tsol_mlp_entry_s {
struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
zoneid_t mlpe_zoneid;
tsol_mlp_t mlpe_mlp;
} tsol_mlp_entry_t;
typedef struct tsol_mlp_list_s {
krwlock_t mlpl_rwlock;
tsol_mlp_entry_t *mlpl_first, *mlpl_last;
} tsol_mlp_list_t;
typedef struct ts_label_s {
uint_t tsl_ref; /* Reference count */
uint32_t tsl_doi; /* Domain of Interpretation */
uint32_t tsl_flags; /* TSLF_* below */
m_label_t tsl_label; /* Actual label */
} ts_label_t;
#define DEFAULT_DOI 1
/*
* TSLF_UNLABELED is set in tsl_flags for packets with no explicit label
* when the peer is unlabeled.
*
* TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
* from a peer which is flagged in the tnrhdb as label-aware.
*
* TSLF_IMPLICIT_OUT is set when the packet should be sent without an
* explict label even if the peer or next-hop router is flagged in the
* tnrhdb as label-aware.
*/
#define TSLF_UNLABELED 0x00000001 /* peer is unlabeled */
#define TSLF_IMPLICIT_IN 0x00000002 /* inbound implicit */
#define TSLF_IMPLICIT_OUT 0x00000004 /* outbound implicit */
#define CR_SL(cr) (label2bslabel(crgetlabel(cr)))
extern ts_label_t *l_admin_low;
extern ts_label_t *l_admin_high;
extern uint32_t default_doi;
extern int sys_labeling;
extern void label_init(void);
extern ts_label_t *labelalloc(const m_label_t *, uint32_t, int);
extern ts_label_t *labeldup(const ts_label_t *, int);
extern void label_hold(ts_label_t *);
extern void label_rele(ts_label_t *);
extern m_label_t *label2bslabel(ts_label_t *);
extern uint32_t label2doi(ts_label_t *);
extern boolean_t label_equal(const ts_label_t *, const ts_label_t *);
extern cred_t *newcred_from_bslabel(m_label_t *, uint32_t, int);
extern cred_t *copycred_from_bslabel(const cred_t *, m_label_t *,
uint32_t, int);
extern cred_t *copycred_from_tslabel(const cred_t *, ts_label_t *,
int);
extern ts_label_t *getflabel(vnode_t *);
extern int getlabel(const char *, m_label_t *);
extern int fgetlabel(int, m_label_t *);
extern int _blinrange(const m_label_t *, const brange_t *);
extern int blinlset(const m_label_t *, const blset_t);
extern int l_to_str_internal(const m_label_t *, char **);
extern int hexstr_to_label(const char *, m_label_t *);
/*
* The use of '!!' here prevents users from referencing this function-like
* macro as though it were an l-value, and in normal use is optimized away
* by the compiler.
*/
#define is_system_labeled() (!!(sys_labeling > 0))
#endif /* _KERNEL */
#ifdef __cplusplus
}
#endif
#endif /* !_SYS_TSOL_LABEL_H */
|
