usr/src/uts/common/sys/tsol/label.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef	_SYS_TSOL_LABEL_H
#define	_SYS_TSOL_LABEL_H

#pragma ident	"%Z%%M%	%I%	%E% SMI"

#include <sys/types.h>
#ifdef _KERNEL
#include <sys/cred.h>
#include <sys/vnode.h>
#include <sys/tsol/label_macro.h>
#endif /* _KERNEL */

#ifdef	__cplusplus
extern "C" {
#endif

/* Binary Label Structure Definitions */

typedef	struct _mac_label_impl	m_label_t;

typedef m_label_t	blevel_t,		/* compatibility */
			bslabel_t,		/* Sensitivity Label */
			bclear_t;		/* Clearance */

typedef struct _tsol_binary_level_lrange {	/* Level Range */
	m_label_t *lower_bound;
	m_label_t *upper_bound;
} m_range_t;

typedef	m_range_t	blrange_t;

typedef struct tsol_mlp_s {
	uchar_t mlp_ipp;
	uint16_t mlp_port;
	uint16_t mlp_port_upper;
} tsol_mlp_t;

/* Procedure Interface Definitions available to user and kernel */

extern int	bltype(const void *, uint8_t);
extern int	blequal(const m_label_t *, const m_label_t *);
extern int	bldominates(const m_label_t *, const m_label_t *);
extern int	blstrictdom(const m_label_t *, const m_label_t *);
extern int	blinrange(const m_label_t *, const m_range_t *);
extern void	blmaximum(m_label_t *, const m_label_t *);
extern void	blminimum(m_label_t *, const m_label_t *);
extern void	bsllow(m_label_t *);
extern void	bslhigh(m_label_t *);
extern void	bclearlow(m_label_t *);
extern void	bclearhigh(m_label_t *);
extern void	bslundef(m_label_t *);
extern void	bclearundef(m_label_t *);
extern void	setbltype(void *, uint8_t);
extern boolean_t	bisinvalid(const void *);

#ifdef	_KERNEL
typedef struct tsol_mlp_entry_s {
	struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
	zoneid_t mlpe_zoneid;
	tsol_mlp_t mlpe_mlp;
} tsol_mlp_entry_t;

typedef struct tsol_mlp_list_s {
	krwlock_t mlpl_rwlock;
	tsol_mlp_entry_t *mlpl_first, *mlpl_last;
} tsol_mlp_list_t;

typedef	struct ts_label_s {
	uint_t		tsl_ref;	/* Reference count */
	uint32_t	tsl_doi;	/* Domain of Interpretation */
	uint32_t	tsl_flags;	/* TSLF_* below */
	m_label_t	tsl_label;	/* Actual label */
} ts_label_t;

#define	DEFAULT_DOI 1

#define	TSLF_UNLABELED	0x00000001	/* source was unlabeled */

#define	CR_SL(cr)	(label2bslabel(crgetlabel(cr)))

extern ts_label_t	*l_admin_low;
extern ts_label_t	*l_admin_high;
extern uint32_t		default_doi;
extern int		sys_labeling;

extern void		label_init(void);
extern ts_label_t	*labelalloc(const m_label_t *, uint32_t, int);
extern void		label_hold(ts_label_t *);
extern void		label_rele(ts_label_t *);
extern m_label_t	*label2bslabel(ts_label_t *);
extern uint32_t		label2doi(ts_label_t *);
extern boolean_t	label_equal(const ts_label_t *, const ts_label_t *);
extern cred_t 		*newcred_from_bslabel(m_label_t *, uint32_t, int);
extern cred_t 		*copycred_from_bslabel(cred_t *, m_label_t *,
			    uint32_t, int);
extern ts_label_t	*getflabel(vnode_t *);
extern int		getlabel(const char *, m_label_t *);
extern int		fgetlabel(int, m_label_t *);
extern int		_blinrange(const m_label_t *, const brange_t *);
extern int		blinlset(const m_label_t *, const blset_t);
extern ts_label_t	*nfs4_getflabel(vnode_t *);

/*
 * The use of '!!' here prevents users from referencing this function-like
 * macro as though it were an l-value, and in normal use is optimized away
 * by the compiler.
 */
#define	is_system_labeled()	(!!(sys_labeling > 0))

#endif	/* _KERNEL */

#ifdef	__cplusplus
}
#endif

#endif	/* !_SYS_TSOL_LABEL_H */