xref: /freebsd/sys/security/mac_grantbylabel/mac_grantbylabel.h (revision 1554ba03b651319ab0e1cde8492ea4516afc648b)
1 /*
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2018-2023, Juniper Networks, Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifndef	_SECURITY_MAC_GRANTBYLABEL_H
30 #define	_SECURITY_MAC_GRANTBYLABEL_H
31 
32 #include <security/mac_veriexec/mac_veriexec.h>
33 
34 #define	MAC_GRANTBYLABEL_NAME	"mac_grantbylabel"
35 
36 /* the bits we use to represent tokens */
37 #define GBL_EMPTY	(1<<0)
38 #define GBL_BIND	(1<<1)
39 #define GBL_IPC		(1<<2)
40 #define GBL_NET		(1<<3)
41 #define GBL_PROC	(1<<4)
42 #define GBL_RTSOCK	(1<<5)
43 #define GBL_SYSCTL	(1<<6)
44 #define GBL_VACCESS	(1<<7)
45 #define GBL_VERIEXEC	(1<<8)
46 #define GBL_KMEM	(1<<9)
47 #define GBL_MAX		9
48 
49 /* this should suffice for now */
50 typedef uint32_t	gbl_label_t;
51 
52 #define MAC_GRANTBYLABEL_FETCH_GBL	1
53 #define MAC_GRANTBYLABEL_FETCH_PID_GBL	2
54 
55 struct mac_grantbylabel_fetch_gbl_args {
56 	union {
57 		int	fd;
58 		pid_t	pid;
59 	} u;
60 	gbl_label_t	gbl;
61 };
62 
63 #endif
64