xref: /titanic_41/usr/src/lib/libtsol/common/label.h (revision 4201a95e0468170d576f82c3aa63afecf718497a) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_TSOL_LABEL_H
27 #define	_TSOL_LABEL_H
28 
29 #include <sys/types32.h>
30 #include <sys/tsol/label.h>
31 #include <priv.h>
32 
33 #ifdef	__cplusplus
34 extern "C" {
35 #endif
36 
37 /* Procedural Interface Structure Definitions */
38 
39 struct	label_info {		/* structure returned by label_info */
40 	short	ilabel_len;		/* max Information Label length */
41 	short	slabel_len;		/* max Sensitivity Label length */
42 	short	clabel_len;		/* max CMW Label length */
43 	short	clear_len;		/* max Clearance Label length */
44 	short	vers_len;		/* version string length */
45 	short	header_len;		/* max len of banner page header */
46 	short	protect_as_len;		/* max len of banner page protect as */
47 	short	caveats_len;		/* max len of banner page caveats */
48 	short	channels_len;		/* max len of banner page channels */
49 };
50 
51 typedef struct label_set_identifier {	/* valid label set identifier */
52 	int	type;			/* type of the set */
53 	char	*name;			/* name of the set if needed */
54 } set_id;
55 
56 struct name_fields {		/* names for label builder fields */
57 	char	*class_name;		/* Classifications field name */
58 	char	*comps_name;		/* Compartments field name */
59 	char	*marks_name;		/* Markings field name */
60 };
61 
62 /* Label Set Identifier Types */
63 
64 /*
65  * The accreditation ranges as specified in the label encodings file.
66  * The name parameter is ignored.
67  *
68  * System Accreditation Range is all valid labels plus Admin High and Low.
69  *
70  * User Accreditation Range is valid user labels as defined in the
71  *	ACCREDITATION RANGE: section of the label encodings file.
72  */
73 
74 #define	SYSTEM_ACCREDITATION_RANGE	1
75 #define	USER_ACCREDITATION_RANGE	2
76 
77 
78 /* System Call Interface Definitions */
79 
80 extern int getlabel(const char *, m_label_t *);
81 extern int fgetlabel(int, m_label_t *);
82 
83 extern int getplabel(m_label_t *);
84 extern int setflabel(const char *, m_label_t *);
85 extern char *getpathbylabel(const char *, char *, size_t,
86     const m_label_t *sl);
87 extern m_label_t *getzonelabelbyid(zoneid_t);
88 extern m_label_t *getzonelabelbyname(const char *);
89 extern zoneid_t getzoneidbylabel(const m_label_t *);
90 extern char *getzonenamebylabel(const m_label_t *);
91 extern char *getzonerootbyid(zoneid_t);
92 extern char *getzonerootbyname(const char *);
93 extern char *getzonerootbylabel(const m_label_t *);
94 extern m_label_t *getlabelbypath(const char *);
95 
96 
97 /* Flag word values */
98 
99 #define	ALL_ENTRIES		0x00000000
100 #define	ACCESS_RELATED		0x00000001
101 #define	ACCESS_MASK		0x0000FFFF
102 #define	ACCESS_SHIFT		0
103 
104 #define	LONG_WORDS		0x00010000	/* use long names */
105 #define	SHORT_WORDS		0x00020000	/* use short names if present */
106 #define	LONG_CLASSIFICATION	0x00040000	/* use long classification */
107 #define	SHORT_CLASSIFICATION	0x00080000	/* use short classification */
108 #define	NO_CLASSIFICATION	0x00100000	/* don't translate the class */
109 #define	VIEW_INTERNAL		0x00200000	/* don't promote/demote */
110 #define	VIEW_EXTERNAL		0x00400000	/* promote/demote label */
111 
112 #define	NEW_LABEL		0x00000001	/* create a full new label */
113 #define	NO_CORRECTION		0x00000002	/* don't correct label errors */
114 						/* implies NEW_LABEL */
115 
116 #define	CVT_DIM			0x01		/* display word dimmed */
117 #define	CVT_SET			0x02		/* display word currently set */
118 
119 /* Procedure Interface Definitions available to user */
120 
121 /* APIs shared with the kernel are in <sys/tsol/label.h */
122 
123 extern m_label_t *blabel_alloc(void);
124 extern void	blabel_free(m_label_t *);
125 extern size32_t blabel_size(void);
126 extern char	*bsltoh(const m_label_t *);
127 extern char	*bcleartoh(const m_label_t *);
128 
129 extern char	*bsltoh_r(const m_label_t *, char *);
130 extern char	*bcleartoh_r(const m_label_t *, char *);
131 extern char	*h_alloc(uint8_t);
132 extern void	h_free(char *);
133 
134 extern int	htobsl(const char *, m_label_t *);
135 extern int	htobclear(const char *, m_label_t *);
136 
137 extern m_range_t	*getuserrange(const char *);
138 extern m_range_t	*getdevicerange(const char *);
139 
140 extern int	set_effective_priv(priv_op_t, int, ...);
141 extern int	set_inheritable_priv(priv_op_t, int, ...);
142 extern int	set_permitted_priv(priv_op_t, int, ...);
143 extern int	is_system_labeled(void);
144 
145 /* Procedures needed for multi-level printing */
146 
147 extern int	tsol_check_admin_auth(uid_t uid);
148 
149 /* APIs implemented via labeld */
150 
151 extern int	blinset(const m_label_t *, const set_id *);
152 extern int	labelinfo(struct label_info *);
153 extern ssize_t	labelvers(char **, size_t);
154 extern char	*bltocolor(const m_label_t *);
155 extern char	*bltocolor_r(const m_label_t *, size_t, char *);
156 
157 extern ssize_t	bsltos(const m_label_t *, char **, size_t, int);
158 extern ssize_t	bcleartos(const m_label_t *, char **, size_t, int);
159 
160 
161 extern char	*sbsltos(const m_label_t *, size_t);
162 extern char	*sbcleartos(const m_label_t *, size_t);
163 
164 
165 extern int	stobsl(const char *, m_label_t *, int, int *);
166 extern int	stobclear(const char *, m_label_t *, int, int *);
167 extern int	bslvalid(const m_label_t *);
168 extern int	bclearvalid(const m_label_t *);
169 
170 /* DIA label conversion and parsing */
171 
172 /* Conversion types */
173 
174 typedef	enum _m_label_str {
175 	M_LABEL = 1,		/* process or user clearance */
176 	M_INTERNAL = 2,		/* internal form for use in public databases */
177 	M_COLOR = 3,		/* process label color */
178 	PRINTER_TOP_BOTTOM = 4,	/* DIA banner page top/bottom */
179 	PRINTER_LABEL = 5,	/* DIA banner page label */
180 	PRINTER_CAVEATS = 6,	/* DIA banner page caveats */
181 	PRINTER_CHANNELS = 7	/* DIA banner page handling channels */
182 } m_label_str_t;
183 
184 /* Flags for conversion, not all flags apply to all types */
185 #define	DEF_NAMES	0x1
186 #define	SHORT_NAMES	0x3	/* short names are prefered where defined */
187 #define	LONG_NAMES	0x4	/* long names are prefered where defined */
188 
189 extern int label_to_str(const m_label_t *, char **, const m_label_str_t,
190     uint_t);
191 extern int l_to_str_internal(const m_label_t *, char **);
192 
193 /* Parsing types */
194 typedef enum _m_label_type {
195 	MAC_LABEL = 1,		/* process or object label */
196 	USER_CLEAR = 2		/* user's clearance (LUB) */
197 } m_label_type_t;
198 
199 /* Flags for parsing */
200 
201 #define	L_DEFAULT		0x0
202 #define	L_MODIFY_EXISTING	0x1	/* start parsing with existing label */
203 #define	L_NO_CORRECTION		0x2	/* must be correct by l_e rules */
204 #define	L_CHECK_AR		0x10	/* must be in l_e AR */
205 
206 /* EINVAL sub codes */
207 
208 #define	M_OUTSIDE_AR		-4	/* not in l_e AR */
209 #define	M_BAD_STRING		-3	/* DIA L_BAD_LABEL */
210 	/* bad requested label type, bad previous label type */
211 #define	M_BAD_LABEL		-2	/* DIA L_BAD_CLASSIFICATION, */
212 
213 extern int str_to_label(const char *, m_label_t **, const m_label_type_t,
214     uint_t, int *);
215 extern int hexstr_to_label(const char *, m_label_t *);
216 
217 extern m_label_t *m_label_alloc(const m_label_type_t);
218 
219 extern int m_label_dup(m_label_t **, const m_label_t *);
220 
221 extern void m_label_free(m_label_t *);
222 
223 /* Contract Private interfaces with the label builder GUIs */
224 
225 extern int	bslcvtfull(const m_label_t *, const m_range_t *, int,
226     char **, char **[], char **[], char *[], int *, int *);
227 extern int	bslcvt(const m_label_t *, int, char **, char *[]);
228 extern int	bclearcvtfull(const m_label_t *, const m_range_t *, int,
229     char **, char **[], char **[], char *[], int *, int *);
230 extern int	bclearcvt(const m_label_t *, int, char **, char *[]);
231 
232 extern int	labelfields(struct name_fields *);
233 extern int	userdefs(m_label_t *, m_label_t *);
234 extern int	zonecopy(m_label_t *, char *, char *, char *, int);
235 
236 #ifdef DEBUG
237 /* testing hook: see devfsadm.c, mkdevalloc.c and allocate.c */
238 #define	is_system_labeled_debug(statbufp)	\
239 	((stat("/ALLOCATE_FORCE_LABEL", (statbufp)) == 0) ? 1 : 0)
240 #else	/* DEBUG */
241 #define	is_system_labeled_debug(statbufp)	0
242 #endif	/* DEBUG */
243 
244 #ifdef	__cplusplus
245 }
246 #endif
247 
248 #endif	/* !_TSOL_LABEL_H */
249