1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_TSOL_LABEL_H 27 #define _SYS_TSOL_LABEL_H 28 29 #include <sys/types.h> 30 #ifdef _KERNEL 31 #include <sys/cred.h> 32 #include <sys/vnode.h> 33 #include <sys/tsol/label_macro.h> 34 #endif /* _KERNEL */ 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 /* 41 * types of label comparison 42 */ 43 #define EQUALITY_CHECK 0 44 #define DOMINANCE_CHECK 1 45 46 /* Manifest human readable label names */ 47 #define ADMIN_LOW "ADMIN_LOW" 48 #define ADMIN_HIGH "ADMIN_HIGH" 49 50 /* Binary Label Structure Definitions */ 51 52 typedef struct _mac_label_impl m_label_t; 53 54 typedef m_label_t blevel_t, /* compatibility */ 55 bslabel_t, /* Sensitivity Label */ 56 bclear_t; /* Clearance */ 57 58 typedef struct _tsol_binary_level_lrange { /* Level Range */ 59 m_label_t *lower_bound; 60 m_label_t *upper_bound; 61 } m_range_t; 62 63 typedef m_range_t blrange_t; 64 65 typedef struct tsol_mlp_s { 66 uchar_t mlp_ipp; 67 uint16_t mlp_port; 68 uint16_t mlp_port_upper; 69 } tsol_mlp_t; 70 71 /* Procedure Interface Definitions available to user and kernel */ 72 73 extern int bltype(const void *, uint8_t); 74 extern int blequal(const m_label_t *, const m_label_t *); 75 extern int bldominates(const m_label_t *, const m_label_t *); 76 extern int blstrictdom(const m_label_t *, const m_label_t *); 77 extern int blinrange(const m_label_t *, const m_range_t *); 78 extern void blmaximum(m_label_t *, const m_label_t *); 79 extern void blminimum(m_label_t *, const m_label_t *); 80 extern void bsllow(m_label_t *); 81 extern void bslhigh(m_label_t *); 82 extern void bclearlow(m_label_t *); 83 extern void bclearhigh(m_label_t *); 84 extern void bslundef(m_label_t *); 85 extern void bclearundef(m_label_t *); 86 extern void setbltype(void *, uint8_t); 87 extern boolean_t bisinvalid(const void *); 88 89 #ifdef _KERNEL 90 typedef struct tsol_mlp_entry_s { 91 struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev; 92 zoneid_t mlpe_zoneid; 93 tsol_mlp_t mlpe_mlp; 94 } tsol_mlp_entry_t; 95 96 typedef struct tsol_mlp_list_s { 97 krwlock_t mlpl_rwlock; 98 tsol_mlp_entry_t *mlpl_first, *mlpl_last; 99 } tsol_mlp_list_t; 100 101 typedef struct ts_label_s { 102 uint_t tsl_ref; /* Reference count */ 103 uint32_t tsl_doi; /* Domain of Interpretation */ 104 uint32_t tsl_flags; /* TSLF_* below */ 105 m_label_t tsl_label; /* Actual label */ 106 } ts_label_t; 107 108 #define DEFAULT_DOI 1 109 110 /* 111 * TSLF_UNLABELED is set in tsl_flags for packets with no explicit label 112 * when the peer is unlabeled. 113 * 114 * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label 115 * from a peer which is flagged in the tnrhdb as label-aware. 116 * 117 * TSLF_IMPLICIT_OUT is set when the packet should be sent without an 118 * explict label even if the peer or next-hop router is flagged in the 119 * tnrhdb as label-aware. 120 */ 121 122 #define TSLF_UNLABELED 0x00000001 /* peer is unlabeled */ 123 #define TSLF_IMPLICIT_IN 0x00000002 /* inbound implicit */ 124 #define TSLF_IMPLICIT_OUT 0x00000004 /* outbound implicit */ 125 126 #define CR_SL(cr) (label2bslabel(crgetlabel(cr))) 127 128 extern ts_label_t *l_admin_low; 129 extern ts_label_t *l_admin_high; 130 extern uint32_t default_doi; 131 extern int sys_labeling; 132 133 extern void label_init(void); 134 extern ts_label_t *labelalloc(const m_label_t *, uint32_t, int); 135 extern ts_label_t *labeldup(const ts_label_t *, int); 136 extern void label_hold(ts_label_t *); 137 extern void label_rele(ts_label_t *); 138 extern m_label_t *label2bslabel(ts_label_t *); 139 extern uint32_t label2doi(ts_label_t *); 140 extern boolean_t label_equal(const ts_label_t *, const ts_label_t *); 141 extern cred_t *newcred_from_bslabel(m_label_t *, uint32_t, int); 142 extern cred_t *copycred_from_bslabel(const cred_t *, m_label_t *, 143 uint32_t, int); 144 extern cred_t *copycred_from_tslabel(const cred_t *, ts_label_t *, 145 int); 146 extern ts_label_t *getflabel(vnode_t *); 147 extern int getlabel(const char *, m_label_t *); 148 extern int fgetlabel(int, m_label_t *); 149 extern int _blinrange(const m_label_t *, const brange_t *); 150 extern int blinlset(const m_label_t *, const blset_t); 151 152 extern int l_to_str_internal(const m_label_t *, char **); 153 extern int hexstr_to_label(const char *, m_label_t *); 154 155 /* 156 * The use of '!!' here prevents users from referencing this function-like 157 * macro as though it were an l-value, and in normal use is optimized away 158 * by the compiler. 159 */ 160 #define is_system_labeled() (!!(sys_labeling > 0)) 161 162 #endif /* _KERNEL */ 163 164 #ifdef __cplusplus 165 } 166 #endif 167 168 #endif /* !_SYS_TSOL_LABEL_H */ 169