xref: /freebsd/sys/security/mac_grantbylabel/mac_grantbylabel.h (revision 1554ba03b651319ab0e1cde8492ea4516afc648b) 
1*1554ba03SSimon J. Gerraty /*
2*1554ba03SSimon J. Gerraty  * SPDX-License-Identifier: BSD-2-Clause
3*1554ba03SSimon J. Gerraty  *
4*1554ba03SSimon J. Gerraty  * Copyright (c) 2018-2023, Juniper Networks, Inc.
5*1554ba03SSimon J. Gerraty  * All rights reserved.
6*1554ba03SSimon J. Gerraty  *
7*1554ba03SSimon J. Gerraty  * Redistribution and use in source and binary forms, with or without
8*1554ba03SSimon J. Gerraty  * modification, are permitted provided that the following conditions
9*1554ba03SSimon J. Gerraty  * are met:
10*1554ba03SSimon J. Gerraty  * 1. Redistributions of source code must retain the above copyright
11*1554ba03SSimon J. Gerraty  *    notice, this list of conditions and the following disclaimer.
12*1554ba03SSimon J. Gerraty  * 2. Redistributions in binary form must reproduce the above copyright
13*1554ba03SSimon J. Gerraty  *    notice, this list of conditions and the following disclaimer in the
14*1554ba03SSimon J. Gerraty  *    documentation and/or other materials provided with the distribution.
15*1554ba03SSimon J. Gerraty  *
16*1554ba03SSimon J. Gerraty  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17*1554ba03SSimon J. Gerraty  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18*1554ba03SSimon J. Gerraty  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19*1554ba03SSimon J. Gerraty  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20*1554ba03SSimon J. Gerraty  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21*1554ba03SSimon J. Gerraty  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22*1554ba03SSimon J. Gerraty  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23*1554ba03SSimon J. Gerraty  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24*1554ba03SSimon J. Gerraty  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25*1554ba03SSimon J. Gerraty  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26*1554ba03SSimon J. Gerraty  * SUCH DAMAGE.
27*1554ba03SSimon J. Gerraty  */
28*1554ba03SSimon J. Gerraty 
29*1554ba03SSimon J. Gerraty #ifndef	_SECURITY_MAC_GRANTBYLABEL_H
30*1554ba03SSimon J. Gerraty #define	_SECURITY_MAC_GRANTBYLABEL_H
31*1554ba03SSimon J. Gerraty 
32*1554ba03SSimon J. Gerraty #include <security/mac_veriexec/mac_veriexec.h>
33*1554ba03SSimon J. Gerraty 
34*1554ba03SSimon J. Gerraty #define	MAC_GRANTBYLABEL_NAME	"mac_grantbylabel"
35*1554ba03SSimon J. Gerraty 
36*1554ba03SSimon J. Gerraty /* the bits we use to represent tokens */
37*1554ba03SSimon J. Gerraty #define GBL_EMPTY	(1<<0)
38*1554ba03SSimon J. Gerraty #define GBL_BIND	(1<<1)
39*1554ba03SSimon J. Gerraty #define GBL_IPC		(1<<2)
40*1554ba03SSimon J. Gerraty #define GBL_NET		(1<<3)
41*1554ba03SSimon J. Gerraty #define GBL_PROC	(1<<4)
42*1554ba03SSimon J. Gerraty #define GBL_RTSOCK	(1<<5)
43*1554ba03SSimon J. Gerraty #define GBL_SYSCTL	(1<<6)
44*1554ba03SSimon J. Gerraty #define GBL_VACCESS	(1<<7)
45*1554ba03SSimon J. Gerraty #define GBL_VERIEXEC	(1<<8)
46*1554ba03SSimon J. Gerraty #define GBL_KMEM	(1<<9)
47*1554ba03SSimon J. Gerraty #define GBL_MAX		9
48*1554ba03SSimon J. Gerraty 
49*1554ba03SSimon J. Gerraty /* this should suffice for now */
50*1554ba03SSimon J. Gerraty typedef uint32_t	gbl_label_t;
51*1554ba03SSimon J. Gerraty 
52*1554ba03SSimon J. Gerraty #define MAC_GRANTBYLABEL_FETCH_GBL	1
53*1554ba03SSimon J. Gerraty #define MAC_GRANTBYLABEL_FETCH_PID_GBL	2
54*1554ba03SSimon J. Gerraty 
55*1554ba03SSimon J. Gerraty struct mac_grantbylabel_fetch_gbl_args {
56*1554ba03SSimon J. Gerraty 	union {
57*1554ba03SSimon J. Gerraty 		int	fd;
58*1554ba03SSimon J. Gerraty 		pid_t	pid;
59*1554ba03SSimon J. Gerraty 	} u;
60*1554ba03SSimon J. Gerraty 	gbl_label_t	gbl;
61*1554ba03SSimon J. Gerraty };
62*1554ba03SSimon J. Gerraty 
63*1554ba03SSimon J. Gerraty #endif
64