145916cd2Sjpk /* 245916cd2Sjpk * CDDL HEADER START 345916cd2Sjpk * 445916cd2Sjpk * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 745916cd2Sjpk * 845916cd2Sjpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 945916cd2Sjpk * or http://www.opensolaris.org/os/licensing. 1045916cd2Sjpk * See the License for the specific language governing permissions 1145916cd2Sjpk * and limitations under the License. 1245916cd2Sjpk * 1345916cd2Sjpk * When distributing Covered Code, include this CDDL HEADER in each 1445916cd2Sjpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1545916cd2Sjpk * If applicable, add the following below this CDDL HEADER, with the 1645916cd2Sjpk * fields enclosed by brackets "[]" replaced with your own identifying 1745916cd2Sjpk * information: Portions Copyright [yyyy] [name of copyright owner] 1845916cd2Sjpk * 1945916cd2Sjpk * CDDL HEADER END 2045916cd2Sjpk */ 2145916cd2Sjpk /* 2242096647STony Nguyen * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2345916cd2Sjpk * Use is subject to license terms. 2445916cd2Sjpk */ 2545916cd2Sjpk 2645916cd2Sjpk #ifndef _TSOL_LABEL_H 2745916cd2Sjpk #define _TSOL_LABEL_H 2845916cd2Sjpk 2942096647STony Nguyen #include <sys/types32.h> 3045916cd2Sjpk #include <sys/tsol/label.h> 3145916cd2Sjpk #include <priv.h> 3245916cd2Sjpk 3345916cd2Sjpk #ifdef __cplusplus 3445916cd2Sjpk extern "C" { 3545916cd2Sjpk #endif 3645916cd2Sjpk 3745916cd2Sjpk /* Procedural Interface Structure Definitions */ 3845916cd2Sjpk 3945916cd2Sjpk struct label_info { /* structure returned by label_info */ 4045916cd2Sjpk short ilabel_len; /* max Information Label length */ 4145916cd2Sjpk short slabel_len; /* max Sensitivity Label length */ 4245916cd2Sjpk short clabel_len; /* max CMW Label length */ 4345916cd2Sjpk short clear_len; /* max Clearance Label length */ 4445916cd2Sjpk short vers_len; /* version string length */ 4545916cd2Sjpk short header_len; /* max len of banner page header */ 4645916cd2Sjpk short protect_as_len; /* max len of banner page protect as */ 4745916cd2Sjpk short caveats_len; /* max len of banner page caveats */ 4845916cd2Sjpk short channels_len; /* max len of banner page channels */ 4945916cd2Sjpk }; 5045916cd2Sjpk 5145916cd2Sjpk typedef struct label_set_identifier { /* valid label set identifier */ 5245916cd2Sjpk int type; /* type of the set */ 5345916cd2Sjpk char *name; /* name of the set if needed */ 5445916cd2Sjpk } set_id; 5545916cd2Sjpk 5645916cd2Sjpk struct name_fields { /* names for label builder fields */ 5745916cd2Sjpk char *class_name; /* Classifications field name */ 5845916cd2Sjpk char *comps_name; /* Compartments field name */ 5945916cd2Sjpk char *marks_name; /* Markings field name */ 6045916cd2Sjpk }; 6145916cd2Sjpk 6245916cd2Sjpk /* Label Set Identifier Types */ 6345916cd2Sjpk 6445916cd2Sjpk /* 6545916cd2Sjpk * The accreditation ranges as specified in the label encodings file. 6645916cd2Sjpk * The name parameter is ignored. 6745916cd2Sjpk * 6845916cd2Sjpk * System Accreditation Range is all valid labels plus Admin High and Low. 6945916cd2Sjpk * 7045916cd2Sjpk * User Accreditation Range is valid user labels as defined in the 7145916cd2Sjpk * ACCREDITATION RANGE: section of the label encodings file. 7245916cd2Sjpk */ 7345916cd2Sjpk 7445916cd2Sjpk #define SYSTEM_ACCREDITATION_RANGE 1 7545916cd2Sjpk #define USER_ACCREDITATION_RANGE 2 7645916cd2Sjpk 7745916cd2Sjpk 7845916cd2Sjpk /* System Call Interface Definitions */ 7945916cd2Sjpk 8045916cd2Sjpk extern int getlabel(const char *, m_label_t *); 8145916cd2Sjpk extern int fgetlabel(int, m_label_t *); 8245916cd2Sjpk 8345916cd2Sjpk extern int getplabel(m_label_t *); 8445916cd2Sjpk extern int setflabel(const char *, m_label_t *); 8545916cd2Sjpk extern char *getpathbylabel(const char *, char *, size_t, 8645916cd2Sjpk const m_label_t *sl); 8745916cd2Sjpk extern m_label_t *getzonelabelbyid(zoneid_t); 8845916cd2Sjpk extern m_label_t *getzonelabelbyname(const char *); 8945916cd2Sjpk extern zoneid_t getzoneidbylabel(const m_label_t *); 9045916cd2Sjpk extern char *getzonenamebylabel(const m_label_t *); 9145916cd2Sjpk extern char *getzonerootbyid(zoneid_t); 9245916cd2Sjpk extern char *getzonerootbyname(const char *); 9345916cd2Sjpk extern char *getzonerootbylabel(const m_label_t *); 9445916cd2Sjpk extern m_label_t *getlabelbypath(const char *); 9545916cd2Sjpk 9645916cd2Sjpk 9745916cd2Sjpk /* Flag word values */ 9845916cd2Sjpk 9945916cd2Sjpk #define ALL_ENTRIES 0x00000000 10045916cd2Sjpk #define ACCESS_RELATED 0x00000001 10145916cd2Sjpk #define ACCESS_MASK 0x0000FFFF 10245916cd2Sjpk #define ACCESS_SHIFT 0 10345916cd2Sjpk 10445916cd2Sjpk #define LONG_WORDS 0x00010000 /* use long names */ 10545916cd2Sjpk #define SHORT_WORDS 0x00020000 /* use short names if present */ 10645916cd2Sjpk #define LONG_CLASSIFICATION 0x00040000 /* use long classification */ 10745916cd2Sjpk #define SHORT_CLASSIFICATION 0x00080000 /* use short classification */ 10845916cd2Sjpk #define NO_CLASSIFICATION 0x00100000 /* don't translate the class */ 10945916cd2Sjpk #define VIEW_INTERNAL 0x00200000 /* don't promote/demote */ 11045916cd2Sjpk #define VIEW_EXTERNAL 0x00400000 /* promote/demote label */ 11145916cd2Sjpk 11245916cd2Sjpk #define NEW_LABEL 0x00000001 /* create a full new label */ 11345916cd2Sjpk #define NO_CORRECTION 0x00000002 /* don't correct label errors */ 11445916cd2Sjpk /* implies NEW_LABEL */ 11545916cd2Sjpk 11645916cd2Sjpk #define CVT_DIM 0x01 /* display word dimmed */ 11745916cd2Sjpk #define CVT_SET 0x02 /* display word currently set */ 11845916cd2Sjpk 11945916cd2Sjpk /* Procedure Interface Definitions available to user */ 12045916cd2Sjpk 12145916cd2Sjpk /* APIs shared with the kernel are in <sys/tsol/label.h */ 12245916cd2Sjpk 12345916cd2Sjpk extern m_label_t *blabel_alloc(void); 12445916cd2Sjpk extern void blabel_free(m_label_t *); 12542096647STony Nguyen extern size32_t blabel_size(void); 12645916cd2Sjpk extern char *bsltoh(const m_label_t *); 12745916cd2Sjpk extern char *bcleartoh(const m_label_t *); 12845916cd2Sjpk 12945916cd2Sjpk extern char *bsltoh_r(const m_label_t *, char *); 13045916cd2Sjpk extern char *bcleartoh_r(const m_label_t *, char *); 13145916cd2Sjpk extern char *h_alloc(uint8_t); 13245916cd2Sjpk extern void h_free(char *); 13345916cd2Sjpk 13445916cd2Sjpk extern int htobsl(const char *, m_label_t *); 13545916cd2Sjpk extern int htobclear(const char *, m_label_t *); 13645916cd2Sjpk 13745916cd2Sjpk extern m_range_t *getuserrange(const char *); 13845916cd2Sjpk extern m_range_t *getdevicerange(const char *); 13945916cd2Sjpk 14045916cd2Sjpk extern int set_effective_priv(priv_op_t, int, ...); 14145916cd2Sjpk extern int set_inheritable_priv(priv_op_t, int, ...); 14245916cd2Sjpk extern int set_permitted_priv(priv_op_t, int, ...); 14345916cd2Sjpk extern int is_system_labeled(void); 14445916cd2Sjpk 14545916cd2Sjpk /* Procedures needed for multi-level printing */ 14645916cd2Sjpk 14745916cd2Sjpk extern int tsol_check_admin_auth(uid_t uid); 14845916cd2Sjpk 14945916cd2Sjpk /* APIs implemented via labeld */ 15045916cd2Sjpk 15145916cd2Sjpk extern int blinset(const m_label_t *, const set_id *); 15245916cd2Sjpk extern int labelinfo(struct label_info *); 15345916cd2Sjpk extern ssize_t labelvers(char **, size_t); 15445916cd2Sjpk extern char *bltocolor(const m_label_t *); 15545916cd2Sjpk extern char *bltocolor_r(const m_label_t *, size_t, char *); 15645916cd2Sjpk 15745916cd2Sjpk extern ssize_t bsltos(const m_label_t *, char **, size_t, int); 15845916cd2Sjpk extern ssize_t bcleartos(const m_label_t *, char **, size_t, int); 15945916cd2Sjpk 16045916cd2Sjpk 16145916cd2Sjpk extern char *sbsltos(const m_label_t *, size_t); 16245916cd2Sjpk extern char *sbcleartos(const m_label_t *, size_t); 16345916cd2Sjpk 16445916cd2Sjpk 16545916cd2Sjpk extern int stobsl(const char *, m_label_t *, int, int *); 16645916cd2Sjpk extern int stobclear(const char *, m_label_t *, int, int *); 16745916cd2Sjpk extern int bslvalid(const m_label_t *); 16845916cd2Sjpk extern int bclearvalid(const m_label_t *); 16945916cd2Sjpk 17045916cd2Sjpk /* DIA label conversion and parsing */ 17145916cd2Sjpk 17245916cd2Sjpk /* Conversion types */ 17345916cd2Sjpk 17445916cd2Sjpk typedef enum _m_label_str { 17545916cd2Sjpk M_LABEL = 1, /* process or user clearance */ 17645916cd2Sjpk M_INTERNAL = 2, /* internal form for use in public databases */ 17745916cd2Sjpk M_COLOR = 3, /* process label color */ 17845916cd2Sjpk PRINTER_TOP_BOTTOM = 4, /* DIA banner page top/bottom */ 17945916cd2Sjpk PRINTER_LABEL = 5, /* DIA banner page label */ 18045916cd2Sjpk PRINTER_CAVEATS = 6, /* DIA banner page caveats */ 18145916cd2Sjpk PRINTER_CHANNELS = 7 /* DIA banner page handling channels */ 18245916cd2Sjpk } m_label_str_t; 18345916cd2Sjpk 18445916cd2Sjpk /* Flags for conversion, not all flags apply to all types */ 18545916cd2Sjpk #define DEF_NAMES 0x1 18645916cd2Sjpk #define SHORT_NAMES 0x3 /* short names are prefered where defined */ 18745916cd2Sjpk #define LONG_NAMES 0x4 /* long names are prefered where defined */ 18845916cd2Sjpk 18945916cd2Sjpk extern int label_to_str(const m_label_t *, char **, const m_label_str_t, 19045916cd2Sjpk uint_t); 191*4201a95eSRic Aleshire extern int l_to_str_internal(const m_label_t *, char **); 19245916cd2Sjpk 19345916cd2Sjpk /* Parsing types */ 19445916cd2Sjpk typedef enum _m_label_type { 19545916cd2Sjpk MAC_LABEL = 1, /* process or object label */ 19645916cd2Sjpk USER_CLEAR = 2 /* user's clearance (LUB) */ 19745916cd2Sjpk } m_label_type_t; 19845916cd2Sjpk 19945916cd2Sjpk /* Flags for parsing */ 20045916cd2Sjpk 20145916cd2Sjpk #define L_DEFAULT 0x0 20245916cd2Sjpk #define L_MODIFY_EXISTING 0x1 /* start parsing with existing label */ 20345916cd2Sjpk #define L_NO_CORRECTION 0x2 /* must be correct by l_e rules */ 204ad355aa0Sgww #define L_CHECK_AR 0x10 /* must be in l_e AR */ 20545916cd2Sjpk 20645916cd2Sjpk /* EINVAL sub codes */ 20745916cd2Sjpk 208ad355aa0Sgww #define M_OUTSIDE_AR -4 /* not in l_e AR */ 20945916cd2Sjpk #define M_BAD_STRING -3 /* DIA L_BAD_LABEL */ 21045916cd2Sjpk /* bad requested label type, bad previous label type */ 21145916cd2Sjpk #define M_BAD_LABEL -2 /* DIA L_BAD_CLASSIFICATION, */ 21245916cd2Sjpk 21345916cd2Sjpk extern int str_to_label(const char *, m_label_t **, const m_label_type_t, 21445916cd2Sjpk uint_t, int *); 215*4201a95eSRic Aleshire extern int hexstr_to_label(const char *, m_label_t *); 21645916cd2Sjpk 21745916cd2Sjpk extern m_label_t *m_label_alloc(const m_label_type_t); 21845916cd2Sjpk 21945916cd2Sjpk extern int m_label_dup(m_label_t **, const m_label_t *); 22045916cd2Sjpk 22145916cd2Sjpk extern void m_label_free(m_label_t *); 22245916cd2Sjpk 22345916cd2Sjpk /* Contract Private interfaces with the label builder GUIs */ 22445916cd2Sjpk 22545916cd2Sjpk extern int bslcvtfull(const m_label_t *, const m_range_t *, int, 22645916cd2Sjpk char **, char **[], char **[], char *[], int *, int *); 22745916cd2Sjpk extern int bslcvt(const m_label_t *, int, char **, char *[]); 22845916cd2Sjpk extern int bclearcvtfull(const m_label_t *, const m_range_t *, int, 22945916cd2Sjpk char **, char **[], char **[], char *[], int *, int *); 23045916cd2Sjpk extern int bclearcvt(const m_label_t *, int, char **, char *[]); 23145916cd2Sjpk 23245916cd2Sjpk extern int labelfields(struct name_fields *); 23345916cd2Sjpk extern int userdefs(m_label_t *, m_label_t *); 23445916cd2Sjpk extern int zonecopy(m_label_t *, char *, char *, char *, int); 23545916cd2Sjpk 236facf4a8dSllai1 #ifdef DEBUG 237facf4a8dSllai1 /* testing hook: see devfsadm.c, mkdevalloc.c and allocate.c */ 238facf4a8dSllai1 #define is_system_labeled_debug(statbufp) \ 239facf4a8dSllai1 ((stat("/ALLOCATE_FORCE_LABEL", (statbufp)) == 0) ? 1 : 0) 240facf4a8dSllai1 #else /* DEBUG */ 241facf4a8dSllai1 #define is_system_labeled_debug(statbufp) 0 242facf4a8dSllai1 #endif /* DEBUG */ 243facf4a8dSllai1 24445916cd2Sjpk #ifdef __cplusplus 24545916cd2Sjpk } 24645916cd2Sjpk #endif 24745916cd2Sjpk 24845916cd2Sjpk #endif /* !_TSOL_LABEL_H */ 249