xref: /titanic_51/usr/src/uts/common/sys/tsol/label.h (revision bbf6f00c25b6a2bed23c35eac6d62998ecdb338c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_SYS_TSOL_LABEL_H
27 #define	_SYS_TSOL_LABEL_H
28 
29 #include <sys/types.h>
30 #ifdef _KERNEL
31 #include <sys/cred.h>
32 #include <sys/vnode.h>
33 #include <sys/tsol/label_macro.h>
34 #endif /* _KERNEL */
35 
36 #ifdef	__cplusplus
37 extern "C" {
38 #endif
39 
40 /*
41  * types of label comparison
42  */
43 #define	EQUALITY_CHECK	0
44 #define	DOMINANCE_CHECK	1
45 
46 /* Binary Label Structure Definitions */
47 
48 typedef	struct _mac_label_impl	m_label_t;
49 
50 typedef m_label_t	blevel_t,		/* compatibility */
51 			bslabel_t,		/* Sensitivity Label */
52 			bclear_t;		/* Clearance */
53 
54 typedef struct _tsol_binary_level_lrange {	/* Level Range */
55 	m_label_t *lower_bound;
56 	m_label_t *upper_bound;
57 } m_range_t;
58 
59 typedef	m_range_t	blrange_t;
60 
61 typedef struct tsol_mlp_s {
62 	uchar_t mlp_ipp;
63 	uint16_t mlp_port;
64 	uint16_t mlp_port_upper;
65 } tsol_mlp_t;
66 
67 /* Procedure Interface Definitions available to user and kernel */
68 
69 extern int	bltype(const void *, uint8_t);
70 extern int	blequal(const m_label_t *, const m_label_t *);
71 extern int	bldominates(const m_label_t *, const m_label_t *);
72 extern int	blstrictdom(const m_label_t *, const m_label_t *);
73 extern int	blinrange(const m_label_t *, const m_range_t *);
74 extern void	blmaximum(m_label_t *, const m_label_t *);
75 extern void	blminimum(m_label_t *, const m_label_t *);
76 extern void	bsllow(m_label_t *);
77 extern void	bslhigh(m_label_t *);
78 extern void	bclearlow(m_label_t *);
79 extern void	bclearhigh(m_label_t *);
80 extern void	bslundef(m_label_t *);
81 extern void	bclearundef(m_label_t *);
82 extern void	setbltype(void *, uint8_t);
83 extern boolean_t	bisinvalid(const void *);
84 
85 #ifdef	_KERNEL
86 typedef struct tsol_mlp_entry_s {
87 	struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
88 	zoneid_t mlpe_zoneid;
89 	tsol_mlp_t mlpe_mlp;
90 } tsol_mlp_entry_t;
91 
92 typedef struct tsol_mlp_list_s {
93 	krwlock_t mlpl_rwlock;
94 	tsol_mlp_entry_t *mlpl_first, *mlpl_last;
95 } tsol_mlp_list_t;
96 
97 typedef	struct ts_label_s {
98 	uint_t		tsl_ref;	/* Reference count */
99 	uint32_t	tsl_doi;	/* Domain of Interpretation */
100 	uint32_t	tsl_flags;	/* TSLF_* below */
101 	m_label_t	tsl_label;	/* Actual label */
102 } ts_label_t;
103 
104 #define	DEFAULT_DOI 1
105 
106 /*
107  * TSLF_UNLABELED is set in tsl_flags for  packets with no explicit label
108  * when the peer is unlabeled.
109  *
110  * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
111  * from a peer which is flagged in the tnrhdb as label-aware.
112  *
113  * TSLF_IMPLICIT_OUT is set when the packet should be sent without an
114  * explict label even if the peer or next-hop router is flagged in the
115  * tnrhdb as label-aware.
116  */
117 
118 #define	TSLF_UNLABELED		0x00000001	/* peer is unlabeled */
119 #define	TSLF_IMPLICIT_IN	0x00000002	/* inbound implicit */
120 #define	TSLF_IMPLICIT_OUT	0x00000004	/* outbound implicit */
121 
122 #define	CR_SL(cr)	(label2bslabel(crgetlabel(cr)))
123 
124 extern ts_label_t	*l_admin_low;
125 extern ts_label_t	*l_admin_high;
126 extern uint32_t		default_doi;
127 extern int		sys_labeling;
128 
129 extern void		label_init(void);
130 extern ts_label_t	*labelalloc(const m_label_t *, uint32_t, int);
131 extern ts_label_t	*labeldup(const ts_label_t *, int);
132 extern void		label_hold(ts_label_t *);
133 extern void		label_rele(ts_label_t *);
134 extern m_label_t	*label2bslabel(ts_label_t *);
135 extern uint32_t		label2doi(ts_label_t *);
136 extern boolean_t	label_equal(const ts_label_t *, const ts_label_t *);
137 extern cred_t 		*newcred_from_bslabel(m_label_t *, uint32_t, int);
138 extern cred_t 		*copycred_from_bslabel(const cred_t *, m_label_t *,
139 			    uint32_t, int);
140 extern cred_t		*copycred_from_tslabel(const cred_t *, ts_label_t *,
141 			    int);
142 extern ts_label_t	*getflabel(vnode_t *);
143 extern int		getlabel(const char *, m_label_t *);
144 extern int		fgetlabel(int, m_label_t *);
145 extern int		_blinrange(const m_label_t *, const brange_t *);
146 extern int		blinlset(const m_label_t *, const blset_t);
147 
148 /*
149  * The use of '!!' here prevents users from referencing this function-like
150  * macro as though it were an l-value, and in normal use is optimized away
151  * by the compiler.
152  */
153 #define	is_system_labeled()	(!!(sys_labeling > 0))
154 
155 #endif	/* _KERNEL */
156 
157 #ifdef	__cplusplus
158 }
159 #endif
160 
161 #endif	/* !_SYS_TSOL_LABEL_H */
162