169 lines
5.1 KiB
C
169 lines
5.1 KiB
C
|
/*
|
||
|
* CDDL HEADER START
|
||
|
*
|
||
|
* The contents of this file are subject to the terms of the
|
||
|
* Common Development and Distribution License (the "License").
|
||
|
* You may not use this file except in compliance with the License.
|
||
|
*
|
||
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||
|
* or http://www.opensolaris.org/os/licensing.
|
||
|
* See the License for the specific language governing permissions
|
||
|
* and limitations under the License.
|
||
|
*
|
||
|
* When distributing Covered Code, include this CDDL HEADER in each
|
||
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||
|
* If applicable, add the following below this CDDL HEADER, with the
|
||
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
||
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
||
|
*
|
||
|
* CDDL HEADER END
|
||
|
*/
|
||
|
/*
|
||
|
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
|
||
|
* Use is subject to license terms.
|
||
|
*/
|
||
|
|
||
|
#ifndef _SYS_TSOL_LABEL_H
|
||
|
#define _SYS_TSOL_LABEL_H
|
||
|
|
||
|
#include <sys/types.h>
|
||
|
#ifdef _KERNEL
|
||
|
#include <sys/cred.h>
|
||
|
#include <sys/vnode.h>
|
||
|
#include <sys/tsol/label_macro.h>
|
||
|
#endif /* _KERNEL */
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
extern "C" {
|
||
|
#endif
|
||
|
|
||
|
/*
|
||
|
* types of label comparison
|
||
|
*/
|
||
|
#define EQUALITY_CHECK 0
|
||
|
#define DOMINANCE_CHECK 1
|
||
|
|
||
|
/* Manifest human readable label names */
|
||
|
#define ADMIN_LOW "ADMIN_LOW"
|
||
|
#define ADMIN_HIGH "ADMIN_HIGH"
|
||
|
|
||
|
/* Binary Label Structure Definitions */
|
||
|
|
||
|
typedef struct _mac_label_impl m_label_t;
|
||
|
|
||
|
typedef m_label_t blevel_t, /* compatibility */
|
||
|
bslabel_t, /* Sensitivity Label */
|
||
|
bclear_t; /* Clearance */
|
||
|
|
||
|
typedef struct _tsol_binary_level_lrange { /* Level Range */
|
||
|
m_label_t *lower_bound;
|
||
|
m_label_t *upper_bound;
|
||
|
} m_range_t;
|
||
|
|
||
|
typedef m_range_t blrange_t;
|
||
|
|
||
|
typedef struct tsol_mlp_s {
|
||
|
uchar_t mlp_ipp;
|
||
|
uint16_t mlp_port;
|
||
|
uint16_t mlp_port_upper;
|
||
|
} tsol_mlp_t;
|
||
|
|
||
|
/* Procedure Interface Definitions available to user and kernel */
|
||
|
|
||
|
extern int bltype(const void *, uint8_t);
|
||
|
extern int blequal(const m_label_t *, const m_label_t *);
|
||
|
extern int bldominates(const m_label_t *, const m_label_t *);
|
||
|
extern int blstrictdom(const m_label_t *, const m_label_t *);
|
||
|
extern int blinrange(const m_label_t *, const m_range_t *);
|
||
|
extern void blmaximum(m_label_t *, const m_label_t *);
|
||
|
extern void blminimum(m_label_t *, const m_label_t *);
|
||
|
extern void bsllow(m_label_t *);
|
||
|
extern void bslhigh(m_label_t *);
|
||
|
extern void bclearlow(m_label_t *);
|
||
|
extern void bclearhigh(m_label_t *);
|
||
|
extern void bslundef(m_label_t *);
|
||
|
extern void bclearundef(m_label_t *);
|
||
|
extern void setbltype(void *, uint8_t);
|
||
|
extern boolean_t bisinvalid(const void *);
|
||
|
|
||
|
#ifdef _KERNEL
|
||
|
typedef struct tsol_mlp_entry_s {
|
||
|
struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
|
||
|
zoneid_t mlpe_zoneid;
|
||
|
tsol_mlp_t mlpe_mlp;
|
||
|
} tsol_mlp_entry_t;
|
||
|
|
||
|
typedef struct tsol_mlp_list_s {
|
||
|
krwlock_t mlpl_rwlock;
|
||
|
tsol_mlp_entry_t *mlpl_first, *mlpl_last;
|
||
|
} tsol_mlp_list_t;
|
||
|
|
||
|
typedef struct ts_label_s {
|
||
|
uint_t tsl_ref; /* Reference count */
|
||
|
uint32_t tsl_doi; /* Domain of Interpretation */
|
||
|
uint32_t tsl_flags; /* TSLF_* below */
|
||
|
m_label_t tsl_label; /* Actual label */
|
||
|
} ts_label_t;
|
||
|
|
||
|
#define DEFAULT_DOI 1
|
||
|
|
||
|
/*
|
||
|
* TSLF_UNLABELED is set in tsl_flags for packets with no explicit label
|
||
|
* when the peer is unlabeled.
|
||
|
*
|
||
|
* TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
|
||
|
* from a peer which is flagged in the tnrhdb as label-aware.
|
||
|
*
|
||
|
* TSLF_IMPLICIT_OUT is set when the packet should be sent without an
|
||
|
* explict label even if the peer or next-hop router is flagged in the
|
||
|
* tnrhdb as label-aware.
|
||
|
*/
|
||
|
|
||
|
#define TSLF_UNLABELED 0x00000001 /* peer is unlabeled */
|
||
|
#define TSLF_IMPLICIT_IN 0x00000002 /* inbound implicit */
|
||
|
#define TSLF_IMPLICIT_OUT 0x00000004 /* outbound implicit */
|
||
|
|
||
|
#define CR_SL(cr) (label2bslabel(crgetlabel(cr)))
|
||
|
|
||
|
extern ts_label_t *l_admin_low;
|
||
|
extern ts_label_t *l_admin_high;
|
||
|
extern uint32_t default_doi;
|
||
|
extern int sys_labeling;
|
||
|
|
||
|
extern void label_init(void);
|
||
|
extern ts_label_t *labelalloc(const m_label_t *, uint32_t, int);
|
||
|
extern ts_label_t *labeldup(const ts_label_t *, int);
|
||
|
extern void label_hold(ts_label_t *);
|
||
|
extern void label_rele(ts_label_t *);
|
||
|
extern m_label_t *label2bslabel(ts_label_t *);
|
||
|
extern uint32_t label2doi(ts_label_t *);
|
||
|
extern boolean_t label_equal(const ts_label_t *, const ts_label_t *);
|
||
|
extern cred_t *newcred_from_bslabel(m_label_t *, uint32_t, int);
|
||
|
extern cred_t *copycred_from_bslabel(const cred_t *, m_label_t *,
|
||
|
uint32_t, int);
|
||
|
extern cred_t *copycred_from_tslabel(const cred_t *, ts_label_t *,
|
||
|
int);
|
||
|
extern ts_label_t *getflabel(vnode_t *);
|
||
|
extern int getlabel(const char *, m_label_t *);
|
||
|
extern int fgetlabel(int, m_label_t *);
|
||
|
extern int _blinrange(const m_label_t *, const brange_t *);
|
||
|
extern int blinlset(const m_label_t *, const blset_t);
|
||
|
|
||
|
extern int l_to_str_internal(const m_label_t *, char **);
|
||
|
extern int hexstr_to_label(const char *, m_label_t *);
|
||
|
|
||
|
/*
|
||
|
* The use of '!!' here prevents users from referencing this function-like
|
||
|
* macro as though it were an l-value, and in normal use is optimized away
|
||
|
* by the compiler.
|
||
|
*/
|
||
|
#define is_system_labeled() (!!(sys_labeling > 0))
|
||
|
|
||
|
#endif /* _KERNEL */
|
||
|
|
||
|
#ifdef __cplusplus
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
#endif /* !_SYS_TSOL_LABEL_H */
|