145916cd2Sjpk /* 245916cd2Sjpk * CDDL HEADER START 345916cd2Sjpk * 445916cd2Sjpk * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 745916cd2Sjpk * 845916cd2Sjpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 945916cd2Sjpk * or http://www.opensolaris.org/os/licensing. 1045916cd2Sjpk * See the License for the specific language governing permissions 1145916cd2Sjpk * and limitations under the License. 1245916cd2Sjpk * 1345916cd2Sjpk * When distributing Covered Code, include this CDDL HEADER in each 1445916cd2Sjpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1545916cd2Sjpk * If applicable, add the following below this CDDL HEADER, with the 1645916cd2Sjpk * fields enclosed by brackets "[]" replaced with your own identifying 1745916cd2Sjpk * information: Portions Copyright [yyyy] [name of copyright owner] 1845916cd2Sjpk * 1945916cd2Sjpk * CDDL HEADER END 2045916cd2Sjpk */ 2145916cd2Sjpk /* 225f9878b0Sken Powell - Sun Microsystem * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2345916cd2Sjpk * Use is subject to license terms. 2445916cd2Sjpk */ 2545916cd2Sjpk 2645916cd2Sjpk #ifndef _SYS_TSOL_LABEL_H 2745916cd2Sjpk #define _SYS_TSOL_LABEL_H 2845916cd2Sjpk 2945916cd2Sjpk #include <sys/types.h> 3045916cd2Sjpk #ifdef _KERNEL 3145916cd2Sjpk #include <sys/cred.h> 3245916cd2Sjpk #include <sys/vnode.h> 3345916cd2Sjpk #include <sys/tsol/label_macro.h> 3445916cd2Sjpk #endif /* _KERNEL */ 3545916cd2Sjpk 3645916cd2Sjpk #ifdef __cplusplus 3745916cd2Sjpk extern "C" { 3845916cd2Sjpk #endif 3945916cd2Sjpk 4003986916Sjarrett /* 4103986916Sjarrett * types of label comparison 4203986916Sjarrett */ 4303986916Sjarrett #define EQUALITY_CHECK 0 4403986916Sjarrett #define DOMINANCE_CHECK 1 4503986916Sjarrett 46*4201a95eSRic Aleshire /* Manifest human readable label names */ 47*4201a95eSRic Aleshire #define ADMIN_LOW "ADMIN_LOW" 48*4201a95eSRic Aleshire #define ADMIN_HIGH "ADMIN_HIGH" 49*4201a95eSRic Aleshire 5045916cd2Sjpk /* Binary Label Structure Definitions */ 5145916cd2Sjpk 5245916cd2Sjpk typedef struct _mac_label_impl m_label_t; 5345916cd2Sjpk 5445916cd2Sjpk typedef m_label_t blevel_t, /* compatibility */ 5545916cd2Sjpk bslabel_t, /* Sensitivity Label */ 5645916cd2Sjpk bclear_t; /* Clearance */ 5745916cd2Sjpk 5845916cd2Sjpk typedef struct _tsol_binary_level_lrange { /* Level Range */ 5945916cd2Sjpk m_label_t *lower_bound; 6045916cd2Sjpk m_label_t *upper_bound; 6145916cd2Sjpk } m_range_t; 6245916cd2Sjpk 6345916cd2Sjpk typedef m_range_t blrange_t; 6445916cd2Sjpk 6545916cd2Sjpk typedef struct tsol_mlp_s { 6645916cd2Sjpk uchar_t mlp_ipp; 6745916cd2Sjpk uint16_t mlp_port; 6845916cd2Sjpk uint16_t mlp_port_upper; 6945916cd2Sjpk } tsol_mlp_t; 7045916cd2Sjpk 7145916cd2Sjpk /* Procedure Interface Definitions available to user and kernel */ 7245916cd2Sjpk 7345916cd2Sjpk extern int bltype(const void *, uint8_t); 7445916cd2Sjpk extern int blequal(const m_label_t *, const m_label_t *); 7545916cd2Sjpk extern int bldominates(const m_label_t *, const m_label_t *); 7645916cd2Sjpk extern int blstrictdom(const m_label_t *, const m_label_t *); 7745916cd2Sjpk extern int blinrange(const m_label_t *, const m_range_t *); 7845916cd2Sjpk extern void blmaximum(m_label_t *, const m_label_t *); 7945916cd2Sjpk extern void blminimum(m_label_t *, const m_label_t *); 8045916cd2Sjpk extern void bsllow(m_label_t *); 8145916cd2Sjpk extern void bslhigh(m_label_t *); 8245916cd2Sjpk extern void bclearlow(m_label_t *); 8345916cd2Sjpk extern void bclearhigh(m_label_t *); 8445916cd2Sjpk extern void bslundef(m_label_t *); 8545916cd2Sjpk extern void bclearundef(m_label_t *); 8645916cd2Sjpk extern void setbltype(void *, uint8_t); 8745916cd2Sjpk extern boolean_t bisinvalid(const void *); 8845916cd2Sjpk 8945916cd2Sjpk #ifdef _KERNEL 9045916cd2Sjpk typedef struct tsol_mlp_entry_s { 9145916cd2Sjpk struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev; 9245916cd2Sjpk zoneid_t mlpe_zoneid; 9345916cd2Sjpk tsol_mlp_t mlpe_mlp; 9445916cd2Sjpk } tsol_mlp_entry_t; 9545916cd2Sjpk 9645916cd2Sjpk typedef struct tsol_mlp_list_s { 9745916cd2Sjpk krwlock_t mlpl_rwlock; 9845916cd2Sjpk tsol_mlp_entry_t *mlpl_first, *mlpl_last; 9945916cd2Sjpk } tsol_mlp_list_t; 10045916cd2Sjpk 10145916cd2Sjpk typedef struct ts_label_s { 10245916cd2Sjpk uint_t tsl_ref; /* Reference count */ 10345916cd2Sjpk uint32_t tsl_doi; /* Domain of Interpretation */ 10445916cd2Sjpk uint32_t tsl_flags; /* TSLF_* below */ 10545916cd2Sjpk m_label_t tsl_label; /* Actual label */ 10645916cd2Sjpk } ts_label_t; 10745916cd2Sjpk 10845916cd2Sjpk #define DEFAULT_DOI 1 10945916cd2Sjpk 1105d3b8cb7SBill Sommerfeld /* 1115d3b8cb7SBill Sommerfeld * TSLF_UNLABELED is set in tsl_flags for packets with no explicit label 1125d3b8cb7SBill Sommerfeld * when the peer is unlabeled. 1135d3b8cb7SBill Sommerfeld * 1145d3b8cb7SBill Sommerfeld * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label 1155d3b8cb7SBill Sommerfeld * from a peer which is flagged in the tnrhdb as label-aware. 1165d3b8cb7SBill Sommerfeld * 1175d3b8cb7SBill Sommerfeld * TSLF_IMPLICIT_OUT is set when the packet should be sent without an 1185d3b8cb7SBill Sommerfeld * explict label even if the peer or next-hop router is flagged in the 1195d3b8cb7SBill Sommerfeld * tnrhdb as label-aware. 1205d3b8cb7SBill Sommerfeld */ 1215d3b8cb7SBill Sommerfeld 1225d3b8cb7SBill Sommerfeld #define TSLF_UNLABELED 0x00000001 /* peer is unlabeled */ 1235d3b8cb7SBill Sommerfeld #define TSLF_IMPLICIT_IN 0x00000002 /* inbound implicit */ 1245d3b8cb7SBill Sommerfeld #define TSLF_IMPLICIT_OUT 0x00000004 /* outbound implicit */ 12545916cd2Sjpk 12645916cd2Sjpk #define CR_SL(cr) (label2bslabel(crgetlabel(cr))) 12745916cd2Sjpk 12845916cd2Sjpk extern ts_label_t *l_admin_low; 12945916cd2Sjpk extern ts_label_t *l_admin_high; 13045916cd2Sjpk extern uint32_t default_doi; 13145916cd2Sjpk extern int sys_labeling; 13245916cd2Sjpk 13345916cd2Sjpk extern void label_init(void); 13445916cd2Sjpk extern ts_label_t *labelalloc(const m_label_t *, uint32_t, int); 1355f9878b0Sken Powell - Sun Microsystem extern ts_label_t *labeldup(const ts_label_t *, int); 13645916cd2Sjpk extern void label_hold(ts_label_t *); 13745916cd2Sjpk extern void label_rele(ts_label_t *); 13845916cd2Sjpk extern m_label_t *label2bslabel(ts_label_t *); 13945916cd2Sjpk extern uint32_t label2doi(ts_label_t *); 14045916cd2Sjpk extern boolean_t label_equal(const ts_label_t *, const ts_label_t *); 14145916cd2Sjpk extern cred_t *newcred_from_bslabel(m_label_t *, uint32_t, int); 1425f9878b0Sken Powell - Sun Microsystem extern cred_t *copycred_from_bslabel(const cred_t *, m_label_t *, 14345916cd2Sjpk uint32_t, int); 1445f9878b0Sken Powell - Sun Microsystem extern cred_t *copycred_from_tslabel(const cred_t *, ts_label_t *, 1455f9878b0Sken Powell - Sun Microsystem int); 14645916cd2Sjpk extern ts_label_t *getflabel(vnode_t *); 14745916cd2Sjpk extern int getlabel(const char *, m_label_t *); 14845916cd2Sjpk extern int fgetlabel(int, m_label_t *); 14945916cd2Sjpk extern int _blinrange(const m_label_t *, const brange_t *); 15045916cd2Sjpk extern int blinlset(const m_label_t *, const blset_t); 15145916cd2Sjpk 152*4201a95eSRic Aleshire extern int l_to_str_internal(const m_label_t *, char **); 153*4201a95eSRic Aleshire extern int hexstr_to_label(const char *, m_label_t *); 154*4201a95eSRic Aleshire 15545916cd2Sjpk /* 15645916cd2Sjpk * The use of '!!' here prevents users from referencing this function-like 15745916cd2Sjpk * macro as though it were an l-value, and in normal use is optimized away 15845916cd2Sjpk * by the compiler. 15945916cd2Sjpk */ 16045916cd2Sjpk #define is_system_labeled() (!!(sys_labeling > 0)) 16145916cd2Sjpk 16245916cd2Sjpk #endif /* _KERNEL */ 16345916cd2Sjpk 16445916cd2Sjpk #ifdef __cplusplus 16545916cd2Sjpk } 16645916cd2Sjpk #endif 16745916cd2Sjpk 16845916cd2Sjpk #endif /* !_SYS_TSOL_LABEL_H */ 169