Lines Matching +full:sens +full:-
1 // SPDX-License-Identifier: GPL-2.0
3 * Implementation of the multi-level security (MLS) policy.
12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
15 * Updated: Hewlett-Packard <paul@paul-moore.com>
19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
43 if (!p->mls_enabled) in mls_compute_context_len()
48 int index_sens = context->range.level[l].sens; in mls_compute_context_len()
49 len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1)); in mls_compute_context_len()
52 head = -2; in mls_compute_context_len()
53 prev = -2; in mls_compute_context_len()
54 e = &context->range.level[l].cat; in mls_compute_context_len()
56 if (i - prev > 1) { in mls_compute_context_len()
73 if (mls_level_eq(&context->range.level[0], in mls_compute_context_len()
74 &context->range.level[1])) in mls_compute_context_len()
98 if (!p->mls_enabled) in mls_sid_to_context()
108 context->range.level[l].sens - 1)); in mls_sid_to_context()
112 head = -2; in mls_sid_to_context()
113 prev = -2; in mls_sid_to_context()
114 e = &context->range.level[l].cat; in mls_sid_to_context()
116 if (i - prev > 1) { in mls_sid_to_context()
119 if (prev - head > 1) in mls_sid_to_context()
140 if (prev - head > 1) in mls_sid_to_context()
150 if (mls_level_eq(&context->range.level[0], in mls_sid_to_context()
151 &context->range.level[1])) in mls_sid_to_context()
154 *scontextp++ = '-'; in mls_sid_to_context()
166 if (!l->sens || l->sens > p->p_levels.nprim) in mls_level_isvalid()
168 levdatum = hashtab_search(p->p_levels.table, in mls_level_isvalid()
169 sym_name(p, SYM_LEVELS, l->sens - 1)); in mls_level_isvalid()
174 * Return 1 iff all the bits set in l->cat are also be set in in mls_level_isvalid()
175 * levdatum->level->cat and no bit in l->cat is larger than in mls_level_isvalid()
176 * p->p_cats.nprim. in mls_level_isvalid()
178 return ebitmap_contains(&levdatum->level->cat, &l->cat, in mls_level_isvalid()
179 p->p_cats.nprim); in mls_level_isvalid()
184 return (mls_level_isvalid(p, &r->level[0]) && in mls_range_isvalid()
185 mls_level_isvalid(p, &r->level[1]) && in mls_range_isvalid()
186 mls_level_dom(&r->level[1], &r->level[0])); in mls_range_isvalid()
197 if (!p->mls_enabled) in mls_context_isvalid()
200 if (!mls_range_isvalid(p, &c->range)) in mls_context_isvalid()
203 if (c->role == OBJECT_R_VAL) in mls_context_isvalid()
209 if (!c->user || c->user > p->p_users.nprim) in mls_context_isvalid()
211 usrdatum = p->user_val_to_struct[c->user - 1]; in mls_context_isvalid()
212 if (!mls_range_contains(usrdatum->range, c->range)) in mls_context_isvalid()
233 * Policy read-lock must be held for sidtab lookup.
248 int l, rc = -EINVAL; in mls_context_to_sid()
250 if (!pol->mls_enabled) { in mls_context_to_sid()
276 while (*p && *p != ':' && *p != '-') in mls_context_to_sid()
284 levdatum = hashtab_search(pol->p_levels.table, scontextp); in mls_context_to_sid()
286 rc = -EINVAL; in mls_context_to_sid()
290 context->range.level[l].sens = levdatum->level->sens; in mls_context_to_sid()
296 while (*p && *p != ',' && *p != '-') in mls_context_to_sid()
309 catdatum = hashtab_search(pol->p_cats.table, in mls_context_to_sid()
312 rc = -EINVAL; in mls_context_to_sid()
316 rc = ebitmap_set_bit(&context->range.level[l].cat, in mls_context_to_sid()
317 catdatum->value - 1, 1); in mls_context_to_sid()
325 rngdatum = hashtab_search(pol->p_cats.table, rngptr); in mls_context_to_sid()
327 rc = -EINVAL; in mls_context_to_sid()
331 if (catdatum->value >= rngdatum->value) { in mls_context_to_sid()
332 rc = -EINVAL; in mls_context_to_sid()
336 for (i = catdatum->value; i < rngdatum->value; i++) { in mls_context_to_sid()
337 rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1); in mls_context_to_sid()
347 if (delim == '-') { in mls_context_to_sid()
361 context->range.level[1].sens = context->range.level[0].sens; in mls_context_to_sid()
362 rc = ebitmap_cpy(&context->range.level[1].cat, in mls_context_to_sid()
363 &context->range.level[0].cat); in mls_context_to_sid()
385 if (!p->mls_enabled) in mls_from_string()
386 return -EINVAL; in mls_from_string()
392 rc = -ENOMEM; in mls_from_string()
412 context->range.level[l].sens = range->level[l].sens; in mls_range_set()
413 rc = ebitmap_cpy(&context->range.level[l].cat, in mls_range_set()
414 &range->level[l].cat); in mls_range_set()
426 if (p->mls_enabled) { in mls_setup_user_range()
427 struct mls_level *fromcon_sen = &(fromcon->range.level[0]); in mls_setup_user_range()
428 struct mls_level *fromcon_clr = &(fromcon->range.level[1]); in mls_setup_user_range()
429 struct mls_level *user_low = &(user->range.level[0]); in mls_setup_user_range()
430 struct mls_level *user_clr = &(user->range.level[1]); in mls_setup_user_range()
431 struct mls_level *user_def = &(user->dfltlevel); in mls_setup_user_range()
432 struct mls_level *usercon_sen = &(usercon->range.level[0]); in mls_setup_user_range()
433 struct mls_level *usercon_clr = &(usercon->range.level[1]); in mls_setup_user_range()
443 return -EINVAL; in mls_setup_user_range()
455 return -EINVAL; in mls_setup_user_range()
476 if (!oldp->mls_enabled || !newp->mls_enabled) in mls_convert_context()
480 levdatum = hashtab_search(newp->p_levels.table, in mls_convert_context()
482 c->range.level[l].sens - 1)); in mls_convert_context()
485 return -EINVAL; in mls_convert_context()
486 c->range.level[l].sens = levdatum->level->sens; in mls_convert_context()
489 ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) { in mls_convert_context()
492 catdatum = hashtab_search(newp->p_cats.table, in mls_convert_context()
495 return -EINVAL; in mls_convert_context()
496 rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); in mls_convert_context()
502 ebitmap_destroy(&c->range.level[l].cat); in mls_convert_context()
503 c->range.level[l].cat = bitmap; in mls_convert_context()
522 if (!p->mls_enabled) in mls_compute_sid()
528 rtr.source_type = scontext->type; in mls_compute_sid()
529 rtr.target_type = tcontext->type; in mls_compute_sid()
531 r = hashtab_search(p->range_tr, &rtr); in mls_compute_sid()
535 if (tclass && tclass <= p->p_classes.nprim) { in mls_compute_sid()
536 cladatum = p->class_val_to_struct[tclass - 1]; in mls_compute_sid()
538 default_range = cladatum->default_range; in mls_compute_sid()
558 if ((tclass == p->process_class) || (sock == true)) in mls_compute_sid()
570 return -EINVAL; in mls_compute_sid()
575 * mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
588 if (!p->mls_enabled) in mls_export_netlbl_lvl()
591 secattr->attr.mls.lvl = context->range.level[0].sens - 1; in mls_export_netlbl_lvl()
592 secattr->flags |= NETLBL_SECATTR_MLS_LVL; in mls_export_netlbl_lvl()
596 * mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
609 if (!p->mls_enabled) in mls_import_netlbl_lvl()
612 context->range.level[0].sens = secattr->attr.mls.lvl + 1; in mls_import_netlbl_lvl()
613 context->range.level[1].sens = context->range.level[0].sens; in mls_import_netlbl_lvl()
617 * mls_export_netlbl_cat - Export the MLS categories to NetLabel
632 if (!p->mls_enabled) in mls_export_netlbl_cat()
635 rc = ebitmap_netlbl_export(&context->range.level[0].cat, in mls_export_netlbl_cat()
636 &secattr->attr.mls.cat); in mls_export_netlbl_cat()
637 if (rc == 0 && secattr->attr.mls.cat != NULL) in mls_export_netlbl_cat()
638 secattr->flags |= NETLBL_SECATTR_MLS_CAT; in mls_export_netlbl_cat()
644 * mls_import_netlbl_cat - Import the MLS categories from NetLabel
661 if (!p->mls_enabled) in mls_import_netlbl_cat()
664 rc = ebitmap_netlbl_import(&context->range.level[0].cat, in mls_import_netlbl_cat()
665 secattr->attr.mls.cat); in mls_import_netlbl_cat()
668 memcpy(&context->range.level[1].cat, &context->range.level[0].cat, in mls_import_netlbl_cat()
669 sizeof(context->range.level[0].cat)); in mls_import_netlbl_cat()
674 ebitmap_destroy(&context->range.level[0].cat); in mls_import_netlbl_cat()