• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3 /*
4  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
5  *
6  *	Support for enhanced MLS infrastructure.
7  *
8  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
9  *
10  *  This library is free software; you can redistribute it and/or
11  *  modify it under the terms of the GNU Lesser General Public
12  *  License as published by the Free Software Foundation; either
13  *  version 2.1 of the License, or (at your option) any later version.
14  *
15  *  This library is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
18  *  Lesser General Public License for more details.
19  *
20  *  You should have received a copy of the GNU Lesser General Public
21  *  License along with this library; if not, write to the Free Software
22  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
23  */
24 
25 /* FLASK */
26 
27 /*
28  * Type definitions for the multi-level security (MLS) policy.
29  */
30 
31 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
32 #define _SEPOL_POLICYDB_MLS_TYPES_H_
33 
34 #include <stdint.h>
35 #include <stdlib.h>
36 #include <sepol/policydb/ebitmap.h>
37 #include <sepol/policydb/flask_types.h>
38 
39 typedef struct mls_level {
40 	uint32_t sens;		/* sensitivity */
41 	ebitmap_t cat;		/* category set */
42 } mls_level_t;
43 
44 typedef struct mls_range {
45 	mls_level_t level[2];	/* low == level[0], high == level[1] */
46 } mls_range_t;
47 
mls_level_cpy(struct mls_level * dst,struct mls_level * src)48 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
49 {
50 
51 	dst->sens = src->sens;
52 	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
53 		return -1;
54 	return 0;
55 }
56 
mls_level_init(struct mls_level * level)57 static inline void mls_level_init(struct mls_level *level)
58 {
59 
60 	memset(level, 0, sizeof(mls_level_t));
61 }
62 
mls_level_destroy(struct mls_level * level)63 static inline void mls_level_destroy(struct mls_level *level)
64 {
65 
66 	if (level == NULL)
67 		return;
68 
69 	ebitmap_destroy(&level->cat);
70 	mls_level_init(level);
71 }
72 
mls_level_eq(const struct mls_level * l1,const struct mls_level * l2)73 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
74 {
75 	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
76 }
77 
mls_level_dom(const struct mls_level * l1,const struct mls_level * l2)78 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
79 {
80 	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
81 }
82 
83 #define mls_level_incomp(l1, l2) \
84 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
85 
86 #define mls_level_between(l1, l2, l3) \
87 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
88 
89 #define mls_range_contains(r1, r2) \
90 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
91  mls_level_dom(&(r1).level[1], &(r2).level[1]))
92 
mls_range_cpy(mls_range_t * dst,mls_range_t * src)93 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
94 {
95 
96 	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
97 		goto err;
98 
99 	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
100 		goto err_destroy;
101 
102 	return 0;
103 
104       err_destroy:
105 	mls_level_destroy(&dst->level[0]);
106 
107       err:
108 	return -1;
109 }
110 
mls_range_init(struct mls_range * r)111 static inline void mls_range_init(struct mls_range *r)
112 {
113 	mls_level_init(&r->level[0]);
114 	mls_level_init(&r->level[1]);
115 }
116 
mls_range_destroy(struct mls_range * r)117 static inline void mls_range_destroy(struct mls_range *r)
118 {
119 	mls_level_destroy(&r->level[0]);
120 	mls_level_destroy(&r->level[1]);
121 }
122 
mls_range_eq(struct mls_range * r1,struct mls_range * r2)123 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
124 {
125 	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
126 	        mls_level_eq(&r1->level[1], &r2->level[1]));
127 }
128 
129 typedef struct mls_semantic_cat {
130 	uint32_t low;	/* first bit this struct represents */
131 	uint32_t high;	/* last bit represented - equals low for a single cat */
132 	struct mls_semantic_cat *next;
133 } mls_semantic_cat_t;
134 
135 typedef struct mls_semantic_level {
136 	uint32_t sens;
137 	mls_semantic_cat_t *cat;
138 } mls_semantic_level_t;
139 
140 typedef struct mls_semantic_range {
141 	mls_semantic_level_t level[2];
142 } mls_semantic_range_t;
143 
144 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
145 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
146 extern void mls_semantic_level_init(mls_semantic_level_t *l);
147 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
148 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
149 extern void mls_semantic_range_init(mls_semantic_range_t *r);
150 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
151 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
152 
153 #endif
154