xref: /onnv-gate/usr/src/lib/libtsol/common/label.h (revision 10972:807794d41b3a) 
11676Sjpk /*
21676Sjpk  * CDDL HEADER START
31676Sjpk  *
41676Sjpk  * The contents of this file are subject to the terms of the
51676Sjpk  * Common Development and Distribution License (the "License").
61676Sjpk  * You may not use this file except in compliance with the License.
71676Sjpk  *
81676Sjpk  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
91676Sjpk  * or http://www.opensolaris.org/os/licensing.
101676Sjpk  * See the License for the specific language governing permissions
111676Sjpk  * and limitations under the License.
121676Sjpk  *
131676Sjpk  * When distributing Covered Code, include this CDDL HEADER in each
141676Sjpk  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
151676Sjpk  * If applicable, add the following below this CDDL HEADER, with the
161676Sjpk  * fields enclosed by brackets "[]" replaced with your own identifying
171676Sjpk  * information: Portions Copyright [yyyy] [name of copyright owner]
181676Sjpk  *
191676Sjpk  * CDDL HEADER END
201676Sjpk  */
211676Sjpk /*
229112STon.Nguyen@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
231676Sjpk  * Use is subject to license terms.
241676Sjpk  */
251676Sjpk 
261676Sjpk #ifndef	_TSOL_LABEL_H
271676Sjpk #define	_TSOL_LABEL_H
281676Sjpk 
299112STon.Nguyen@Sun.COM #include <sys/types32.h>
301676Sjpk #include <sys/tsol/label.h>
311676Sjpk #include <priv.h>
321676Sjpk 
331676Sjpk #ifdef	__cplusplus
341676Sjpk extern "C" {
351676Sjpk #endif
361676Sjpk 
371676Sjpk /* Procedural Interface Structure Definitions */
381676Sjpk 
391676Sjpk struct	label_info {		/* structure returned by label_info */
401676Sjpk 	short	ilabel_len;		/* max Information Label length */
411676Sjpk 	short	slabel_len;		/* max Sensitivity Label length */
421676Sjpk 	short	clabel_len;		/* max CMW Label length */
431676Sjpk 	short	clear_len;		/* max Clearance Label length */
441676Sjpk 	short	vers_len;		/* version string length */
451676Sjpk 	short	header_len;		/* max len of banner page header */
461676Sjpk 	short	protect_as_len;		/* max len of banner page protect as */
471676Sjpk 	short	caveats_len;		/* max len of banner page caveats */
481676Sjpk 	short	channels_len;		/* max len of banner page channels */
491676Sjpk };
501676Sjpk 
511676Sjpk typedef struct label_set_identifier {	/* valid label set identifier */
521676Sjpk 	int	type;			/* type of the set */
531676Sjpk 	char	*name;			/* name of the set if needed */
541676Sjpk } set_id;
551676Sjpk 
561676Sjpk struct name_fields {		/* names for label builder fields */
571676Sjpk 	char	*class_name;		/* Classifications field name */
581676Sjpk 	char	*comps_name;		/* Compartments field name */
591676Sjpk 	char	*marks_name;		/* Markings field name */
601676Sjpk };
611676Sjpk 
621676Sjpk /* Label Set Identifier Types */
631676Sjpk 
641676Sjpk /*
651676Sjpk  * The accreditation ranges as specified in the label encodings file.
661676Sjpk  * The name parameter is ignored.
671676Sjpk  *
681676Sjpk  * System Accreditation Range is all valid labels plus Admin High and Low.
691676Sjpk  *
701676Sjpk  * User Accreditation Range is valid user labels as defined in the
711676Sjpk  *	ACCREDITATION RANGE: section of the label encodings file.
721676Sjpk  */
731676Sjpk 
741676Sjpk #define	SYSTEM_ACCREDITATION_RANGE	1
751676Sjpk #define	USER_ACCREDITATION_RANGE	2
761676Sjpk 
771676Sjpk 
781676Sjpk /* System Call Interface Definitions */
791676Sjpk 
801676Sjpk extern int getlabel(const char *, m_label_t *);
811676Sjpk extern int fgetlabel(int, m_label_t *);
821676Sjpk 
831676Sjpk extern int getplabel(m_label_t *);
841676Sjpk extern int setflabel(const char *, m_label_t *);
851676Sjpk extern char *getpathbylabel(const char *, char *, size_t,
861676Sjpk     const m_label_t *sl);
871676Sjpk extern m_label_t *getzonelabelbyid(zoneid_t);
881676Sjpk extern m_label_t *getzonelabelbyname(const char *);
891676Sjpk extern zoneid_t getzoneidbylabel(const m_label_t *);
901676Sjpk extern char *getzonenamebylabel(const m_label_t *);
911676Sjpk extern char *getzonerootbyid(zoneid_t);
921676Sjpk extern char *getzonerootbyname(const char *);
931676Sjpk extern char *getzonerootbylabel(const m_label_t *);
941676Sjpk extern m_label_t *getlabelbypath(const char *);
951676Sjpk 
961676Sjpk 
971676Sjpk /* Flag word values */
981676Sjpk 
991676Sjpk #define	ALL_ENTRIES		0x00000000
1001676Sjpk #define	ACCESS_RELATED		0x00000001
1011676Sjpk #define	ACCESS_MASK		0x0000FFFF
1021676Sjpk #define	ACCESS_SHIFT		0
1031676Sjpk 
1041676Sjpk #define	LONG_WORDS		0x00010000	/* use long names */
1051676Sjpk #define	SHORT_WORDS		0x00020000	/* use short names if present */
1061676Sjpk #define	LONG_CLASSIFICATION	0x00040000	/* use long classification */
1071676Sjpk #define	SHORT_CLASSIFICATION	0x00080000	/* use short classification */
1081676Sjpk #define	NO_CLASSIFICATION	0x00100000	/* don't translate the class */
1091676Sjpk #define	VIEW_INTERNAL		0x00200000	/* don't promote/demote */
1101676Sjpk #define	VIEW_EXTERNAL		0x00400000	/* promote/demote label */
1111676Sjpk 
1121676Sjpk #define	NEW_LABEL		0x00000001	/* create a full new label */
1131676Sjpk #define	NO_CORRECTION		0x00000002	/* don't correct label errors */
1141676Sjpk 						/* implies NEW_LABEL */
1151676Sjpk 
1161676Sjpk #define	CVT_DIM			0x01		/* display word dimmed */
1171676Sjpk #define	CVT_SET			0x02		/* display word currently set */
1181676Sjpk 
1191676Sjpk /* Procedure Interface Definitions available to user */
1201676Sjpk 
1211676Sjpk /* APIs shared with the kernel are in <sys/tsol/label.h */
1221676Sjpk 
1231676Sjpk extern m_label_t *blabel_alloc(void);
1241676Sjpk extern void	blabel_free(m_label_t *);
1259112STon.Nguyen@Sun.COM extern size32_t blabel_size(void);
1261676Sjpk extern char	*bsltoh(const m_label_t *);
1271676Sjpk extern char	*bcleartoh(const m_label_t *);
1281676Sjpk 
1291676Sjpk extern char	*bsltoh_r(const m_label_t *, char *);
1301676Sjpk extern char	*bcleartoh_r(const m_label_t *, char *);
1311676Sjpk extern char	*h_alloc(uint8_t);
1321676Sjpk extern void	h_free(char *);
1331676Sjpk 
1341676Sjpk extern int	htobsl(const char *, m_label_t *);
1351676Sjpk extern int	htobclear(const char *, m_label_t *);
1361676Sjpk 
1371676Sjpk extern m_range_t	*getuserrange(const char *);
1381676Sjpk extern m_range_t	*getdevicerange(const char *);
1391676Sjpk 
1401676Sjpk extern int	set_effective_priv(priv_op_t, int, ...);
1411676Sjpk extern int	set_inheritable_priv(priv_op_t, int, ...);
1421676Sjpk extern int	set_permitted_priv(priv_op_t, int, ...);
1431676Sjpk extern int	is_system_labeled(void);
1441676Sjpk 
1451676Sjpk /* Procedures needed for multi-level printing */
1461676Sjpk 
1471676Sjpk extern int	tsol_check_admin_auth(uid_t uid);
1481676Sjpk 
1491676Sjpk /* APIs implemented via labeld */
1501676Sjpk 
1511676Sjpk extern int	blinset(const m_label_t *, const set_id *);
1521676Sjpk extern int	labelinfo(struct label_info *);
1531676Sjpk extern ssize_t	labelvers(char **, size_t);
1541676Sjpk extern char	*bltocolor(const m_label_t *);
1551676Sjpk extern char	*bltocolor_r(const m_label_t *, size_t, char *);
1561676Sjpk 
1571676Sjpk extern ssize_t	bsltos(const m_label_t *, char **, size_t, int);
1581676Sjpk extern ssize_t	bcleartos(const m_label_t *, char **, size_t, int);
1591676Sjpk 
1601676Sjpk 
1611676Sjpk extern char	*sbsltos(const m_label_t *, size_t);
1621676Sjpk extern char	*sbcleartos(const m_label_t *, size_t);
1631676Sjpk 
1641676Sjpk 
1651676Sjpk extern int	stobsl(const char *, m_label_t *, int, int *);
1661676Sjpk extern int	stobclear(const char *, m_label_t *, int, int *);
1671676Sjpk extern int	bslvalid(const m_label_t *);
1681676Sjpk extern int	bclearvalid(const m_label_t *);
1691676Sjpk 
1701676Sjpk /* DIA label conversion and parsing */
1711676Sjpk 
1721676Sjpk /* Conversion types */
1731676Sjpk 
1741676Sjpk typedef	enum _m_label_str {
1751676Sjpk 	M_LABEL = 1,		/* process or user clearance */
1761676Sjpk 	M_INTERNAL = 2,		/* internal form for use in public databases */
1771676Sjpk 	M_COLOR = 3,		/* process label color */
1781676Sjpk 	PRINTER_TOP_BOTTOM = 4,	/* DIA banner page top/bottom */
1791676Sjpk 	PRINTER_LABEL = 5,	/* DIA banner page label */
1801676Sjpk 	PRINTER_CAVEATS = 6,	/* DIA banner page caveats */
1811676Sjpk 	PRINTER_CHANNELS = 7	/* DIA banner page handling channels */
1821676Sjpk } m_label_str_t;
1831676Sjpk 
1841676Sjpk /* Flags for conversion, not all flags apply to all types */
1851676Sjpk #define	DEF_NAMES	0x1
1861676Sjpk #define	SHORT_NAMES	0x3	/* short names are prefered where defined */
1871676Sjpk #define	LONG_NAMES	0x4	/* long names are prefered where defined */
1881676Sjpk 
1891676Sjpk extern int label_to_str(const m_label_t *, char **, const m_label_str_t,
1901676Sjpk     uint_t);
191*10972SRic.Aleshire@Sun.COM extern int l_to_str_internal(const m_label_t *, char **);
1921676Sjpk 
1931676Sjpk /* Parsing types */
1941676Sjpk typedef enum _m_label_type {
1951676Sjpk 	MAC_LABEL = 1,		/* process or object label */
1961676Sjpk 	USER_CLEAR = 2		/* user's clearance (LUB) */
1971676Sjpk } m_label_type_t;
1981676Sjpk 
1991676Sjpk /* Flags for parsing */
2001676Sjpk 
2011676Sjpk #define	L_DEFAULT		0x0
2021676Sjpk #define	L_MODIFY_EXISTING	0x1	/* start parsing with existing label */
2031676Sjpk #define	L_NO_CORRECTION		0x2	/* must be correct by l_e rules */
2049848Sgww@eng.sun.com #define	L_CHECK_AR		0x10	/* must be in l_e AR */
2051676Sjpk 
2061676Sjpk /* EINVAL sub codes */
2071676Sjpk 
2089848Sgww@eng.sun.com #define	M_OUTSIDE_AR		-4	/* not in l_e AR */
2091676Sjpk #define	M_BAD_STRING		-3	/* DIA L_BAD_LABEL */
2101676Sjpk 	/* bad requested label type, bad previous label type */
2111676Sjpk #define	M_BAD_LABEL		-2	/* DIA L_BAD_CLASSIFICATION, */
2121676Sjpk 
2131676Sjpk extern int str_to_label(const char *, m_label_t **, const m_label_type_t,
2141676Sjpk     uint_t, int *);
215*10972SRic.Aleshire@Sun.COM extern int hexstr_to_label(const char *, m_label_t *);
2161676Sjpk 
2171676Sjpk extern m_label_t *m_label_alloc(const m_label_type_t);
2181676Sjpk 
2191676Sjpk extern int m_label_dup(m_label_t **, const m_label_t *);
2201676Sjpk 
2211676Sjpk extern void m_label_free(m_label_t *);
2221676Sjpk 
2231676Sjpk /* Contract Private interfaces with the label builder GUIs */
2241676Sjpk 
2251676Sjpk extern int	bslcvtfull(const m_label_t *, const m_range_t *, int,
2261676Sjpk     char **, char **[], char **[], char *[], int *, int *);
2271676Sjpk extern int	bslcvt(const m_label_t *, int, char **, char *[]);
2281676Sjpk extern int	bclearcvtfull(const m_label_t *, const m_range_t *, int,
2291676Sjpk     char **, char **[], char **[], char *[], int *, int *);
2301676Sjpk extern int	bclearcvt(const m_label_t *, int, char **, char *[]);
2311676Sjpk 
2321676Sjpk extern int	labelfields(struct name_fields *);
2331676Sjpk extern int	userdefs(m_label_t *, m_label_t *);
2341676Sjpk extern int	zonecopy(m_label_t *, char *, char *, char *, int);
2351676Sjpk 
2362621Sllai1 #ifdef DEBUG
2372621Sllai1 /* testing hook: see devfsadm.c, mkdevalloc.c and allocate.c */
2382621Sllai1 #define	is_system_labeled_debug(statbufp)	\
2392621Sllai1 	((stat("/ALLOCATE_FORCE_LABEL", (statbufp)) == 0) ? 1 : 0)
2402621Sllai1 #else	/* DEBUG */
2412621Sllai1 #define	is_system_labeled_debug(statbufp)	0
2422621Sllai1 #endif	/* DEBUG */
2432621Sllai1 
2441676Sjpk #ifdef	__cplusplus
2451676Sjpk }
2461676Sjpk #endif
2471676Sjpk 
2481676Sjpk #endif	/* !_TSOL_LABEL_H */
249