xref: /onnv-gate/usr/src/uts/common/sys/tsol/label.h (revision 10972:807794d41b3a) 
11676Sjpk /*
21676Sjpk  * CDDL HEADER START
31676Sjpk  *
41676Sjpk  * The contents of this file are subject to the terms of the
51676Sjpk  * Common Development and Distribution License (the "License").
61676Sjpk  * You may not use this file except in compliance with the License.
71676Sjpk  *
81676Sjpk  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
91676Sjpk  * or http://www.opensolaris.org/os/licensing.
101676Sjpk  * See the License for the specific language governing permissions
111676Sjpk  * and limitations under the License.
121676Sjpk  *
131676Sjpk  * When distributing Covered Code, include this CDDL HEADER in each
141676Sjpk  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
151676Sjpk  * If applicable, add the following below this CDDL HEADER, with the
161676Sjpk  * fields enclosed by brackets "[]" replaced with your own identifying
171676Sjpk  * information: Portions Copyright [yyyy] [name of copyright owner]
181676Sjpk  *
191676Sjpk  * CDDL HEADER END
201676Sjpk  */
211676Sjpk /*
229710SKen.Powell@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
231676Sjpk  * Use is subject to license terms.
241676Sjpk  */
251676Sjpk 
261676Sjpk #ifndef	_SYS_TSOL_LABEL_H
271676Sjpk #define	_SYS_TSOL_LABEL_H
281676Sjpk 
291676Sjpk #include <sys/types.h>
301676Sjpk #ifdef _KERNEL
311676Sjpk #include <sys/cred.h>
321676Sjpk #include <sys/vnode.h>
331676Sjpk #include <sys/tsol/label_macro.h>
341676Sjpk #endif /* _KERNEL */
351676Sjpk 
361676Sjpk #ifdef	__cplusplus
371676Sjpk extern "C" {
381676Sjpk #endif
391676Sjpk 
404971Sjarrett /*
414971Sjarrett  * types of label comparison
424971Sjarrett  */
434971Sjarrett #define	EQUALITY_CHECK	0
444971Sjarrett #define	DOMINANCE_CHECK	1
454971Sjarrett 
46*10972SRic.Aleshire@Sun.COM /* Manifest human readable label names */
47*10972SRic.Aleshire@Sun.COM #define	ADMIN_LOW	"ADMIN_LOW"
48*10972SRic.Aleshire@Sun.COM #define	ADMIN_HIGH	"ADMIN_HIGH"
49*10972SRic.Aleshire@Sun.COM 
501676Sjpk /* Binary Label Structure Definitions */
511676Sjpk 
521676Sjpk typedef	struct _mac_label_impl	m_label_t;
531676Sjpk 
541676Sjpk typedef m_label_t	blevel_t,		/* compatibility */
551676Sjpk 			bslabel_t,		/* Sensitivity Label */
561676Sjpk 			bclear_t;		/* Clearance */
571676Sjpk 
581676Sjpk typedef struct _tsol_binary_level_lrange {	/* Level Range */
591676Sjpk 	m_label_t *lower_bound;
601676Sjpk 	m_label_t *upper_bound;
611676Sjpk } m_range_t;
621676Sjpk 
631676Sjpk typedef	m_range_t	blrange_t;
641676Sjpk 
651676Sjpk typedef struct tsol_mlp_s {
661676Sjpk 	uchar_t mlp_ipp;
671676Sjpk 	uint16_t mlp_port;
681676Sjpk 	uint16_t mlp_port_upper;
691676Sjpk } tsol_mlp_t;
701676Sjpk 
711676Sjpk /* Procedure Interface Definitions available to user and kernel */
721676Sjpk 
731676Sjpk extern int	bltype(const void *, uint8_t);
741676Sjpk extern int	blequal(const m_label_t *, const m_label_t *);
751676Sjpk extern int	bldominates(const m_label_t *, const m_label_t *);
761676Sjpk extern int	blstrictdom(const m_label_t *, const m_label_t *);
771676Sjpk extern int	blinrange(const m_label_t *, const m_range_t *);
781676Sjpk extern void	blmaximum(m_label_t *, const m_label_t *);
791676Sjpk extern void	blminimum(m_label_t *, const m_label_t *);
801676Sjpk extern void	bsllow(m_label_t *);
811676Sjpk extern void	bslhigh(m_label_t *);
821676Sjpk extern void	bclearlow(m_label_t *);
831676Sjpk extern void	bclearhigh(m_label_t *);
841676Sjpk extern void	bslundef(m_label_t *);
851676Sjpk extern void	bclearundef(m_label_t *);
861676Sjpk extern void	setbltype(void *, uint8_t);
871676Sjpk extern boolean_t	bisinvalid(const void *);
881676Sjpk 
891676Sjpk #ifdef	_KERNEL
901676Sjpk typedef struct tsol_mlp_entry_s {
911676Sjpk 	struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
921676Sjpk 	zoneid_t mlpe_zoneid;
931676Sjpk 	tsol_mlp_t mlpe_mlp;
941676Sjpk } tsol_mlp_entry_t;
951676Sjpk 
961676Sjpk typedef struct tsol_mlp_list_s {
971676Sjpk 	krwlock_t mlpl_rwlock;
981676Sjpk 	tsol_mlp_entry_t *mlpl_first, *mlpl_last;
991676Sjpk } tsol_mlp_list_t;
1001676Sjpk 
1011676Sjpk typedef	struct ts_label_s {
1021676Sjpk 	uint_t		tsl_ref;	/* Reference count */
1031676Sjpk 	uint32_t	tsl_doi;	/* Domain of Interpretation */
1041676Sjpk 	uint32_t	tsl_flags;	/* TSLF_* below */
1051676Sjpk 	m_label_t	tsl_label;	/* Actual label */
1061676Sjpk } ts_label_t;
1071676Sjpk 
1081676Sjpk #define	DEFAULT_DOI 1
1091676Sjpk 
11010934Ssommerfeld@sun.com /*
11110934Ssommerfeld@sun.com  * TSLF_UNLABELED is set in tsl_flags for  packets with no explicit label
11210934Ssommerfeld@sun.com  * when the peer is unlabeled.
11310934Ssommerfeld@sun.com  *
11410934Ssommerfeld@sun.com  * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
11510934Ssommerfeld@sun.com  * from a peer which is flagged in the tnrhdb as label-aware.
11610934Ssommerfeld@sun.com  *
11710934Ssommerfeld@sun.com  * TSLF_IMPLICIT_OUT is set when the packet should be sent without an
11810934Ssommerfeld@sun.com  * explict label even if the peer or next-hop router is flagged in the
11910934Ssommerfeld@sun.com  * tnrhdb as label-aware.
12010934Ssommerfeld@sun.com  */
12110934Ssommerfeld@sun.com 
12210934Ssommerfeld@sun.com #define	TSLF_UNLABELED		0x00000001	/* peer is unlabeled */
12310934Ssommerfeld@sun.com #define	TSLF_IMPLICIT_IN	0x00000002	/* inbound implicit */
12410934Ssommerfeld@sun.com #define	TSLF_IMPLICIT_OUT	0x00000004	/* outbound implicit */
1251676Sjpk 
1261676Sjpk #define	CR_SL(cr)	(label2bslabel(crgetlabel(cr)))
1271676Sjpk 
1281676Sjpk extern ts_label_t	*l_admin_low;
1291676Sjpk extern ts_label_t	*l_admin_high;
1301676Sjpk extern uint32_t		default_doi;
1311676Sjpk extern int		sys_labeling;
1321676Sjpk 
1331676Sjpk extern void		label_init(void);
1341676Sjpk extern ts_label_t	*labelalloc(const m_label_t *, uint32_t, int);
1359710SKen.Powell@Sun.COM extern ts_label_t	*labeldup(const ts_label_t *, int);
1361676Sjpk extern void		label_hold(ts_label_t *);
1371676Sjpk extern void		label_rele(ts_label_t *);
1381676Sjpk extern m_label_t	*label2bslabel(ts_label_t *);
1391676Sjpk extern uint32_t		label2doi(ts_label_t *);
1401676Sjpk extern boolean_t	label_equal(const ts_label_t *, const ts_label_t *);
1411676Sjpk extern cred_t 		*newcred_from_bslabel(m_label_t *, uint32_t, int);
1429710SKen.Powell@Sun.COM extern cred_t 		*copycred_from_bslabel(const cred_t *, m_label_t *,
1431676Sjpk 			    uint32_t, int);
1449710SKen.Powell@Sun.COM extern cred_t		*copycred_from_tslabel(const cred_t *, ts_label_t *,
1459710SKen.Powell@Sun.COM 			    int);
1461676Sjpk extern ts_label_t	*getflabel(vnode_t *);
1471676Sjpk extern int		getlabel(const char *, m_label_t *);
1481676Sjpk extern int		fgetlabel(int, m_label_t *);
1491676Sjpk extern int		_blinrange(const m_label_t *, const brange_t *);
1501676Sjpk extern int		blinlset(const m_label_t *, const blset_t);
1511676Sjpk 
152*10972SRic.Aleshire@Sun.COM extern int		l_to_str_internal(const m_label_t *, char **);
153*10972SRic.Aleshire@Sun.COM extern int		hexstr_to_label(const char *, m_label_t *);
154*10972SRic.Aleshire@Sun.COM 
1551676Sjpk /*
1561676Sjpk  * The use of '!!' here prevents users from referencing this function-like
1571676Sjpk  * macro as though it were an l-value, and in normal use is optimized away
1581676Sjpk  * by the compiler.
1591676Sjpk  */
1601676Sjpk #define	is_system_labeled()	(!!(sys_labeling > 0))
1611676Sjpk 
1621676Sjpk #endif	/* _KERNEL */
1631676Sjpk 
1641676Sjpk #ifdef	__cplusplus
1651676Sjpk }
1661676Sjpk #endif
1671676Sjpk 
1681676Sjpk #endif	/* !_SYS_TSOL_LABEL_H */
169