xref: /onnv-gate/usr/src/uts/common/sys/tsol/label.h (revision 10934:e209937a4f19) 
11676Sjpk /*
21676Sjpk  * CDDL HEADER START
31676Sjpk  *
41676Sjpk  * The contents of this file are subject to the terms of the
51676Sjpk  * Common Development and Distribution License (the "License").
61676Sjpk  * You may not use this file except in compliance with the License.
71676Sjpk  *
81676Sjpk  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
91676Sjpk  * or http://www.opensolaris.org/os/licensing.
101676Sjpk  * See the License for the specific language governing permissions
111676Sjpk  * and limitations under the License.
121676Sjpk  *
131676Sjpk  * When distributing Covered Code, include this CDDL HEADER in each
141676Sjpk  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
151676Sjpk  * If applicable, add the following below this CDDL HEADER, with the
161676Sjpk  * fields enclosed by brackets "[]" replaced with your own identifying
171676Sjpk  * information: Portions Copyright [yyyy] [name of copyright owner]
181676Sjpk  *
191676Sjpk  * CDDL HEADER END
201676Sjpk  */
211676Sjpk /*
229710SKen.Powell@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
231676Sjpk  * Use is subject to license terms.
241676Sjpk  */
251676Sjpk 
261676Sjpk #ifndef	_SYS_TSOL_LABEL_H
271676Sjpk #define	_SYS_TSOL_LABEL_H
281676Sjpk 
291676Sjpk #include <sys/types.h>
301676Sjpk #ifdef _KERNEL
311676Sjpk #include <sys/cred.h>
321676Sjpk #include <sys/vnode.h>
331676Sjpk #include <sys/tsol/label_macro.h>
341676Sjpk #endif /* _KERNEL */
351676Sjpk 
361676Sjpk #ifdef	__cplusplus
371676Sjpk extern "C" {
381676Sjpk #endif
391676Sjpk 
404971Sjarrett /*
414971Sjarrett  * types of label comparison
424971Sjarrett  */
434971Sjarrett #define	EQUALITY_CHECK	0
444971Sjarrett #define	DOMINANCE_CHECK	1
454971Sjarrett 
461676Sjpk /* Binary Label Structure Definitions */
471676Sjpk 
481676Sjpk typedef	struct _mac_label_impl	m_label_t;
491676Sjpk 
501676Sjpk typedef m_label_t	blevel_t,		/* compatibility */
511676Sjpk 			bslabel_t,		/* Sensitivity Label */
521676Sjpk 			bclear_t;		/* Clearance */
531676Sjpk 
541676Sjpk typedef struct _tsol_binary_level_lrange {	/* Level Range */
551676Sjpk 	m_label_t *lower_bound;
561676Sjpk 	m_label_t *upper_bound;
571676Sjpk } m_range_t;
581676Sjpk 
591676Sjpk typedef	m_range_t	blrange_t;
601676Sjpk 
611676Sjpk typedef struct tsol_mlp_s {
621676Sjpk 	uchar_t mlp_ipp;
631676Sjpk 	uint16_t mlp_port;
641676Sjpk 	uint16_t mlp_port_upper;
651676Sjpk } tsol_mlp_t;
661676Sjpk 
671676Sjpk /* Procedure Interface Definitions available to user and kernel */
681676Sjpk 
691676Sjpk extern int	bltype(const void *, uint8_t);
701676Sjpk extern int	blequal(const m_label_t *, const m_label_t *);
711676Sjpk extern int	bldominates(const m_label_t *, const m_label_t *);
721676Sjpk extern int	blstrictdom(const m_label_t *, const m_label_t *);
731676Sjpk extern int	blinrange(const m_label_t *, const m_range_t *);
741676Sjpk extern void	blmaximum(m_label_t *, const m_label_t *);
751676Sjpk extern void	blminimum(m_label_t *, const m_label_t *);
761676Sjpk extern void	bsllow(m_label_t *);
771676Sjpk extern void	bslhigh(m_label_t *);
781676Sjpk extern void	bclearlow(m_label_t *);
791676Sjpk extern void	bclearhigh(m_label_t *);
801676Sjpk extern void	bslundef(m_label_t *);
811676Sjpk extern void	bclearundef(m_label_t *);
821676Sjpk extern void	setbltype(void *, uint8_t);
831676Sjpk extern boolean_t	bisinvalid(const void *);
841676Sjpk 
851676Sjpk #ifdef	_KERNEL
861676Sjpk typedef struct tsol_mlp_entry_s {
871676Sjpk 	struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
881676Sjpk 	zoneid_t mlpe_zoneid;
891676Sjpk 	tsol_mlp_t mlpe_mlp;
901676Sjpk } tsol_mlp_entry_t;
911676Sjpk 
921676Sjpk typedef struct tsol_mlp_list_s {
931676Sjpk 	krwlock_t mlpl_rwlock;
941676Sjpk 	tsol_mlp_entry_t *mlpl_first, *mlpl_last;
951676Sjpk } tsol_mlp_list_t;
961676Sjpk 
971676Sjpk typedef	struct ts_label_s {
981676Sjpk 	uint_t		tsl_ref;	/* Reference count */
991676Sjpk 	uint32_t	tsl_doi;	/* Domain of Interpretation */
1001676Sjpk 	uint32_t	tsl_flags;	/* TSLF_* below */
1011676Sjpk 	m_label_t	tsl_label;	/* Actual label */
1021676Sjpk } ts_label_t;
1031676Sjpk 
1041676Sjpk #define	DEFAULT_DOI 1
1051676Sjpk 
106*10934Ssommerfeld@sun.com /*
107*10934Ssommerfeld@sun.com  * TSLF_UNLABELED is set in tsl_flags for  packets with no explicit label
108*10934Ssommerfeld@sun.com  * when the peer is unlabeled.
109*10934Ssommerfeld@sun.com  *
110*10934Ssommerfeld@sun.com  * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
111*10934Ssommerfeld@sun.com  * from a peer which is flagged in the tnrhdb as label-aware.
112*10934Ssommerfeld@sun.com  *
113*10934Ssommerfeld@sun.com  * TSLF_IMPLICIT_OUT is set when the packet should be sent without an
114*10934Ssommerfeld@sun.com  * explict label even if the peer or next-hop router is flagged in the
115*10934Ssommerfeld@sun.com  * tnrhdb as label-aware.
116*10934Ssommerfeld@sun.com  */
117*10934Ssommerfeld@sun.com 
118*10934Ssommerfeld@sun.com #define	TSLF_UNLABELED		0x00000001	/* peer is unlabeled */
119*10934Ssommerfeld@sun.com #define	TSLF_IMPLICIT_IN	0x00000002	/* inbound implicit */
120*10934Ssommerfeld@sun.com #define	TSLF_IMPLICIT_OUT	0x00000004	/* outbound implicit */
1211676Sjpk 
1221676Sjpk #define	CR_SL(cr)	(label2bslabel(crgetlabel(cr)))
1231676Sjpk 
1241676Sjpk extern ts_label_t	*l_admin_low;
1251676Sjpk extern ts_label_t	*l_admin_high;
1261676Sjpk extern uint32_t		default_doi;
1271676Sjpk extern int		sys_labeling;
1281676Sjpk 
1291676Sjpk extern void		label_init(void);
1301676Sjpk extern ts_label_t	*labelalloc(const m_label_t *, uint32_t, int);
1319710SKen.Powell@Sun.COM extern ts_label_t	*labeldup(const ts_label_t *, int);
1321676Sjpk extern void		label_hold(ts_label_t *);
1331676Sjpk extern void		label_rele(ts_label_t *);
1341676Sjpk extern m_label_t	*label2bslabel(ts_label_t *);
1351676Sjpk extern uint32_t		label2doi(ts_label_t *);
1361676Sjpk extern boolean_t	label_equal(const ts_label_t *, const ts_label_t *);
1371676Sjpk extern cred_t 		*newcred_from_bslabel(m_label_t *, uint32_t, int);
1389710SKen.Powell@Sun.COM extern cred_t 		*copycred_from_bslabel(const cred_t *, m_label_t *,
1391676Sjpk 			    uint32_t, int);
1409710SKen.Powell@Sun.COM extern cred_t		*copycred_from_tslabel(const cred_t *, ts_label_t *,
1419710SKen.Powell@Sun.COM 			    int);
1421676Sjpk extern ts_label_t	*getflabel(vnode_t *);
1431676Sjpk extern int		getlabel(const char *, m_label_t *);
1441676Sjpk extern int		fgetlabel(int, m_label_t *);
1451676Sjpk extern int		_blinrange(const m_label_t *, const brange_t *);
1461676Sjpk extern int		blinlset(const m_label_t *, const blset_t);
1471676Sjpk 
1481676Sjpk /*
1491676Sjpk  * The use of '!!' here prevents users from referencing this function-like
1501676Sjpk  * macro as though it were an l-value, and in normal use is optimized away
1511676Sjpk  * by the compiler.
1521676Sjpk  */
1531676Sjpk #define	is_system_labeled()	(!!(sys_labeling > 0))
1541676Sjpk 
1551676Sjpk #endif	/* _KERNEL */
1561676Sjpk 
1571676Sjpk #ifdef	__cplusplus
1581676Sjpk }
1591676Sjpk #endif
1601676Sjpk 
1611676Sjpk #endif	/* !_SYS_TSOL_LABEL_H */
162