1 /* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
2 /*
3  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
4  *
5  *	Support for enhanced MLS infrastructure.
6  *
7  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
8  *
9  *  This library is free software; you can redistribute it and/or
10  *  modify it under the terms of the GNU Lesser General Public
11  *  License as published by the Free Software Foundation; either
12  *  version 2.1 of the License, or (at your option) any later version.
13  *
14  *  This library is distributed in the hope that it will be useful,
15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  *  Lesser General Public License for more details.
18  *
19  *  You should have received a copy of the GNU Lesser General Public
20  *  License along with this library; if not, write to the Free Software
21  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
22  */
23 
24 /* FLASK */
25 
26 /*
27  * Type definitions for the multi-level security (MLS) policy.
28  */
29 
30 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
31 #define _SEPOL_POLICYDB_MLS_TYPES_H_
32 
33 #include <errno.h>
34 #include <stdint.h>
35 #include <stdlib.h>
36 #include <sys/param.h>
37 #include <sepol/policydb/ebitmap.h>
38 #include <sepol/policydb/flask_types.h>
39 
40 #ifdef __cplusplus
41 extern "C" {
42 #endif
43 
44 typedef struct mls_level {
45 	uint32_t sens;		/* sensitivity */
46 	ebitmap_t cat;		/* category set */
47 } mls_level_t;
48 
49 typedef struct mls_range {
50 	mls_level_t level[2];	/* low == level[0], high == level[1] */
51 } mls_range_t;
52 
mls_range_glblub(struct mls_range * dst,struct mls_range * r1,struct mls_range * r2)53 static inline int mls_range_glblub(struct mls_range *dst, struct mls_range *r1, struct mls_range *r2)
54 {
55 	if (r1->level[1].sens < r2->level[0].sens || r2->level[1].sens < r1->level[0].sens) {
56 		/* These ranges have no common sensitivities */
57 		return -EINVAL;
58 	}
59 
60 	/* Take the greatest of the low */
61 	dst->level[0].sens = MAX(r1->level[0].sens, r2->level[0].sens);
62 	/* Take the least of the high */
63 	dst->level[1].sens = MIN(r1->level[1].sens, r2->level[1].sens);
64 
65 	if (ebitmap_and(&dst->level[0].cat, &r1->level[0].cat, &r2->level[0].cat) < 0) {
66 		return -1;
67 	}
68 
69 	if (ebitmap_and(&dst->level[1].cat, &r1->level[1].cat, &r2->level[1].cat) < 0) {
70 		return -1;
71 	}
72 
73 	return 0;
74 }
75 
76 
mls_level_cpy(struct mls_level * dst,struct mls_level * src)77 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
78 {
79 
80 	dst->sens = src->sens;
81 	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
82 		return -1;
83 	return 0;
84 }
85 
mls_level_init(struct mls_level * level)86 static inline void mls_level_init(struct mls_level *level)
87 {
88 
89 	memset(level, 0, sizeof(mls_level_t));
90 }
91 
mls_level_destroy(struct mls_level * level)92 static inline void mls_level_destroy(struct mls_level *level)
93 {
94 
95 	if (level == NULL)
96 		return;
97 
98 	ebitmap_destroy(&level->cat);
99 	mls_level_init(level);
100 }
101 
mls_level_eq(const struct mls_level * l1,const struct mls_level * l2)102 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
103 {
104 	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
105 }
106 
mls_level_dom(const struct mls_level * l1,const struct mls_level * l2)107 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
108 {
109 	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
110 }
111 
112 #define mls_level_incomp(l1, l2) \
113 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
114 
115 #define mls_level_between(l1, l2, l3) \
116 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
117 
118 #define mls_range_contains(r1, r2) \
119 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
120  mls_level_dom(&(r1).level[1], &(r2).level[1]))
121 
mls_range_cpy(mls_range_t * dst,mls_range_t * src)122 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
123 {
124 
125 	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
126 		goto err;
127 
128 	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
129 		goto err_destroy;
130 
131 	return 0;
132 
133       err_destroy:
134 	mls_level_destroy(&dst->level[0]);
135 
136       err:
137 	return -1;
138 }
139 
mls_range_init(struct mls_range * r)140 static inline void mls_range_init(struct mls_range *r)
141 {
142 	mls_level_init(&r->level[0]);
143 	mls_level_init(&r->level[1]);
144 }
145 
mls_range_destroy(struct mls_range * r)146 static inline void mls_range_destroy(struct mls_range *r)
147 {
148 	mls_level_destroy(&r->level[0]);
149 	mls_level_destroy(&r->level[1]);
150 }
151 
mls_range_eq(struct mls_range * r1,struct mls_range * r2)152 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
153 {
154 	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
155 	        mls_level_eq(&r1->level[1], &r2->level[1]));
156 }
157 
158 typedef struct mls_semantic_cat {
159 	uint32_t low;	/* first bit this struct represents */
160 	uint32_t high;	/* last bit represented - equals low for a single cat */
161 	struct mls_semantic_cat *next;
162 } mls_semantic_cat_t;
163 
164 typedef struct mls_semantic_level {
165 	uint32_t sens;
166 	mls_semantic_cat_t *cat;
167 } mls_semantic_level_t;
168 
169 typedef struct mls_semantic_range {
170 	mls_semantic_level_t level[2];
171 } mls_semantic_range_t;
172 
173 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
174 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
175 extern void mls_semantic_level_init(mls_semantic_level_t *l);
176 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
177 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
178 extern void mls_semantic_range_init(mls_semantic_range_t *r);
179 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
180 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
181 
182 #ifdef __cplusplus
183 }
184 #endif
185 
186 #endif
187