1 /* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
2 /*
3 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
4 *
5 * Support for enhanced MLS infrastructure.
6 *
7 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 /* FLASK */
25
26 /*
27 * Type definitions for the multi-level security (MLS) policy.
28 */
29
30 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
31 #define _SEPOL_POLICYDB_MLS_TYPES_H_
32
33 #include <stdint.h>
34 #include <stdlib.h>
35 #include <sepol/policydb/ebitmap.h>
36 #include <sepol/policydb/flask_types.h>
37 #include <sys/cdefs.h>
38
39 __BEGIN_DECLS
40
41 typedef struct mls_level {
42 uint32_t sens; /* sensitivity */
43 ebitmap_t cat; /* category set */
44 } mls_level_t;
45
46 typedef struct mls_range {
47 mls_level_t level[2]; /* low == level[0], high == level[1] */
48 } mls_range_t;
49
mls_level_cpy(struct mls_level * dst,struct mls_level * src)50 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
51 {
52
53 dst->sens = src->sens;
54 if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
55 return -1;
56 return 0;
57 }
58
mls_level_init(struct mls_level * level)59 static inline void mls_level_init(struct mls_level *level)
60 {
61
62 memset(level, 0, sizeof(mls_level_t));
63 }
64
mls_level_destroy(struct mls_level * level)65 static inline void mls_level_destroy(struct mls_level *level)
66 {
67
68 if (level == NULL)
69 return;
70
71 ebitmap_destroy(&level->cat);
72 mls_level_init(level);
73 }
74
mls_level_eq(const struct mls_level * l1,const struct mls_level * l2)75 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
76 {
77 return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
78 }
79
mls_level_dom(const struct mls_level * l1,const struct mls_level * l2)80 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
81 {
82 return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
83 }
84
85 #define mls_level_incomp(l1, l2) \
86 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
87
88 #define mls_level_between(l1, l2, l3) \
89 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
90
91 #define mls_range_contains(r1, r2) \
92 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
93 mls_level_dom(&(r1).level[1], &(r2).level[1]))
94
mls_range_cpy(mls_range_t * dst,mls_range_t * src)95 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
96 {
97
98 if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
99 goto err;
100
101 if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
102 goto err_destroy;
103
104 return 0;
105
106 err_destroy:
107 mls_level_destroy(&dst->level[0]);
108
109 err:
110 return -1;
111 }
112
mls_range_init(struct mls_range * r)113 static inline void mls_range_init(struct mls_range *r)
114 {
115 mls_level_init(&r->level[0]);
116 mls_level_init(&r->level[1]);
117 }
118
mls_range_destroy(struct mls_range * r)119 static inline void mls_range_destroy(struct mls_range *r)
120 {
121 mls_level_destroy(&r->level[0]);
122 mls_level_destroy(&r->level[1]);
123 }
124
mls_range_eq(struct mls_range * r1,struct mls_range * r2)125 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
126 {
127 return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
128 mls_level_eq(&r1->level[1], &r2->level[1]));
129 }
130
131 typedef struct mls_semantic_cat {
132 uint32_t low; /* first bit this struct represents */
133 uint32_t high; /* last bit represented - equals low for a single cat */
134 struct mls_semantic_cat *next;
135 } mls_semantic_cat_t;
136
137 typedef struct mls_semantic_level {
138 uint32_t sens;
139 mls_semantic_cat_t *cat;
140 } mls_semantic_level_t;
141
142 typedef struct mls_semantic_range {
143 mls_semantic_level_t level[2];
144 } mls_semantic_range_t;
145
146 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
147 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
148 extern void mls_semantic_level_init(mls_semantic_level_t *l);
149 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
150 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
151 extern void mls_semantic_range_init(mls_semantic_range_t *r);
152 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
153 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
154
155 __END_DECLS
156 #endif
157