Home | History | Annotate | Download | only in policydb 
      1 /* Author : Stephen Smalley, <sds (at) tycho.nsa.gov> */
      2 /*
      3  * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com>
      4  *
      5  *	Support for enhanced MLS infrastructure.
      6  *
      7  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
      8  *
      9  *  This library is free software; you can redistribute it and/or
     10  *  modify it under the terms of the GNU Lesser General Public
     11  *  License as published by the Free Software Foundation; either
     12  *  version 2.1 of the License, or (at your option) any later version.
     13  *
     14  *  This library is distributed in the hope that it will be useful,
     15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     17  *  Lesser General Public License for more details.
     18  *
     19  *  You should have received a copy of the GNU Lesser General Public
     20  *  License along with this library; if not, write to the Free Software
     21  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     22  */
     23 
     24 /* FLASK */
     25 
     26 /*
     27  * Type definitions for the multi-level security (MLS) policy.
     28  */
     29 
     30 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
     31 #define _SEPOL_POLICYDB_MLS_TYPES_H_
     32 
     33 #include <stdint.h>
     34 #include <stdlib.h>
     35 #include <sepol/policydb/ebitmap.h>
     36 #include <sepol/policydb/flask_types.h>
     37 
     38 #ifdef __cplusplus
     39 extern "C" {
     40 #endif
     41 
     42 typedef struct mls_level {
     43 	uint32_t sens;		/* sensitivity */
     44 	ebitmap_t cat;		/* category set */
     45 } mls_level_t;
     46 
     47 typedef struct mls_range {
     48 	mls_level_t level[2];	/* low == level[0], high == level[1] */
     49 } mls_range_t;
     50 
     51 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
     52 {
     53 
     54 	dst->sens = src->sens;
     55 	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
     56 		return -1;
     57 	return 0;
     58 }
     59 
     60 static inline void mls_level_init(struct mls_level *level)
     61 {
     62 
     63 	memset(level, 0, sizeof(mls_level_t));
     64 }
     65 
     66 static inline void mls_level_destroy(struct mls_level *level)
     67 {
     68 
     69 	if (level == NULL)
     70 		return;
     71 
     72 	ebitmap_destroy(&level->cat);
     73 	mls_level_init(level);
     74 }
     75 
     76 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
     77 {
     78 	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
     79 }
     80 
     81 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
     82 {
     83 	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
     84 }
     85 
     86 #define mls_level_incomp(l1, l2) \
     87 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
     88 
     89 #define mls_level_between(l1, l2, l3) \
     90 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
     91 
     92 #define mls_range_contains(r1, r2) \
     93 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
     94  mls_level_dom(&(r1).level[1], &(r2).level[1]))
     95 
     96 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
     97 {
     98 
     99 	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
    100 		goto err;
    101 
    102 	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
    103 		goto err_destroy;
    104 
    105 	return 0;
    106 
    107       err_destroy:
    108 	mls_level_destroy(&dst->level[0]);
    109 
    110       err:
    111 	return -1;
    112 }
    113 
    114 static inline void mls_range_init(struct mls_range *r)
    115 {
    116 	mls_level_init(&r->level[0]);
    117 	mls_level_init(&r->level[1]);
    118 }
    119 
    120 static inline void mls_range_destroy(struct mls_range *r)
    121 {
    122 	mls_level_destroy(&r->level[0]);
    123 	mls_level_destroy(&r->level[1]);
    124 }
    125 
    126 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
    127 {
    128 	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
    129 	        mls_level_eq(&r1->level[1], &r2->level[1]));
    130 }
    131 
    132 typedef struct mls_semantic_cat {
    133 	uint32_t low;	/* first bit this struct represents */
    134 	uint32_t high;	/* last bit represented - equals low for a single cat */
    135 	struct mls_semantic_cat *next;
    136 } mls_semantic_cat_t;
    137 
    138 typedef struct mls_semantic_level {
    139 	uint32_t sens;
    140 	mls_semantic_cat_t *cat;
    141 } mls_semantic_level_t;
    142 
    143 typedef struct mls_semantic_range {
    144 	mls_semantic_level_t level[2];
    145 } mls_semantic_range_t;
    146 
    147 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
    148 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
    149 extern void mls_semantic_level_init(mls_semantic_level_t *l);
    150 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
    151 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
    152 extern void mls_semantic_range_init(mls_semantic_range_t *r);
    153 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
    154 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
    155 
    156 #ifdef __cplusplus
    157 }
    158 #endif
    159 
    160 #endif
    161