Home | History | Annotate | Download | only in policydb 
      1 
      2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */
      3 /*
      4  * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com>
      5  *
      6  *	Support for enhanced MLS infrastructure.
      7  *
      8  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
      9  *
     10  *  This library is free software; you can redistribute it and/or
     11  *  modify it under the terms of the GNU Lesser General Public
     12  *  License as published by the Free Software Foundation; either
     13  *  version 2.1 of the License, or (at your option) any later version.
     14  *
     15  *  This library is distributed in the hope that it will be useful,
     16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     18  *  Lesser General Public License for more details.
     19  *
     20  *  You should have received a copy of the GNU Lesser General Public
     21  *  License along with this library; if not, write to the Free Software
     22  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     23  */
     24 
     25 /* FLASK */
     26 
     27 /*
     28  * Type definitions for the multi-level security (MLS) policy.
     29  */
     30 
     31 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
     32 #define _SEPOL_POLICYDB_MLS_TYPES_H_
     33 
     34 #include <stdint.h>
     35 #include <stdlib.h>
     36 #include <sepol/policydb/ebitmap.h>
     37 #include <sepol/policydb/flask_types.h>
     38 
     39 typedef struct mls_level {
     40 	uint32_t sens;		/* sensitivity */
     41 	ebitmap_t cat;		/* category set */
     42 } mls_level_t;
     43 
     44 typedef struct mls_range {
     45 	mls_level_t level[2];	/* low == level[0], high == level[1] */
     46 } mls_range_t;
     47 
     48 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
     49 {
     50 
     51 	dst->sens = src->sens;
     52 	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
     53 		return -1;
     54 	return 0;
     55 }
     56 
     57 static inline void mls_level_init(struct mls_level *level)
     58 {
     59 
     60 	memset(level, 0, sizeof(mls_level_t));
     61 }
     62 
     63 static inline void mls_level_destroy(struct mls_level *level)
     64 {
     65 
     66 	if (level == NULL)
     67 		return;
     68 
     69 	ebitmap_destroy(&level->cat);
     70 	mls_level_init(level);
     71 }
     72 
     73 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
     74 {
     75 	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
     76 }
     77 
     78 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
     79 {
     80 	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
     81 }
     82 
     83 #define mls_level_incomp(l1, l2) \
     84 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
     85 
     86 #define mls_level_between(l1, l2, l3) \
     87 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
     88 
     89 #define mls_range_contains(r1, r2) \
     90 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
     91  mls_level_dom(&(r1).level[1], &(r2).level[1]))
     92 
     93 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
     94 {
     95 
     96 	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
     97 		goto err;
     98 
     99 	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
    100 		goto err_destroy;
    101 
    102 	return 0;
    103 
    104       err_destroy:
    105 	mls_level_destroy(&dst->level[0]);
    106 
    107       err:
    108 	return -1;
    109 }
    110 
    111 static inline void mls_range_init(struct mls_range *r)
    112 {
    113 	mls_level_init(&r->level[0]);
    114 	mls_level_init(&r->level[1]);
    115 }
    116 
    117 static inline void mls_range_destroy(struct mls_range *r)
    118 {
    119 	mls_level_destroy(&r->level[0]);
    120 	mls_level_destroy(&r->level[1]);
    121 }
    122 
    123 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
    124 {
    125 	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
    126 	        mls_level_eq(&r1->level[1], &r2->level[1]));
    127 }
    128 
    129 typedef struct mls_semantic_cat {
    130 	uint32_t low;	/* first bit this struct represents */
    131 	uint32_t high;	/* last bit represented - equals low for a single cat */
    132 	struct mls_semantic_cat *next;
    133 } mls_semantic_cat_t;
    134 
    135 typedef struct mls_semantic_level {
    136 	uint32_t sens;
    137 	mls_semantic_cat_t *cat;
    138 } mls_semantic_level_t;
    139 
    140 typedef struct mls_semantic_range {
    141 	mls_semantic_level_t level[2];
    142 } mls_semantic_range_t;
    143 
    144 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
    145 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
    146 extern void mls_semantic_level_init(mls_semantic_level_t *l);
    147 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
    148 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
    149 extern void mls_semantic_range_init(mls_semantic_range_t *r);
    150 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
    151 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
    152 
    153 #endif
    154