Home | History | Annotate | Download | only in policydb 
      1 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */
      2 /*
      3  * Updated: Trusted Computer Solutions, Inc. <dgoeddel (at) trustedcs.com>
      4  *
      5  *	Support for enhanced MLS infrastructure.
      6  *
      7  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
      8  *
      9  *  This library is free software; you can redistribute it and/or
     10  *  modify it under the terms of the GNU Lesser General Public
     11  *  License as published by the Free Software Foundation; either
     12  *  version 2.1 of the License, or (at your option) any later version.
     13  *
     14  *  This library is distributed in the hope that it will be useful,
     15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     17  *  Lesser General Public License for more details.
     18  *
     19  *  You should have received a copy of the GNU Lesser General Public
     20  *  License along with this library; if not, write to the Free Software
     21  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     22  */
     23 
     24 /* FLASK */
     25 
     26 /*
     27  * Type definitions for the multi-level security (MLS) policy.
     28  */
     29 
     30 #ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
     31 #define _SEPOL_POLICYDB_MLS_TYPES_H_
     32 
     33 #include <stdint.h>
     34 #include <stdlib.h>
     35 #include <sepol/policydb/ebitmap.h>
     36 #include <sepol/policydb/flask_types.h>
     37 #include <sys/cdefs.h>
     38 
     39 __BEGIN_DECLS
     40 
     41 typedef struct mls_level {
     42 	uint32_t sens;		/* sensitivity */
     43 	ebitmap_t cat;		/* category set */
     44 } mls_level_t;
     45 
     46 typedef struct mls_range {
     47 	mls_level_t level[2];	/* low == level[0], high == level[1] */
     48 } mls_range_t;
     49 
     50 static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
     51 {
     52 
     53 	dst->sens = src->sens;
     54 	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
     55 		return -1;
     56 	return 0;
     57 }
     58 
     59 static inline void mls_level_init(struct mls_level *level)
     60 {
     61 
     62 	memset(level, 0, sizeof(mls_level_t));
     63 }
     64 
     65 static inline void mls_level_destroy(struct mls_level *level)
     66 {
     67 
     68 	if (level == NULL)
     69 		return;
     70 
     71 	ebitmap_destroy(&level->cat);
     72 	mls_level_init(level);
     73 }
     74 
     75 static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
     76 {
     77 	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
     78 }
     79 
     80 static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
     81 {
     82 	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
     83 }
     84 
     85 #define mls_level_incomp(l1, l2) \
     86 (!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))
     87 
     88 #define mls_level_between(l1, l2, l3) \
     89 (mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))
     90 
     91 #define mls_range_contains(r1, r2) \
     92 (mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
     93  mls_level_dom(&(r1).level[1], &(r2).level[1]))
     94 
     95 static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
     96 {
     97 
     98 	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
     99 		goto err;
    100 
    101 	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
    102 		goto err_destroy;
    103 
    104 	return 0;
    105 
    106       err_destroy:
    107 	mls_level_destroy(&dst->level[0]);
    108 
    109       err:
    110 	return -1;
    111 }
    112 
    113 static inline void mls_range_init(struct mls_range *r)
    114 {
    115 	mls_level_init(&r->level[0]);
    116 	mls_level_init(&r->level[1]);
    117 }
    118 
    119 static inline void mls_range_destroy(struct mls_range *r)
    120 {
    121 	mls_level_destroy(&r->level[0]);
    122 	mls_level_destroy(&r->level[1]);
    123 }
    124 
    125 static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
    126 {
    127 	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
    128 	        mls_level_eq(&r1->level[1], &r2->level[1]));
    129 }
    130 
    131 typedef struct mls_semantic_cat {
    132 	uint32_t low;	/* first bit this struct represents */
    133 	uint32_t high;	/* last bit represented - equals low for a single cat */
    134 	struct mls_semantic_cat *next;
    135 } mls_semantic_cat_t;
    136 
    137 typedef struct mls_semantic_level {
    138 	uint32_t sens;
    139 	mls_semantic_cat_t *cat;
    140 } mls_semantic_level_t;
    141 
    142 typedef struct mls_semantic_range {
    143 	mls_semantic_level_t level[2];
    144 } mls_semantic_range_t;
    145 
    146 extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
    147 extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
    148 extern void mls_semantic_level_init(mls_semantic_level_t *l);
    149 extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
    150 extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
    151 extern void mls_semantic_range_init(mls_semantic_range_t *r);
    152 extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
    153 extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
    154 
    155 __END_DECLS
    156 #endif
    157