1 2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3/* 4 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 5 * 6 * Support for enhanced MLS infrastructure. 7 * 8 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 9 * 10 * This library is free software; you can redistribute it and/or 11 * modify it under the terms of the GNU Lesser General Public 12 * License as published by the Free Software Foundation; either 13 * version 2.1 of the License, or (at your option) any later version. 14 * 15 * This library is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * Lesser General Public License for more details. 19 * 20 * You should have received a copy of the GNU Lesser General Public 21 * License along with this library; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 23 */ 24 25/* FLASK */ 26 27/* 28 * Type definitions for the multi-level security (MLS) policy. 29 */ 30 31#ifndef _SEPOL_POLICYDB_MLS_TYPES_H_ 32#define _SEPOL_POLICYDB_MLS_TYPES_H_ 33 34#include <stdint.h> 35#include <stdlib.h> 36#include <sepol/policydb/ebitmap.h> 37#include <sepol/policydb/flask_types.h> 38 39typedef struct mls_level { 40 uint32_t sens; /* sensitivity */ 41 ebitmap_t cat; /* category set */ 42} mls_level_t; 43 44typedef struct mls_range { 45 mls_level_t level[2]; /* low == level[0], high == level[1] */ 46} mls_range_t; 47 48static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src) 49{ 50 51 dst->sens = src->sens; 52 if (ebitmap_cpy(&dst->cat, &src->cat) < 0) 53 return -1; 54 return 0; 55} 56 57static inline void mls_level_init(struct mls_level *level) 58{ 59 60 memset(level, 0, sizeof(mls_level_t)); 61} 62 63static inline void mls_level_destroy(struct mls_level *level) 64{ 65 66 if (level == NULL) 67 return; 68 69 ebitmap_destroy(&level->cat); 70 mls_level_init(level); 71} 72 73static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2) 74{ 75 return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat)); 76} 77 78static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2) 79{ 80 return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat)); 81} 82 83#define mls_level_incomp(l1, l2) \ 84(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1))) 85 86#define mls_level_between(l1, l2, l3) \ 87(mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1))) 88 89#define mls_range_contains(r1, r2) \ 90(mls_level_dom(&(r2).level[0], &(r1).level[0]) && \ 91 mls_level_dom(&(r1).level[1], &(r2).level[1])) 92 93static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src) 94{ 95 96 if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0) 97 goto err; 98 99 if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0) 100 goto err_destroy; 101 102 return 0; 103 104 err_destroy: 105 mls_level_destroy(&dst->level[0]); 106 107 err: 108 return -1; 109} 110 111static inline void mls_range_init(struct mls_range *r) 112{ 113 mls_level_init(&r->level[0]); 114 mls_level_init(&r->level[1]); 115} 116 117static inline void mls_range_destroy(struct mls_range *r) 118{ 119 mls_level_destroy(&r->level[0]); 120 mls_level_destroy(&r->level[1]); 121} 122 123static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2) 124{ 125 return (mls_level_eq(&r1->level[0], &r2->level[0]) && 126 mls_level_eq(&r1->level[1], &r2->level[1])); 127} 128 129typedef struct mls_semantic_cat { 130 uint32_t low; /* first bit this struct represents */ 131 uint32_t high; /* last bit represented - equals low for a single cat */ 132 struct mls_semantic_cat *next; 133} mls_semantic_cat_t; 134 135typedef struct mls_semantic_level { 136 uint32_t sens; 137 mls_semantic_cat_t *cat; 138} mls_semantic_level_t; 139 140typedef struct mls_semantic_range { 141 mls_semantic_level_t level[2]; 142} mls_semantic_range_t; 143 144extern void mls_semantic_cat_init(mls_semantic_cat_t *c); 145extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c); 146extern void mls_semantic_level_init(mls_semantic_level_t *l); 147extern void mls_semantic_level_destroy(mls_semantic_level_t *l); 148extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src); 149extern void mls_semantic_range_init(mls_semantic_range_t *r); 150extern void mls_semantic_range_destroy(mls_semantic_range_t *r); 151extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src); 152 153#endif 154