xref: /external/libsepol/include/sepol/policydb/mls_types.h

/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/*
 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
 *
 *	Support for enhanced MLS infrastructure.
 *
 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

/* FLASK */

/*
 * Type definitions for the multi-level security (MLS) policy.
 */

#ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
#define _SEPOL_POLICYDB_MLS_TYPES_H_

#include <stdint.h>
#include <stdlib.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>

typedef struct mls_level {
	uint32_t sens;		/* sensitivity */
	ebitmap_t cat;		/* category set */
} mls_level_t;

typedef struct mls_range {
	mls_level_t level[2];	/* low == level[0], high == level[1] */
} mls_range_t;

static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
{

	dst->sens = src->sens;
	if (ebitmap_cpy(&dst->cat, &src->cat) < 0)
		return -1;
	return 0;
}

static inline void mls_level_init(struct mls_level *level)
{

	memset(level, 0, sizeof(mls_level_t));
}

static inline void mls_level_destroy(struct mls_level *level)
{

	if (level == NULL)
		return;

	ebitmap_destroy(&level->cat);
	mls_level_init(level);
}

static inline int mls_level_eq(const struct mls_level *l1, const struct mls_level *l2)
{
	return ((l1->sens == l2->sens) && ebitmap_cmp(&l1->cat, &l2->cat));
}

static inline int mls_level_dom(const struct mls_level *l1, const struct mls_level *l2)
{
	return ((l1->sens >= l2->sens) && ebitmap_contains(&l1->cat, &l2->cat));
}

#define mls_level_incomp(l1, l2) \
(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))

#define mls_level_between(l1, l2, l3) \
(mls_level_dom((l1), (l2)) && mls_level_dom((l3), (l1)))

#define mls_range_contains(r1, r2) \
(mls_level_dom(&(r2).level[0], &(r1).level[0]) && \
 mls_level_dom(&(r1).level[1], &(r2).level[1]))

static inline int mls_range_cpy(mls_range_t * dst, mls_range_t * src)
{

	if (mls_level_cpy(&dst->level[0], &src->level[0]) < 0)
		goto err;

	if (mls_level_cpy(&dst->level[1], &src->level[1]) < 0)
		goto err_destroy;

	return 0;

      err_destroy:
	mls_level_destroy(&dst->level[0]);

      err:
	return -1;
}

static inline void mls_range_init(struct mls_range *r)
{
	mls_level_init(&r->level[0]);
	mls_level_init(&r->level[1]);
}

static inline void mls_range_destroy(struct mls_range *r)
{
	mls_level_destroy(&r->level[0]);
	mls_level_destroy(&r->level[1]);
}

static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
{
	return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
	        mls_level_eq(&r1->level[1], &r2->level[1]));
}

typedef struct mls_semantic_cat {
	uint32_t low;	/* first bit this struct represents */
	uint32_t high;	/* last bit represented - equals low for a single cat */
	struct mls_semantic_cat *next;
} mls_semantic_cat_t;

typedef struct mls_semantic_level {
	uint32_t sens;
	mls_semantic_cat_t *cat;
} mls_semantic_level_t;

typedef struct mls_semantic_range {
	mls_semantic_level_t level[2];
} mls_semantic_range_t;

extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
extern void mls_semantic_level_init(mls_semantic_level_t *l);
extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
extern void mls_semantic_range_init(mls_semantic_range_t *r);
extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);

#endif