Mercurial > illumos > illumos-gate

view usr/src/uts/common/sys/tsol/label.h @ 10934:e209937a4f19

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PSARC/2008/252 Labeled IPsec phase 1 6886771 Labeled IPsec phase 1 6808727 Alignment error panic in tsol_can_accept_raw() 6894979 nightly -0 + -p builds then destroys SUNW0on
author Bill Sommerfeld <sommerfeld@sun.com>
date Mon, 02 Nov 2009 15:39:20 -0800
parents 6f02df7ca581
children 807794d41b3a
line wrap: on
line source

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#ifndef	_SYS_TSOL_LABEL_H
#define	_SYS_TSOL_LABEL_H

#include <sys/types.h>
#ifdef _KERNEL
#include <sys/cred.h>
#include <sys/vnode.h>
#include <sys/tsol/label_macro.h>
#endif /* _KERNEL */

#ifdef	__cplusplus
extern "C" {
#endif

/*
 * types of label comparison
 */
#define	EQUALITY_CHECK	0
#define	DOMINANCE_CHECK	1

/* Binary Label Structure Definitions */

typedef	struct _mac_label_impl	m_label_t;

typedef m_label_t	blevel_t,		/* compatibility */
			bslabel_t,		/* Sensitivity Label */
			bclear_t;		/* Clearance */

typedef struct _tsol_binary_level_lrange {	/* Level Range */
	m_label_t *lower_bound;
	m_label_t *upper_bound;
} m_range_t;

typedef	m_range_t	blrange_t;

typedef struct tsol_mlp_s {
	uchar_t mlp_ipp;
	uint16_t mlp_port;
	uint16_t mlp_port_upper;
} tsol_mlp_t;

/* Procedure Interface Definitions available to user and kernel */

extern int	bltype(const void *, uint8_t);
extern int	blequal(const m_label_t *, const m_label_t *);
extern int	bldominates(const m_label_t *, const m_label_t *);
extern int	blstrictdom(const m_label_t *, const m_label_t *);
extern int	blinrange(const m_label_t *, const m_range_t *);
extern void	blmaximum(m_label_t *, const m_label_t *);
extern void	blminimum(m_label_t *, const m_label_t *);
extern void	bsllow(m_label_t *);
extern void	bslhigh(m_label_t *);
extern void	bclearlow(m_label_t *);
extern void	bclearhigh(m_label_t *);
extern void	bslundef(m_label_t *);
extern void	bclearundef(m_label_t *);
extern void	setbltype(void *, uint8_t);
extern boolean_t	bisinvalid(const void *);

#ifdef	_KERNEL
typedef struct tsol_mlp_entry_s {
	struct tsol_mlp_entry_s *mlpe_next, *mlpe_prev;
	zoneid_t mlpe_zoneid;
	tsol_mlp_t mlpe_mlp;
} tsol_mlp_entry_t;

typedef struct tsol_mlp_list_s {
	krwlock_t mlpl_rwlock;
	tsol_mlp_entry_t *mlpl_first, *mlpl_last;
} tsol_mlp_list_t;

typedef	struct ts_label_s {
	uint_t		tsl_ref;	/* Reference count */
	uint32_t	tsl_doi;	/* Domain of Interpretation */
	uint32_t	tsl_flags;	/* TSLF_* below */
	m_label_t	tsl_label;	/* Actual label */
} ts_label_t;

#define	DEFAULT_DOI 1

/*
 * TSLF_UNLABELED is set in tsl_flags for  packets with no explicit label
 * when the peer is unlabeled.
 *
 * TSLF_IMPLICIT_IN is set when a packet is received with no explicit label
 * from a peer which is flagged in the tnrhdb as label-aware.
 *
 * TSLF_IMPLICIT_OUT is set when the packet should be sent without an
 * explict label even if the peer or next-hop router is flagged in the
 * tnrhdb as label-aware.
 */

#define	TSLF_UNLABELED		0x00000001	/* peer is unlabeled */
#define	TSLF_IMPLICIT_IN	0x00000002	/* inbound implicit */
#define	TSLF_IMPLICIT_OUT	0x00000004	/* outbound implicit */

#define	CR_SL(cr)	(label2bslabel(crgetlabel(cr)))

extern ts_label_t	*l_admin_low;
extern ts_label_t	*l_admin_high;
extern uint32_t		default_doi;
extern int		sys_labeling;

extern void		label_init(void);
extern ts_label_t	*labelalloc(const m_label_t *, uint32_t, int);
extern ts_label_t	*labeldup(const ts_label_t *, int);
extern void		label_hold(ts_label_t *);
extern void		label_rele(ts_label_t *);
extern m_label_t	*label2bslabel(ts_label_t *);
extern uint32_t		label2doi(ts_label_t *);
extern boolean_t	label_equal(const ts_label_t *, const ts_label_t *);
extern cred_t 		*newcred_from_bslabel(m_label_t *, uint32_t, int);
extern cred_t 		*copycred_from_bslabel(const cred_t *, m_label_t *,
			    uint32_t, int);
extern cred_t		*copycred_from_tslabel(const cred_t *, ts_label_t *,
			    int);
extern ts_label_t	*getflabel(vnode_t *);
extern int		getlabel(const char *, m_label_t *);
extern int		fgetlabel(int, m_label_t *);
extern int		_blinrange(const m_label_t *, const brange_t *);
extern int		blinlset(const m_label_t *, const blset_t);

/*
 * The use of '!!' here prevents users from referencing this function-like
 * macro as though it were an l-value, and in normal use is optimized away
 * by the compiler.
 */
#define	is_system_labeled()	(!!(sys_labeling > 0))

#endif	/* _KERNEL */

#ifdef	__cplusplus
}
#endif

#endif	/* !_SYS_TSOL_LABEL_H */