usr/src/lib/libtsol/common/label.h

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 #ifndef _TSOL_LABEL_H
  27 #define _TSOL_LABEL_H
  28
  29 #include <sys/types32.h>
  30 #include <sys/tsol/label.h>
  31 #include <priv.h>
  32
  33 #ifdef  __cplusplus
  34 extern "C" {
  35 #endif
  36
  37 /* Procedural Interface Structure Definitions */
  38
  39 struct  label_info {            /* structure returned by label_info */
  40         short   ilabel_len;             /* max Information Label length */
  41         short   slabel_len;             /* max Sensitivity Label length */
  42         short   clabel_len;             /* max CMW Label length */
  43         short   clear_len;              /* max Clearance Label length */
  44         short   vers_len;               /* version string length */
  45         short   header_len;             /* max len of banner page header */
  46         short   protect_as_len;         /* max len of banner page protect as */
  47         short   caveats_len;            /* max len of banner page caveats */
  48         short   channels_len;           /* max len of banner page channels */
  49 };
  50
  51 typedef struct label_set_identifier {   /* valid label set identifier */
  52         int     type;                   /* type of the set */
  53         char    *name;                  /* name of the set if needed */
  54 } set_id;
  55
  56 struct name_fields {            /* names for label builder fields */
  57         char    *class_name;            /* Classifications field name */
  58         char    *comps_name;            /* Compartments field name */
  59         char    *marks_name;            /* Markings field name */
  60 };
  61
  62 /* Label Set Identifier Types */
  63
  64 /*
  65  * The accreditation ranges as specified in the label encodings file.
  66  * The name parameter is ignored.
  67  *
  68  * System Accreditation Range is all valid labels plus Admin High and Low.
  69  *
  70  * User Accreditation Range is valid user labels as defined in the
  71  *      ACCREDITATION RANGE: section of the label encodings file.
  72  */
  73
  74 #define SYSTEM_ACCREDITATION_RANGE      1
  75 #define USER_ACCREDITATION_RANGE        2
  76
  77
  78 /* System Call Interface Definitions */
  79
  80 extern int getlabel(const char *, m_label_t *);
  81 extern int fgetlabel(int, m_label_t *);
  82
  83 extern int getplabel(m_label_t *);
  84 extern int setflabel(const char *, m_label_t *);
  85 extern char *getpathbylabel(const char *, char *, size_t,
  86     const m_label_t *sl);
  87 extern m_label_t *getzonelabelbyid(zoneid_t);
  88 extern m_label_t *getzonelabelbyname(const char *);
  89 extern zoneid_t getzoneidbylabel(const m_label_t *);
  90 extern char *getzonenamebylabel(const m_label_t *);
  91 extern char *getzonerootbyid(zoneid_t);
  92 extern char *getzonerootbyname(const char *);
  93 extern char *getzonerootbylabel(const m_label_t *);
  94 extern m_label_t *getlabelbypath(const char *);
  95
  96
  97 /* Flag word values */
  98
  99 #define ALL_ENTRIES             0x00000000
 100 #define ACCESS_RELATED          0x00000001
 101 #define ACCESS_MASK             0x0000FFFF
 102 #define ACCESS_SHIFT            0
 103
 104 #define LONG_WORDS              0x00010000      /* use long names */
 105 #define SHORT_WORDS             0x00020000      /* use short names if present */
 106 #define LONG_CLASSIFICATION     0x00040000      /* use long classification */
 107 #define SHORT_CLASSIFICATION    0x00080000      /* use short classification */
 108 #define NO_CLASSIFICATION       0x00100000      /* don't translate the class */
 109 #define VIEW_INTERNAL           0x00200000      /* don't promote/demote */
 110 #define VIEW_EXTERNAL           0x00400000      /* promote/demote label */
 111
 112 #define NEW_LABEL               0x00000001      /* create a full new label */
 113 #define NO_CORRECTION           0x00000002      /* don't correct label errors */
 114                                                 /* implies NEW_LABEL */
 115
 116 #define CVT_DIM                 0x01            /* display word dimmed */
 117 #define CVT_SET                 0x02            /* display word currently set */
 118
 119 /* Procedure Interface Definitions available to user */
 120
 121 /* APIs shared with the kernel are in <sys/tsol/label.h */
 122
 123 extern m_label_t *blabel_alloc(void);
 124 extern void     blabel_free(m_label_t *);
 125 extern size32_t blabel_size(void);
 126 extern char     *bsltoh(const m_label_t *);
 127 extern char     *bcleartoh(const m_label_t *);
 128
 129 extern char     *bsltoh_r(const m_label_t *, char *);
 130 extern char     *bcleartoh_r(const m_label_t *, char *);
 131 extern char     *h_alloc(uint8_t);
 132 extern void     h_free(char *);
 133
 134 extern int      htobsl(const char *, m_label_t *);
 135 extern int      htobclear(const char *, m_label_t *);
 136
 137 extern m_range_t        *getuserrange(const char *);
 138 extern m_range_t        *getdevicerange(const char *);
 139
 140 extern int      set_effective_priv(priv_op_t, int, ...);
 141 extern int      set_inheritable_priv(priv_op_t, int, ...);
 142 extern int      set_permitted_priv(priv_op_t, int, ...);
 143 extern int      is_system_labeled(void);
 144
 145 /* Procedures needed for multi-level printing */
 146
 147 extern int      tsol_check_admin_auth(uid_t uid);
 148
 149 /* APIs implemented via labeld */
 150
 151 extern int      blinset(const m_label_t *, const set_id *);
 152 extern int      labelinfo(struct label_info *);
 153 extern ssize_t  labelvers(char **, size_t);
 154 extern char     *bltocolor(const m_label_t *);
 155 extern char     *bltocolor_r(const m_label_t *, size_t, char *);
 156
 157 extern ssize_t  bsltos(const m_label_t *, char **, size_t, int);
 158 extern ssize_t  bcleartos(const m_label_t *, char **, size_t, int);
 159
 160
 161 extern char     *sbsltos(const m_label_t *, size_t);
 162 extern char     *sbcleartos(const m_label_t *, size_t);
 163
 164
 165 extern int      stobsl(const char *, m_label_t *, int, int *);
 166 extern int      stobclear(const char *, m_label_t *, int, int *);
 167 extern int      bslvalid(const m_label_t *);
 168 extern int      bclearvalid(const m_label_t *);
 169
 170 /* DIA label conversion and parsing */
 171
 172 /* Conversion types */
 173
 174 typedef enum _m_label_str {
 175         M_LABEL = 1,            /* process or user clearance */
 176         M_INTERNAL = 2,         /* internal form for use in public databases */
 177         M_COLOR = 3,            /* process label color */
 178         PRINTER_TOP_BOTTOM = 4, /* DIA banner page top/bottom */
 179         PRINTER_LABEL = 5,      /* DIA banner page label */
 180         PRINTER_CAVEATS = 6,    /* DIA banner page caveats */
 181         PRINTER_CHANNELS = 7    /* DIA banner page handling channels */
 182 } m_label_str_t;
 183
 184 /* Flags for conversion, not all flags apply to all types */
 185 #define DEF_NAMES       0x1
 186 #define SHORT_NAMES     0x3     /* short names are prefered where defined */
 187 #define LONG_NAMES      0x4     /* long names are prefered where defined */
 188
 189 extern int label_to_str(const m_label_t *, char **, const m_label_str_t,
 190     uint_t);
 191 extern int l_to_str_internal(const m_label_t *, char **);
 192
 193 /* Parsing types */
 194 typedef enum _m_label_type {
 195         MAC_LABEL = 1,          /* process or object label */
 196         USER_CLEAR = 2          /* user's clearance (LUB) */
 197 } m_label_type_t;
 198
 199 /* Flags for parsing */
 200
 201 #define L_DEFAULT               0x0
 202 #define L_MODIFY_EXISTING       0x1     /* start parsing with existing label */
 203 #define L_NO_CORRECTION         0x2     /* must be correct by l_e rules */
 204 #define L_CHECK_AR              0x10    /* must be in l_e AR */
 205
 206 /* EINVAL sub codes */
 207
 208 #define M_OUTSIDE_AR            -4      /* not in l_e AR */
 209 #define M_BAD_STRING            -3      /* DIA L_BAD_LABEL */
 210         /* bad requested label type, bad previous label type */
 211 #define M_BAD_LABEL             -2      /* DIA L_BAD_CLASSIFICATION, */
 212
 213 extern int str_to_label(const char *, m_label_t **, const m_label_type_t,
 214     uint_t, int *);
 215 extern int hexstr_to_label(const char *, m_label_t *);
 216
 217 extern m_label_t *m_label_alloc(const m_label_type_t);
 218
 219 extern int m_label_dup(m_label_t **, const m_label_t *);
 220
 221 extern void m_label_free(m_label_t *);
 222
 223 /* Contract Private interfaces with the label builder GUIs */
 224
 225 extern int      bslcvtfull(const m_label_t *, const m_range_t *, int,
 226     char **, char **[], char **[], char *[], int *, int *);
 227 extern int      bslcvt(const m_label_t *, int, char **, char *[]);
 228 extern int      bclearcvtfull(const m_label_t *, const m_range_t *, int,
 229     char **, char **[], char **[], char *[], int *, int *);
 230 extern int      bclearcvt(const m_label_t *, int, char **, char *[]);
 231
 232 extern int      labelfields(struct name_fields *);
 233 extern int      userdefs(m_label_t *, m_label_t *);
 234 extern int      zonecopy(m_label_t *, char *, char *, char *, int);
 235
 236 #ifdef DEBUG
 237 /* testing hook: see devfsadm.c, mkdevalloc.c and allocate.c */
 238 #define is_system_labeled_debug(statbufp)       \
 239         ((stat("/ALLOCATE_FORCE_LABEL", (statbufp)) == 0) ? 1 : 0)
 240 #else   /* DEBUG */
 241 #define is_system_labeled_debug(statbufp)       0
 242 #endif  /* DEBUG */
 243
 244 #ifdef  __cplusplus
 245 }
 246 #endif
 247
 248 #endif  /* !_TSOL_LABEL_H */