selinux/ss/mls.h

0001 /* SPDX-License-Identifier: GPL-2.0 */
0002 /*
0003  * Multi-level security (MLS) policy operations.
0004  *
0005  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
0006  */
0007 /*
0008  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
0009  *
0010  *  Support for enhanced MLS infrastructure.
0011  *
0012  * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
0013  */
0014 /*
0015  * Updated: Hewlett-Packard <paul@paul-moore.com>
0016  *
0017  *  Added support to import/export the MLS label from NetLabel
0018  *
0019  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
0020  */
0021
0022 #ifndef _SS_MLS_H_
0023 #define _SS_MLS_H_
0024
0025 #include <linux/jhash.h>
0026
0027 #include "context.h"
0028 #include "ebitmap.h"
0029 #include "policydb.h"
0030
0031 int mls_compute_context_len(struct policydb *p, struct context *context);
0032 void mls_sid_to_context(struct policydb *p, struct context *context,
0033             char **scontext);
0034 int mls_context_isvalid(struct policydb *p, struct context *c);
0035 int mls_range_isvalid(struct policydb *p, struct mls_range *r);
0036 int mls_level_isvalid(struct policydb *p, struct mls_level *l);
0037
0038 int mls_context_to_sid(struct policydb *p,
0039                char oldc,
0040                char *scontext,
0041                struct context *context,
0042                struct sidtab *s,
0043                u32 def_sid);
0044
0045 int mls_from_string(struct policydb *p, char *str, struct context *context,
0046             gfp_t gfp_mask);
0047
0048 int mls_range_set(struct context *context, struct mls_range *range);
0049
0050 int mls_convert_context(struct policydb *oldp,
0051             struct policydb *newp,
0052             struct context *oldc,
0053             struct context *newc);
0054
0055 int mls_compute_sid(struct policydb *p,
0056             struct context *scontext,
0057             struct context *tcontext,
0058             u16 tclass,
0059             u32 specified,
0060             struct context *newcontext,
0061             bool sock);
0062
0063 int mls_setup_user_range(struct policydb *p,
0064              struct context *fromcon, struct user_datum *user,
0065              struct context *usercon);
0066
0067 #ifdef CONFIG_NETLABEL
0068 void mls_export_netlbl_lvl(struct policydb *p,
0069                struct context *context,
0070                struct netlbl_lsm_secattr *secattr);
0071 void mls_import_netlbl_lvl(struct policydb *p,
0072                struct context *context,
0073                struct netlbl_lsm_secattr *secattr);
0074 int mls_export_netlbl_cat(struct policydb *p,
0075               struct context *context,
0076               struct netlbl_lsm_secattr *secattr);
0077 int mls_import_netlbl_cat(struct policydb *p,
0078               struct context *context,
0079               struct netlbl_lsm_secattr *secattr);
0080 #else
0081 static inline void mls_export_netlbl_lvl(struct policydb *p,
0082                      struct context *context,
0083                      struct netlbl_lsm_secattr *secattr)
0084 {
0085     return;
0086 }
0087 static inline void mls_import_netlbl_lvl(struct policydb *p,
0088                      struct context *context,
0089                      struct netlbl_lsm_secattr *secattr)
0090 {
0091     return;
0092 }
0093 static inline int mls_export_netlbl_cat(struct policydb *p,
0094                     struct context *context,
0095                     struct netlbl_lsm_secattr *secattr)
0096 {
0097     return -ENOMEM;
0098 }
0099 static inline int mls_import_netlbl_cat(struct policydb *p,
0100                     struct context *context,
0101                     struct netlbl_lsm_secattr *secattr)
0102 {
0103     return -ENOMEM;
0104 }
0105 #endif
0106
0107 static inline u32 mls_range_hash(const struct mls_range *r, u32 hash)
0108 {
0109     hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash);
0110     hash = ebitmap_hash(&r->level[0].cat, hash);
0111     hash = ebitmap_hash(&r->level[1].cat, hash);
0112     return hash;
0113 }
0114
0115 #endif  /* _SS_MLS_H */
0116