xref: /illumos-gate/usr/src/lib/libtsol/common/label.h (revision 06e1a714) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_TSOL_LABEL_H
27 #define	_TSOL_LABEL_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #include <sys/tsol/label.h>
32 #include <priv.h>
33 
34 #ifdef	__cplusplus
35 extern "C" {
36 #endif
37 
38 /* Procedural Interface Structure Definitions */
39 
40 struct	label_info {		/* structure returned by label_info */
41 	short	ilabel_len;		/* max Information Label length */
42 	short	slabel_len;		/* max Sensitivity Label length */
43 	short	clabel_len;		/* max CMW Label length */
44 	short	clear_len;		/* max Clearance Label length */
45 	short	vers_len;		/* version string length */
46 	short	header_len;		/* max len of banner page header */
47 	short	protect_as_len;		/* max len of banner page protect as */
48 	short	caveats_len;		/* max len of banner page caveats */
49 	short	channels_len;		/* max len of banner page channels */
50 };
51 
52 typedef struct label_set_identifier {	/* valid label set identifier */
53 	int	type;			/* type of the set */
54 	char	*name;			/* name of the set if needed */
55 } set_id;
56 
57 struct name_fields {		/* names for label builder fields */
58 	char	*class_name;		/* Classifications field name */
59 	char	*comps_name;		/* Compartments field name */
60 	char	*marks_name;		/* Markings field name */
61 };
62 
63 /* Label Set Identifier Types */
64 
65 /*
66  * The accreditation ranges as specified in the label encodings file.
67  * The name parameter is ignored.
68  *
69  * System Accreditation Range is all valid labels plus Admin High and Low.
70  *
71  * User Accreditation Range is valid user labels as defined in the
72  *	ACCREDITATION RANGE: section of the label encodings file.
73  */
74 
75 #define	SYSTEM_ACCREDITATION_RANGE	1
76 #define	USER_ACCREDITATION_RANGE	2
77 
78 
79 /* System Call Interface Definitions */
80 
81 extern int getlabel(const char *, m_label_t *);
82 extern int fgetlabel(int, m_label_t *);
83 
84 extern int getplabel(m_label_t *);
85 extern int setflabel(const char *, m_label_t *);
86 extern char *getpathbylabel(const char *, char *, size_t,
87     const m_label_t *sl);
88 extern m_label_t *getzonelabelbyid(zoneid_t);
89 extern m_label_t *getzonelabelbyname(const char *);
90 extern zoneid_t getzoneidbylabel(const m_label_t *);
91 extern char *getzonenamebylabel(const m_label_t *);
92 extern char *getzonerootbyid(zoneid_t);
93 extern char *getzonerootbyname(const char *);
94 extern char *getzonerootbylabel(const m_label_t *);
95 extern m_label_t *getlabelbypath(const char *);
96 
97 
98 /* Flag word values */
99 
100 #define	ALL_ENTRIES		0x00000000
101 #define	ACCESS_RELATED		0x00000001
102 #define	ACCESS_MASK		0x0000FFFF
103 #define	ACCESS_SHIFT		0
104 
105 #define	LONG_WORDS		0x00010000	/* use long names */
106 #define	SHORT_WORDS		0x00020000	/* use short names if present */
107 #define	LONG_CLASSIFICATION	0x00040000	/* use long classification */
108 #define	SHORT_CLASSIFICATION	0x00080000	/* use short classification */
109 #define	NO_CLASSIFICATION	0x00100000	/* don't translate the class */
110 #define	VIEW_INTERNAL		0x00200000	/* don't promote/demote */
111 #define	VIEW_EXTERNAL		0x00400000	/* promote/demote label */
112 
113 #define	NEW_LABEL		0x00000001	/* create a full new label */
114 #define	NO_CORRECTION		0x00000002	/* don't correct label errors */
115 						/* implies NEW_LABEL */
116 
117 #define	CVT_DIM			0x01		/* display word dimmed */
118 #define	CVT_SET			0x02		/* display word currently set */
119 
120 /* Procedure Interface Definitions available to user */
121 
122 /* APIs shared with the kernel are in <sys/tsol/label.h */
123 
124 extern m_label_t *blabel_alloc(void);
125 extern void	blabel_free(m_label_t *);
126 extern size_t   blabel_size(void);
127 extern char	*bsltoh(const m_label_t *);
128 extern char	*bcleartoh(const m_label_t *);
129 
130 extern char	*bsltoh_r(const m_label_t *, char *);
131 extern char	*bcleartoh_r(const m_label_t *, char *);
132 extern char	*h_alloc(uint8_t);
133 extern void	h_free(char *);
134 
135 extern int	htobsl(const char *, m_label_t *);
136 extern int	htobclear(const char *, m_label_t *);
137 
138 extern m_range_t	*getuserrange(const char *);
139 extern m_range_t	*getdevicerange(const char *);
140 
141 extern int	set_effective_priv(priv_op_t, int, ...);
142 extern int	set_inheritable_priv(priv_op_t, int, ...);
143 extern int	set_permitted_priv(priv_op_t, int, ...);
144 extern int	is_system_labeled(void);
145 
146 /* Procedures needed for multi-level printing */
147 
148 extern int	tsol_check_admin_auth(uid_t uid);
149 
150 /* APIs implemented via labeld */
151 
152 extern int	blinset(const m_label_t *, const set_id *);
153 extern int	labelinfo(struct label_info *);
154 extern ssize_t	labelvers(char **, size_t);
155 extern char	*bltocolor(const m_label_t *);
156 extern char	*bltocolor_r(const m_label_t *, size_t, char *);
157 
158 extern ssize_t	bsltos(const m_label_t *, char **, size_t, int);
159 extern ssize_t	bcleartos(const m_label_t *, char **, size_t, int);
160 
161 
162 extern char	*sbsltos(const m_label_t *, size_t);
163 extern char	*sbcleartos(const m_label_t *, size_t);
164 
165 
166 extern int	stobsl(const char *, m_label_t *, int, int *);
167 extern int	stobclear(const char *, m_label_t *, int, int *);
168 extern int	bslvalid(const m_label_t *);
169 extern int	bclearvalid(const m_label_t *);
170 
171 /* Manifest human readable label names */
172 
173 #define	ADMIN_LOW	"ADMIN_LOW"
174 #define	ADMIN_HIGH	"ADMIN_HIGH"
175 
176 /* DIA label conversion and parsing */
177 
178 /* Conversion types */
179 
180 typedef	enum _m_label_str {
181 	M_LABEL = 1,		/* process or user clearance */
182 	M_INTERNAL = 2,		/* internal form for use in public databases */
183 	M_COLOR = 3,		/* process label color */
184 	PRINTER_TOP_BOTTOM = 4,	/* DIA banner page top/bottom */
185 	PRINTER_LABEL = 5,	/* DIA banner page label */
186 	PRINTER_CAVEATS = 6,	/* DIA banner page caveats */
187 	PRINTER_CHANNELS = 7	/* DIA banner page handling channels */
188 } m_label_str_t;
189 
190 /* Flags for conversion, not all flags apply to all types */
191 #define	DEF_NAMES	0x1
192 #define	SHORT_NAMES	0x3	/* short names are prefered where defined */
193 #define	LONG_NAMES	0x4	/* long names are prefered where defined */
194 
195 extern int label_to_str(const m_label_t *, char **, const m_label_str_t,
196     uint_t);
197 
198 /* Parsing types */
199 typedef enum _m_label_type {
200 	MAC_LABEL = 1,		/* process or object label */
201 	USER_CLEAR = 2		/* user's clearance (LUB) */
202 } m_label_type_t;
203 
204 /* Flags for parsing */
205 
206 #define	L_DEFAULT		0x0
207 #define	L_MODIFY_EXISTING	0x1	/* start parsing with existing label */
208 #define	L_NO_CORRECTION		0x2	/* must be correct by l_e rules */
209 
210 /* EINVAL sub codes */
211 
212 #define	M_BAD_STRING		-3	/* DIA L_BAD_LABEL */
213 	/* bad requested label type, bad previous label type */
214 #define	M_BAD_LABEL		-2	/* DIA L_BAD_CLASSIFICATION, */
215 
216 extern int str_to_label(const char *, m_label_t **, const m_label_type_t,
217     uint_t, int *);
218 
219 extern m_label_t *m_label_alloc(const m_label_type_t);
220 
221 extern int m_label_dup(m_label_t **, const m_label_t *);
222 
223 extern void m_label_free(m_label_t *);
224 
225 /* Contract Private interfaces with the label builder GUIs */
226 
227 extern int	bslcvtfull(const m_label_t *, const m_range_t *, int,
228     char **, char **[], char **[], char *[], int *, int *);
229 extern int	bslcvt(const m_label_t *, int, char **, char *[]);
230 extern int	bclearcvtfull(const m_label_t *, const m_range_t *, int,
231     char **, char **[], char **[], char *[], int *, int *);
232 extern int	bclearcvt(const m_label_t *, int, char **, char *[]);
233 
234 extern int	labelfields(struct name_fields *);
235 extern int	userdefs(m_label_t *, m_label_t *);
236 extern int	zonecopy(m_label_t *, char *, char *, char *, int);
237 
238 #ifdef DEBUG
239 /* testing hook: see devfsadm.c, mkdevalloc.c and allocate.c */
240 #define	is_system_labeled_debug(statbufp)	\
241 	((stat("/ALLOCATE_FORCE_LABEL", (statbufp)) == 0) ? 1 : 0)
242 #else	/* DEBUG */
243 #define	is_system_labeled_debug(statbufp)	0
244 #endif	/* DEBUG */
245 
246 #ifdef	__cplusplus
247 }
248 #endif
249 
250 #endif	/* !_TSOL_LABEL_H */
251