mls.h (3188B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Multi-level security (MLS) policy operations. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7/* 8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 9 * 10 * Support for enhanced MLS infrastructure. 11 * 12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. 13 */ 14/* 15 * Updated: Hewlett-Packard <paul@paul-moore.com> 16 * 17 * Added support to import/export the MLS label from NetLabel 18 * 19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 20 */ 21 22#ifndef _SS_MLS_H_ 23#define _SS_MLS_H_ 24 25#include <linux/jhash.h> 26 27#include "context.h" 28#include "ebitmap.h" 29#include "policydb.h" 30 31int mls_compute_context_len(struct policydb *p, struct context *context); 32void mls_sid_to_context(struct policydb *p, struct context *context, 33 char **scontext); 34int mls_context_isvalid(struct policydb *p, struct context *c); 35int mls_range_isvalid(struct policydb *p, struct mls_range *r); 36int mls_level_isvalid(struct policydb *p, struct mls_level *l); 37 38int mls_context_to_sid(struct policydb *p, 39 char oldc, 40 char *scontext, 41 struct context *context, 42 struct sidtab *s, 43 u32 def_sid); 44 45int mls_from_string(struct policydb *p, char *str, struct context *context, 46 gfp_t gfp_mask); 47 48int mls_range_set(struct context *context, struct mls_range *range); 49 50int mls_convert_context(struct policydb *oldp, 51 struct policydb *newp, 52 struct context *oldc, 53 struct context *newc); 54 55int mls_compute_sid(struct policydb *p, 56 struct context *scontext, 57 struct context *tcontext, 58 u16 tclass, 59 u32 specified, 60 struct context *newcontext, 61 bool sock); 62 63int mls_setup_user_range(struct policydb *p, 64 struct context *fromcon, struct user_datum *user, 65 struct context *usercon); 66 67#ifdef CONFIG_NETLABEL 68void mls_export_netlbl_lvl(struct policydb *p, 69 struct context *context, 70 struct netlbl_lsm_secattr *secattr); 71void mls_import_netlbl_lvl(struct policydb *p, 72 struct context *context, 73 struct netlbl_lsm_secattr *secattr); 74int mls_export_netlbl_cat(struct policydb *p, 75 struct context *context, 76 struct netlbl_lsm_secattr *secattr); 77int mls_import_netlbl_cat(struct policydb *p, 78 struct context *context, 79 struct netlbl_lsm_secattr *secattr); 80#else 81static inline void mls_export_netlbl_lvl(struct policydb *p, 82 struct context *context, 83 struct netlbl_lsm_secattr *secattr) 84{ 85 return; 86} 87static inline void mls_import_netlbl_lvl(struct policydb *p, 88 struct context *context, 89 struct netlbl_lsm_secattr *secattr) 90{ 91 return; 92} 93static inline int mls_export_netlbl_cat(struct policydb *p, 94 struct context *context, 95 struct netlbl_lsm_secattr *secattr) 96{ 97 return -ENOMEM; 98} 99static inline int mls_import_netlbl_cat(struct policydb *p, 100 struct context *context, 101 struct netlbl_lsm_secattr *secattr) 102{ 103 return -ENOMEM; 104} 105#endif 106 107static inline u32 mls_range_hash(const struct mls_range *r, u32 hash) 108{ 109 hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); 110 hash = ebitmap_hash(&r->level[0].cat, hash); 111 hash = ebitmap_hash(&r->level[1].cat, hash); 112 return hash; 113} 114 115#endif /* _SS_MLS_H */ 116