162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0 */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Multi-level security (MLS) policy operations. 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci/* 862306a36Sopenharmony_ci * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 962306a36Sopenharmony_ci * 1062306a36Sopenharmony_ci * Support for enhanced MLS infrastructure. 1162306a36Sopenharmony_ci * 1262306a36Sopenharmony_ci * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. 1362306a36Sopenharmony_ci */ 1462306a36Sopenharmony_ci/* 1562306a36Sopenharmony_ci * Updated: Hewlett-Packard <paul@paul-moore.com> 1662306a36Sopenharmony_ci * 1762306a36Sopenharmony_ci * Added support to import/export the MLS label from NetLabel 1862306a36Sopenharmony_ci * 1962306a36Sopenharmony_ci * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 2062306a36Sopenharmony_ci */ 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#ifndef _SS_MLS_H_ 2362306a36Sopenharmony_ci#define _SS_MLS_H_ 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci#include <linux/jhash.h> 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci#include "context.h" 2862306a36Sopenharmony_ci#include "ebitmap.h" 2962306a36Sopenharmony_ci#include "policydb.h" 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ciint mls_compute_context_len(struct policydb *p, struct context *context); 3262306a36Sopenharmony_civoid mls_sid_to_context(struct policydb *p, struct context *context, 3362306a36Sopenharmony_ci char **scontext); 3462306a36Sopenharmony_ciint mls_context_isvalid(struct policydb *p, struct context *c); 3562306a36Sopenharmony_ciint mls_range_isvalid(struct policydb *p, struct mls_range *r); 3662306a36Sopenharmony_ciint mls_level_isvalid(struct policydb *p, struct mls_level *l); 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ciint mls_context_to_sid(struct policydb *p, 3962306a36Sopenharmony_ci char oldc, 4062306a36Sopenharmony_ci char *scontext, 4162306a36Sopenharmony_ci struct context *context, 4262306a36Sopenharmony_ci struct sidtab *s, 4362306a36Sopenharmony_ci u32 def_sid); 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ciint mls_from_string(struct policydb *p, char *str, struct context *context, 4662306a36Sopenharmony_ci gfp_t gfp_mask); 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_ciint mls_range_set(struct context *context, struct mls_range *range); 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ciint mls_convert_context(struct policydb *oldp, 5162306a36Sopenharmony_ci struct policydb *newp, 5262306a36Sopenharmony_ci struct context *oldc, 5362306a36Sopenharmony_ci struct context *newc); 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ciint mls_compute_sid(struct policydb *p, 5662306a36Sopenharmony_ci struct context *scontext, 5762306a36Sopenharmony_ci struct context *tcontext, 5862306a36Sopenharmony_ci u16 tclass, 5962306a36Sopenharmony_ci u32 specified, 6062306a36Sopenharmony_ci struct context *newcontext, 6162306a36Sopenharmony_ci bool sock); 6262306a36Sopenharmony_ci 6362306a36Sopenharmony_ciint mls_setup_user_range(struct policydb *p, 6462306a36Sopenharmony_ci struct context *fromcon, struct user_datum *user, 6562306a36Sopenharmony_ci struct context *usercon); 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci#ifdef CONFIG_NETLABEL 6862306a36Sopenharmony_civoid mls_export_netlbl_lvl(struct policydb *p, 6962306a36Sopenharmony_ci struct context *context, 7062306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 7162306a36Sopenharmony_civoid mls_import_netlbl_lvl(struct policydb *p, 7262306a36Sopenharmony_ci struct context *context, 7362306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 7462306a36Sopenharmony_ciint mls_export_netlbl_cat(struct policydb *p, 7562306a36Sopenharmony_ci struct context *context, 7662306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 7762306a36Sopenharmony_ciint mls_import_netlbl_cat(struct policydb *p, 7862306a36Sopenharmony_ci struct context *context, 7962306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr); 8062306a36Sopenharmony_ci#else 8162306a36Sopenharmony_cistatic inline void mls_export_netlbl_lvl(struct policydb *p, 8262306a36Sopenharmony_ci struct context *context, 8362306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 8462306a36Sopenharmony_ci{ 8562306a36Sopenharmony_ci return; 8662306a36Sopenharmony_ci} 8762306a36Sopenharmony_cistatic inline void mls_import_netlbl_lvl(struct policydb *p, 8862306a36Sopenharmony_ci struct context *context, 8962306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 9062306a36Sopenharmony_ci{ 9162306a36Sopenharmony_ci return; 9262306a36Sopenharmony_ci} 9362306a36Sopenharmony_cistatic inline int mls_export_netlbl_cat(struct policydb *p, 9462306a36Sopenharmony_ci struct context *context, 9562306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 9662306a36Sopenharmony_ci{ 9762306a36Sopenharmony_ci return -ENOMEM; 9862306a36Sopenharmony_ci} 9962306a36Sopenharmony_cistatic inline int mls_import_netlbl_cat(struct policydb *p, 10062306a36Sopenharmony_ci struct context *context, 10162306a36Sopenharmony_ci struct netlbl_lsm_secattr *secattr) 10262306a36Sopenharmony_ci{ 10362306a36Sopenharmony_ci return -ENOMEM; 10462306a36Sopenharmony_ci} 10562306a36Sopenharmony_ci#endif 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_cistatic inline u32 mls_range_hash(const struct mls_range *r, u32 hash) 10862306a36Sopenharmony_ci{ 10962306a36Sopenharmony_ci hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash); 11062306a36Sopenharmony_ci hash = ebitmap_hash(&r->level[0].cat, hash); 11162306a36Sopenharmony_ci hash = ebitmap_hash(&r->level[1].cat, hash); 11262306a36Sopenharmony_ci return hash; 11362306a36Sopenharmony_ci} 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci#endif /* _SS_MLS_H */ 11662306a36Sopenharmony_ci 117