LXR linux/security/selinux/ss/mls.h

   1/* SPDX-License-Identifier: GPL-2.0 */
   2/*
   3 * Multi-level security (MLS) policy operations.
   4 *
   5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
   6 */
   7/*
   8 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
   9 *
  10 *      Support for enhanced MLS infrastructure.
  11 *
  12 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
  13 */
  14/*
  15 * Updated: Hewlett-Packard <paul@paul-moore.com>
  16 *
  17 *      Added support to import/export the MLS label from NetLabel
  18 *
  19 * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
  20 */
  21
  22#ifndef _SS_MLS_H_
  23#define _SS_MLS_H_
  24
  25#include <linux/jhash.h>
  26
  27#include "context.h"
  28#include "ebitmap.h"
  29#include "policydb.h"
  30
  31int mls_compute_context_len(struct policydb *p, struct context *context);
  32void mls_sid_to_context(struct policydb *p, struct context *context,
  33                        char **scontext);
  34int mls_context_isvalid(struct policydb *p, struct context *c);
  35int mls_range_isvalid(struct policydb *p, struct mls_range *r);
  36int mls_level_isvalid(struct policydb *p, struct mls_level *l);
  37
  38int mls_context_to_sid(struct policydb *p,
  39                       char oldc,
  40                       char *scontext,
  41                       struct context *context,
  42                       struct sidtab *s,
  43                       u32 def_sid);
  44
  45int mls_from_string(struct policydb *p, char *str, struct context *context,
  46                    gfp_t gfp_mask);
  47
  48int mls_range_set(struct context *context, struct mls_range *range);
  49
  50int mls_convert_context(struct policydb *oldp,
  51                        struct policydb *newp,
  52                        struct context *oldc,
  53                        struct context *newc);
  54
  55int mls_compute_sid(struct policydb *p,
  56                    struct context *scontext,
  57                    struct context *tcontext,
  58                    u16 tclass,
  59                    u32 specified,
  60                    struct context *newcontext,
  61                    bool sock);
  62
  63int mls_setup_user_range(struct policydb *p,
  64                         struct context *fromcon, struct user_datum *user,
  65                         struct context *usercon);
  66
  67#ifdef CONFIG_NETLABEL
  68void mls_export_netlbl_lvl(struct policydb *p,
  69                           struct context *context,
  70                           struct netlbl_lsm_secattr *secattr);
  71void mls_import_netlbl_lvl(struct policydb *p,
  72                           struct context *context,
  73                           struct netlbl_lsm_secattr *secattr);
  74int mls_export_netlbl_cat(struct policydb *p,
  75                          struct context *context,
  76                          struct netlbl_lsm_secattr *secattr);
  77int mls_import_netlbl_cat(struct policydb *p,
  78                          struct context *context,
  79                          struct netlbl_lsm_secattr *secattr);
  80#else
  81static inline void mls_export_netlbl_lvl(struct policydb *p,
  82                                         struct context *context,
  83                                         struct netlbl_lsm_secattr *secattr)
  84{
  85        return;
  86}
  87static inline void mls_import_netlbl_lvl(struct policydb *p,
  88                                         struct context *context,
  89                                         struct netlbl_lsm_secattr *secattr)
  90{
  91        return;
  92}
  93static inline int mls_export_netlbl_cat(struct policydb *p,
  94                                        struct context *context,
  95                                        struct netlbl_lsm_secattr *secattr)
  96{
  97        return -ENOMEM;
  98}
  99static inline int mls_import_netlbl_cat(struct policydb *p,
 100                                        struct context *context,
 101                                        struct netlbl_lsm_secattr *secattr)
 102{
 103        return -ENOMEM;
 104}
 105#endif
 106
 107static inline u32 mls_range_hash(const struct mls_range *r, u32 hash)
 108{
 109        hash = jhash_2words(r->level[0].sens, r->level[1].sens, hash);
 110        hash = ebitmap_hash(&r->level[0].cat, hash);
 111        hash = ebitmap_hash(&r->level[1].cat, hash);
 112        return hash;
 113}
 114
 115#endif  /* _SS_MLS_H */
 116
 117