1101099Srwatson/*-
2126097Srwatson * Copyright (c) 1999-2002 Robert N. M. Watson
3132232Srwatson * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
4101099Srwatson * All rights reserved.
5101099Srwatson *
6101099Srwatson * This software was developed by Robert Watson for the TrustedBSD Project.
7101099Srwatson *
8106393Srwatson * This software was developed for the FreeBSD Project in part by Network
9106393Srwatson * Associates Laboratories, the Security Research Division of Network
10106393Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
11106393Srwatson * as part of the DARPA CHATS research program.
12101099Srwatson *
13101099Srwatson * Redistribution and use in source and binary forms, with or without
14101099Srwatson * modification, are permitted provided that the following conditions
15101099Srwatson * are met:
16101099Srwatson * 1. Redistributions of source code must retain the above copyright
17101099Srwatson *    notice, this list of conditions and the following disclaimer.
18101099Srwatson * 2. Redistributions in binary form must reproduce the above copyright
19101099Srwatson *    notice, this list of conditions and the following disclaimer in the
20101099Srwatson *    documentation and/or other materials provided with the distribution.
21101099Srwatson *
22101099Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23101099Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24101099Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25101099Srwatson * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26101099Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27101099Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28101099Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29101099Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30101099Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31101099Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32101099Srwatson * SUCH DAMAGE.
33101099Srwatson *
34101099Srwatson * $FreeBSD: releng/10.3/sys/security/mac_mls/mac_mls.h 132232 2004-07-16 02:03:50Z rwatson $
35101099Srwatson */
36101099Srwatson/*
37101099Srwatson * Definitions for the TrustedBSD MLS confidentiality policy module.
38101099Srwatson */
39101099Srwatson#ifndef _SYS_SECURITY_MAC_MLS_H
40101099Srwatson#define	_SYS_SECURITY_MAC_MLS_H
41101099Srwatson
42101099Srwatson#define	MAC_MLS_EXTATTR_NAMESPACE	EXTATTR_NAMESPACE_SYSTEM
43105696Srwatson#define	MAC_MLS_EXTATTR_NAME		"mac_mls"
44101099Srwatson
45105696Srwatson#define	MAC_MLS_LABEL_NAME		"mls"
46105696Srwatson
47132232Srwatson#define	MAC_MLS_FLAG_EFFECTIVE	0x00000001	/* mm_effective initialized */
48101099Srwatson#define	MAC_MLS_FLAG_RANGE	0x00000002	/* mm_range* initialized */
49132232Srwatson#define	MAC_MLS_FLAGS_BOTH	(MAC_MLS_FLAG_EFFECTIVE | MAC_MLS_FLAG_RANGE)
50101099Srwatson
51101099Srwatson#define	MAC_MLS_TYPE_UNDEF	0	/* Undefined */
52101099Srwatson#define	MAC_MLS_TYPE_LEVEL	1	/* Hierarchal level with mm_level. */
53101099Srwatson#define	MAC_MLS_TYPE_LOW	2	/* Dominated by any
54101099Srwatson					 * MAC_MLS_TYPE_LABEL. */
55101099Srwatson#define	MAC_MLS_TYPE_HIGH	3	/* Dominates any
56101099Srwatson					 * MAC_MLS_TYPE_LABEL. */
57101099Srwatson#define	MAC_MLS_TYPE_EQUAL	4	/* Equivilent to any
58101099Srwatson					 * MAC_MLS_TYPE_LABEL. */
59101099Srwatson
60105643Srwatson/*
61106093Srwatson * Structures and constants associated with a Multi-Level Security policy.
62106093Srwatson * mac_mls represents an MLS label, with mm_type determining its properties,
63106093Srwatson * and mm_level represents the hierarchal sensitivity level if valid for the
64106093Srwatson * current mm_type.  If compartments are used, the same semantics apply as
65106093Srwatson * long as the suject is in every compartment the object is in.  LOW, EQUAL
66106093Srwatson * and HIGH cannot be in compartments.
67106093Srwatson */
68106093Srwatson
69106093Srwatson/*
70106093Srwatson * MLS compartments bit set size (in bits).
71106093Srwatson */
72106094Srwatson#define	MAC_MLS_MAX_COMPARTMENTS	256
73106093Srwatson
74106093Srwatsonstruct mac_mls_element {
75106093Srwatson	u_short	mme_type;
76106093Srwatson	u_short	mme_level;
77106093Srwatson	u_char	mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3];
78106093Srwatson};
79106093Srwatson
80106093Srwatson/*
81132232Srwatson * MLS labels consist of two components: an effective label, and a label
82106093Srwatson * range.  Depending on the context, one or both may be used; the mb_flags
83106093Srwatson * field permits the provider to indicate what fields are intended for
84106093Srwatson * use.
85106093Srwatson */
86106093Srwatsonstruct mac_mls {
87106093Srwatson	int			mm_flags;
88132232Srwatson	struct mac_mls_element	mm_effective;
89106093Srwatson	struct mac_mls_element	mm_rangelow, mm_rangehigh;
90106093Srwatson};
91106093Srwatson
92106093Srwatson/*
93105643Srwatson * MLS compartments bit test/set macros.
94105643Srwatson * The range is 1 to MAC_MLS_MAX_COMPARTMENTS.
95105643Srwatson */
96105643Srwatson#define	MAC_MLS_BIT_TEST(b, w) \
97105643Srwatson	((w)[(((b) - 1) >> 3)] & (1 << (((b) - 1) & 7)))
98105643Srwatson#define	MAC_MLS_BIT_SET(b, w) \
99105643Srwatson	((w)[(((b) - 1) >> 3)] |= (1 << (((b) - 1) & 7)))
100105643Srwatson#define	MAC_MLS_BIT_SET_EMPTY(set)	mls_bit_set_empty(set)
101105643Srwatson
102101099Srwatson#endif /* !_SYS_SECURITY_MAC_MLS_H */
103