1 2 /* Author : Stephen Smalley, <[email protected]> */ 3 4 /* 5 * Updated: Yuichi Nakamura <[email protected]> 6 * Tuned number of hash slots for avtab to reduce memory usage 7 */ 8 9 /* Updated: Frank Mayer <[email protected]> and Karl MacMillan <[email protected]> 10 * 11 * Added conditional policy language extensions 12 * 13 * Copyright (C) 2003 Tresys Technology, LLC 14 * 15 * This library is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU Lesser General Public 17 * License as published by the Free Software Foundation; either 18 * version 2.1 of the License, or (at your option) any later version. 19 * 20 * This library is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 * Lesser General Public License for more details. 24 * 25 * You should have received a copy of the GNU Lesser General Public 26 * License along with this library; if not, write to the Free Software 27 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 28 */ 29 30 /* FLASK */ 31 32 /* 33 * An access vector table (avtab) is a hash table 34 * of access vectors and transition types indexed 35 * by a type pair and a class. An access vector 36 * table is used to represent the type enforcement 37 * tables. 38 */ 39 40 #ifndef _SEPOL_POLICYDB_AVTAB_H_ 41 #define _SEPOL_POLICYDB_AVTAB_H_ 42 43 #include <sys/types.h> 44 #include <stdint.h> 45 46 #ifdef __cplusplus 47 extern "C" { 48 #endif 49 50 typedef struct avtab_key { 51 uint16_t source_type; 52 uint16_t target_type; 53 uint16_t target_class; 54 #define AVTAB_ALLOWED 0x0001 55 #define AVTAB_AUDITALLOW 0x0002 56 #define AVTAB_AUDITDENY 0x0004 57 #define AVTAB_NEVERALLOW 0x0080 58 #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 59 #define AVTAB_TRANSITION 0x0010 60 #define AVTAB_MEMBER 0x0020 61 #define AVTAB_CHANGE 0x0040 62 #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 63 #define AVTAB_XPERMS_ALLOWED 0x0100 64 #define AVTAB_XPERMS_AUDITALLOW 0x0200 65 #define AVTAB_XPERMS_DONTAUDIT 0x0400 66 #define AVTAB_XPERMS_NEVERALLOW 0x0800 67 #define AVTAB_XPERMS (AVTAB_XPERMS_ALLOWED | AVTAB_XPERMS_AUDITALLOW | AVTAB_XPERMS_DONTAUDIT) 68 #define AVTAB_ENABLED_OLD 0x80000000 69 #define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 70 uint16_t specified; /* what fields are specified */ 71 } avtab_key_t; 72 73 typedef struct avtab_extended_perms { 74 75 #define AVTAB_XPERMS_IOCTLFUNCTION 0x01 76 #define AVTAB_XPERMS_IOCTLDRIVER 0x02 77 #define AVTAB_XPERMS_NLMSG 0x03 78 /* extension of the avtab_key specified */ 79 uint8_t specified; 80 uint8_t driver; 81 uint32_t perms[8]; 82 } avtab_extended_perms_t; 83 84 typedef struct avtab_datum { 85 uint32_t data; /* access vector or type */ 86 avtab_extended_perms_t *xperms; 87 } avtab_datum_t; 88 89 typedef struct avtab_node *avtab_ptr_t; 90 91 struct avtab_node { 92 avtab_key_t key; 93 avtab_datum_t datum; 94 avtab_ptr_t next; 95 void *parse_context; /* generic context pointer used by parser; 96 * not saved in binary policy */ 97 unsigned merged; /* flag for avtab_write only; 98 not saved in binary policy */ 99 }; 100 101 typedef struct avtab { 102 avtab_ptr_t *htable; 103 uint32_t nel; /* number of elements */ 104 uint32_t nslot; /* number of hash slots */ 105 uint32_t mask; /* mask to compute hash func */ 106 } avtab_t; 107 108 extern int avtab_init(avtab_t *); 109 extern int avtab_alloc(avtab_t *, uint32_t); 110 extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d); 111 112 extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k); 113 114 extern void avtab_destroy(avtab_t * h); 115 116 extern int avtab_map(const avtab_t * h, 117 int (*apply) (avtab_key_t * k, 118 avtab_datum_t * d, void *args), void *args); 119 120 extern void avtab_hash_eval(avtab_t * h, char *tag); 121 122 struct policy_file; 123 extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, 124 int (*insert) (avtab_t * a, avtab_key_t * k, 125 avtab_datum_t * d, void *p), void *p); 126 127 extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers); 128 129 extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key, 130 avtab_datum_t * datum); 131 132 extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h, 133 avtab_key_t * key, 134 avtab_datum_t * datum, 135 void *parse_context); 136 137 extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key); 138 139 extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified); 140 141 #define MAX_AVTAB_HASH_BITS 20 142 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 143 #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) 144 /* avtab_alloc uses one bucket per 2-4 elements, so adjust to get maximum buckets */ 145 #define MAX_AVTAB_SIZE (MAX_AVTAB_HASH_BUCKETS << 1) 146 147 #ifdef __cplusplus 148 } 149 #endif 150 151 #endif /* _AVTAB_H_ */ 152 153 /* FLASK */ 154