1 /* 2 * This file describes the internal interface used by the AVC 3 * for calling the user-supplied memory allocation, supplemental 4 * auditing, and locking routine, as well as incrementing the 5 * statistics fields. 6 * 7 * Author : Eamon Walsh <ewalsh (at) epoch.ncsc.mil> 8 */ 9 #ifndef _SELINUX_AVC_INTERNAL_H_ 10 #define _SELINUX_AVC_INTERNAL_H_ 11 12 #include <stdio.h> 13 #include <stdlib.h> 14 #include <string.h> 15 #include <selinux/avc.h> 16 #include "callbacks.h" 17 #include "dso.h" 18 19 /* callback pointers */ 20 extern void *(*avc_func_malloc) (size_t) hidden; 21 extern void (*avc_func_free) (void *)hidden; 22 23 extern void (*avc_func_log) (const char *, ...)hidden; 24 extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; 25 26 extern int avc_using_threads hidden; 27 extern int avc_app_main_loop hidden; 28 extern void *(*avc_func_create_thread) (void (*)(void))hidden; 29 extern void (*avc_func_stop_thread) (void *)hidden; 30 31 extern void *(*avc_func_alloc_lock) (void)hidden; 32 extern void (*avc_func_get_lock) (void *)hidden; 33 extern void (*avc_func_release_lock) (void *)hidden; 34 extern void (*avc_func_free_lock) (void *)hidden; 35 36 static inline void set_callbacks(const struct avc_memory_callback *mem_cb, 37 const struct avc_log_callback *log_cb, 38 const struct avc_thread_callback *thread_cb, 39 const struct avc_lock_callback *lock_cb) 40 { 41 if (mem_cb) { 42 avc_func_malloc = mem_cb->func_malloc; 43 avc_func_free = mem_cb->func_free; 44 } 45 if (log_cb) { 46 avc_func_log = log_cb->func_log; 47 avc_func_audit = log_cb->func_audit; 48 } 49 if (thread_cb) { 50 avc_using_threads = 1; 51 avc_func_create_thread = thread_cb->func_create_thread; 52 avc_func_stop_thread = thread_cb->func_stop_thread; 53 } 54 if (lock_cb) { 55 avc_func_alloc_lock = lock_cb->func_alloc_lock; 56 avc_func_get_lock = lock_cb->func_get_lock; 57 avc_func_release_lock = lock_cb->func_release_lock; 58 avc_func_free_lock = lock_cb->func_free_lock; 59 } 60 } 61 62 /* message prefix and enforcing mode*/ 63 #define AVC_PREFIX_SIZE 16 64 extern char avc_prefix[AVC_PREFIX_SIZE] hidden; 65 extern int avc_running hidden; 66 extern int avc_enforcing hidden; 67 extern int avc_setenforce hidden; 68 69 /* user-supplied callback interface for avc */ 70 static inline void *avc_malloc(size_t size) 71 { 72 return avc_func_malloc ? avc_func_malloc(size) : malloc(size); 73 } 74 75 static inline void avc_free(void *ptr) 76 { 77 if (avc_func_free) 78 avc_func_free(ptr); 79 else 80 free(ptr); 81 } 82 83 /* this is a macro in order to use the variadic capability. */ 84 #define avc_log(type, format...) \ 85 if (avc_func_log) \ 86 avc_func_log(format); \ 87 else \ 88 selinux_log(type, format); 89 90 static inline void avc_suppl_audit(void *ptr, security_class_t class, 91 char *buf, size_t len) 92 { 93 if (avc_func_audit) 94 avc_func_audit(ptr, class, buf, len); 95 else 96 selinux_audit(ptr, class, buf, len); 97 } 98 99 static inline void *avc_create_thread(void (*run) (void)) 100 { 101 return avc_func_create_thread ? avc_func_create_thread(run) : NULL; 102 } 103 104 static inline void avc_stop_thread(void *thread) 105 { 106 if (avc_func_stop_thread) 107 avc_func_stop_thread(thread); 108 } 109 110 static inline void *avc_alloc_lock(void) 111 { 112 return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL; 113 } 114 115 static inline void avc_get_lock(void *lock) 116 { 117 if (avc_func_get_lock) 118 avc_func_get_lock(lock); 119 } 120 121 static inline void avc_release_lock(void *lock) 122 { 123 if (avc_func_release_lock) 124 avc_func_release_lock(lock); 125 } 126 127 static inline void avc_free_lock(void *lock) 128 { 129 if (avc_func_free_lock) 130 avc_func_free_lock(lock); 131 } 132 133 /* statistics helper routines */ 134 #ifdef AVC_CACHE_STATS 135 136 #define avc_cache_stats_incr(field) \ 137 cache_stats.field ++; 138 #define avc_cache_stats_add(field, num) \ 139 cache_stats.field += num; 140 141 #else 142 143 #define avc_cache_stats_incr(field) 144 #define avc_cache_stats_add(field, num) 145 146 #endif 147 148 /* logging helper routines */ 149 #define AVC_AUDIT_BUFSIZE 1024 150 151 /* again, we need the variadic capability here */ 152 #define log_append(buf,format...) \ 153 snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format) 154 155 /* internal callbacks */ 156 int avc_ss_grant(security_id_t ssid, security_id_t tsid, 157 security_class_t tclass, access_vector_t perms, 158 uint32_t seqno) hidden; 159 int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, 160 security_class_t tclass, 161 access_vector_t perms, uint32_t seqno, 162 access_vector_t * out_retained) hidden; 163 int avc_ss_revoke(security_id_t ssid, security_id_t tsid, 164 security_class_t tclass, access_vector_t perms, 165 uint32_t seqno) hidden; 166 int avc_ss_reset(uint32_t seqno) hidden; 167 int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, 168 security_class_t tclass, access_vector_t perms, 169 uint32_t seqno, uint32_t enable) hidden; 170 int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, 171 security_class_t tclass, access_vector_t perms, 172 uint32_t seqno, uint32_t enable) hidden; 173 174 /* netlink kernel message code */ 175 extern int avc_netlink_trouble hidden; 176 177 hidden_proto(avc_av_stats) 178 hidden_proto(avc_cleanup) 179 hidden_proto(avc_reset) 180 hidden_proto(avc_audit) 181 hidden_proto(avc_has_perm_noaudit) 182 #endif /* _SELINUX_AVC_INTERNAL_H_ */ 183
