Home | History | Annotate | Download | only in policydb 
      1 
      2 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */
      3 
      4 /*
      5  * Updated: Yuichi Nakamura <ynakam (at) hitachisoft.jp>
      6  * 	Tuned number of hash slots for avtab to reduce memory usage
      7  */
      8 
      9 /* Updated: Frank Mayer <mayerf (at) tresys.com> and Karl MacMillan <kmacmillan (at) tresys.com>
     10  *
     11  * 	Added conditional policy language extensions
     12  *
     13  * Copyright (C) 2003 Tresys Technology, LLC
     14  *
     15  *  This library is free software; you can redistribute it and/or
     16  *  modify it under the terms of the GNU Lesser General Public
     17  *  License as published by the Free Software Foundation; either
     18  *  version 2.1 of the License, or (at your option) any later version.
     19  *
     20  *  This library is distributed in the hope that it will be useful,
     21  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     22  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     23  *  Lesser General Public License for more details.
     24  *
     25  *  You should have received a copy of the GNU Lesser General Public
     26  *  License along with this library; if not, write to the Free Software
     27  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     28  */
     29 
     30 /* FLASK */
     31 
     32 /*
     33  * An access vector table (avtab) is a hash table
     34  * of access vectors and transition types indexed
     35  * by a type pair and a class.  An access vector
     36  * table is used to represent the type enforcement
     37  * tables.
     38  */
     39 
     40 #ifndef _SEPOL_POLICYDB_AVTAB_H_
     41 #define _SEPOL_POLICYDB_AVTAB_H_
     42 
     43 #include <sys/cdefs.h>
     44 #include <sys/types.h>
     45 #include <stdint.h>
     46 
     47 __BEGIN_DECLS
     48 
     49 typedef struct avtab_key {
     50 	uint16_t source_type;
     51 	uint16_t target_type;
     52 	uint16_t target_class;
     53 #define AVTAB_ALLOWED		0x0001
     54 #define AVTAB_AUDITALLOW	0x0002
     55 #define AVTAB_AUDITDENY		0x0004
     56 #define AVTAB_NEVERALLOW	0x0080
     57 #define AVTAB_AV		(AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
     58 #define AVTAB_TRANSITION	0x0010
     59 #define AVTAB_MEMBER		0x0020
     60 #define AVTAB_CHANGE		0x0040
     61 #define AVTAB_TYPE		(AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
     62 #define AVTAB_OPNUM_ALLOWED	0x0100
     63 #define AVTAB_OPNUM_AUDITALLOW	0x0200
     64 #define AVTAB_OPNUM_DONTAUDIT	0x0400
     65 #define AVTAB_OPNUM		(AVTAB_OPNUM_ALLOWED | AVTAB_OPNUM_AUDITALLOW | AVTAB_OPNUM_DONTAUDIT)
     66 #define AVTAB_OPTYPE_ALLOWED	0x1000
     67 #define AVTAB_OPTYPE_AUDITALLOW	0x2000
     68 #define AVTAB_OPTYPE_DONTAUDIT	0x4000
     69 #define AVTAB_OPTYPE		(AVTAB_OPTYPE_ALLOWED | AVTAB_OPTYPE_AUDITALLOW | AVTAB_OPTYPE_DONTAUDIT)
     70 #define AVTAB_OP		(AVTAB_OPNUM | AVTAB_OPTYPE)
     71 #define AVTAB_ENABLED_OLD	0x80000000
     72 #define AVTAB_ENABLED		0x8000	/* reserved for used in cond_avtab */
     73 	uint16_t specified;	/* what fields are specified */
     74 } avtab_key_t;
     75 
     76 typedef struct avtab_operations {
     77 	uint8_t type;
     78 	uint32_t perms[8];
     79 } avtab_operations_t;
     80 
     81 typedef struct avtab_datum {
     82 	uint32_t data;		/* access vector or type */
     83 	avtab_operations_t *ops;
     84 } avtab_datum_t;
     85 
     86 typedef struct avtab_node *avtab_ptr_t;
     87 
     88 struct avtab_node {
     89 	avtab_key_t key;
     90 	avtab_datum_t datum;
     91 	avtab_ptr_t next;
     92 	void *parse_context;	/* generic context pointer used by parser;
     93 				 * not saved in binary policy */
     94 	unsigned merged;	/* flag for avtab_write only;
     95 				   not saved in binary policy */
     96 };
     97 
     98 typedef struct avtab {
     99 	avtab_ptr_t *htable;
    100 	uint32_t nel;		/* number of elements */
    101 	uint32_t nslot;         /* number of hash slots */
    102 	uint32_t mask;          /* mask to compute hash func */
    103 } avtab_t;
    104 
    105 extern int avtab_init(avtab_t *);
    106 extern int avtab_alloc(avtab_t *, uint32_t);
    107 extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
    108 
    109 extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k);
    110 
    111 extern void avtab_destroy(avtab_t * h);
    112 
    113 extern int avtab_map(avtab_t * h,
    114 		     int (*apply) (avtab_key_t * k,
    115 				   avtab_datum_t * d, void *args), void *args);
    116 
    117 extern void avtab_hash_eval(avtab_t * h, char *tag);
    118 
    119 struct policy_file;
    120 extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
    121 			   int (*insert) (avtab_t * a, avtab_key_t * k,
    122 					  avtab_datum_t * d, void *p), void *p);
    123 
    124 extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers);
    125 
    126 extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key,
    127 					  avtab_datum_t * datum);
    128 
    129 extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h,
    130 						   avtab_key_t * key,
    131 						   avtab_datum_t * datum,
    132 						   void *parse_context);
    133 
    134 extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key);
    135 
    136 extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
    137 
    138 #define MAX_AVTAB_HASH_BITS 20
    139 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
    140 #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
    141 /* avtab_alloc uses one bucket per 2-4 elements, so adjust to get maximum buckets */
    142 #define MAX_AVTAB_SIZE (MAX_AVTAB_HASH_BUCKETS << 1)
    143 
    144 __END_DECLS
    145 #endif				/* _AVTAB_H_ */
    146 
    147 /* FLASK */
    148