1 /* Author : Stephen Smalley, <sds (at) epoch.ncsc.mil> */ 2 3 /* FLASK */ 4 5 /* 6 * A security identifier table (sidtab) is a hash table 7 * of security context structures indexed by SID value. 8 */ 9 10 #ifndef _SEPOL_POLICYDB_SIDTAB_H_ 11 #define _SEPOL_POLICYDB_SIDTAB_H_ 12 13 #include <sepol/policydb/context.h> 14 #include <sys/cdefs.h> 15 16 __BEGIN_DECLS 17 18 typedef struct sidtab_node { 19 sepol_security_id_t sid; /* security identifier */ 20 context_struct_t context; /* security context structure */ 21 struct sidtab_node *next; 22 } sidtab_node_t; 23 24 typedef struct sidtab_node *sidtab_ptr_t; 25 26 #define SIDTAB_HASH_BITS 7 27 #define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS) 28 #define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1) 29 30 #define SIDTAB_SIZE SIDTAB_HASH_BUCKETS 31 32 typedef struct { 33 sidtab_ptr_t *htable; 34 unsigned int nel; /* number of elements */ 35 unsigned int next_sid; /* next SID to allocate */ 36 unsigned char shutdown; 37 } sidtab_t; 38 39 extern int sepol_sidtab_init(sidtab_t * s); 40 41 extern int sepol_sidtab_insert(sidtab_t * s, 42 sepol_security_id_t sid, 43 context_struct_t * context); 44 45 extern context_struct_t *sepol_sidtab_search(sidtab_t * s, 46 sepol_security_id_t sid); 47 48 extern int sepol_sidtab_map(sidtab_t * s, 49 int (*apply) (sepol_security_id_t sid, 50 context_struct_t * context, 51 void *args), void *args); 52 53 extern void sepol_sidtab_map_remove_on_error(sidtab_t * s, 54 int (*apply) (sepol_security_id_t 55 s, 56 context_struct_t * 57 context, void *args), 58 void *args); 59 60 extern int sepol_sidtab_context_to_sid(sidtab_t * s, /* IN */ 61 context_struct_t * context, /* IN */ 62 sepol_security_id_t * sid); /* OUT */ 63 64 extern void sepol_sidtab_hash_eval(sidtab_t * h, char *tag); 65 66 extern void sepol_sidtab_destroy(sidtab_t * s); 67 68 extern void sepol_sidtab_set(sidtab_t * dst, sidtab_t * src); 69 70 extern void sepol_sidtab_shutdown(sidtab_t * s); 71 72 __END_DECLS 73 #endif /* _SIDTAB_H_ */ 74 75 /* FLASK */ 76
