1*2d543d20SAndroid Build Coastguard Worker 2*2d543d20SAndroid Build Coastguard Worker /* Author : Stephen Smalley, <[email protected]> */ 3*2d543d20SAndroid Build Coastguard Worker 4*2d543d20SAndroid Build Coastguard Worker /* 5*2d543d20SAndroid Build Coastguard Worker * Updated: Yuichi Nakamura <[email protected]> 6*2d543d20SAndroid Build Coastguard Worker * Tuned number of hash slots for avtab to reduce memory usage 7*2d543d20SAndroid Build Coastguard Worker */ 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Worker /* Updated: Frank Mayer <[email protected]> and Karl MacMillan <[email protected]> 10*2d543d20SAndroid Build Coastguard Worker * 11*2d543d20SAndroid Build Coastguard Worker * Added conditional policy language extensions 12*2d543d20SAndroid Build Coastguard Worker * 13*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2003 Tresys Technology, LLC 14*2d543d20SAndroid Build Coastguard Worker * 15*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or 16*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public 17*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either 18*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version. 19*2d543d20SAndroid Build Coastguard Worker * 20*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful, 21*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 22*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details. 24*2d543d20SAndroid Build Coastguard Worker * 25*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public 26*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software 27*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 28*2d543d20SAndroid Build Coastguard Worker */ 29*2d543d20SAndroid Build Coastguard Worker 30*2d543d20SAndroid Build Coastguard Worker /* FLASK */ 31*2d543d20SAndroid Build Coastguard Worker 32*2d543d20SAndroid Build Coastguard Worker /* 33*2d543d20SAndroid Build Coastguard Worker * An access vector table (avtab) is a hash table 34*2d543d20SAndroid Build Coastguard Worker * of access vectors and transition types indexed 35*2d543d20SAndroid Build Coastguard Worker * by a type pair and a class. An access vector 36*2d543d20SAndroid Build Coastguard Worker * table is used to represent the type enforcement 37*2d543d20SAndroid Build Coastguard Worker * tables. 38*2d543d20SAndroid Build Coastguard Worker */ 39*2d543d20SAndroid Build Coastguard Worker 40*2d543d20SAndroid Build Coastguard Worker #ifndef _SEPOL_POLICYDB_AVTAB_H_ 41*2d543d20SAndroid Build Coastguard Worker #define _SEPOL_POLICYDB_AVTAB_H_ 42*2d543d20SAndroid Build Coastguard Worker 43*2d543d20SAndroid Build Coastguard Worker #include <sys/types.h> 44*2d543d20SAndroid Build Coastguard Worker #include <stdint.h> 45*2d543d20SAndroid Build Coastguard Worker 46*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 47*2d543d20SAndroid Build Coastguard Worker extern "C" { 48*2d543d20SAndroid Build Coastguard Worker #endif 49*2d543d20SAndroid Build Coastguard Worker 50*2d543d20SAndroid Build Coastguard Worker typedef struct avtab_key { 51*2d543d20SAndroid Build Coastguard Worker uint16_t source_type; 52*2d543d20SAndroid Build Coastguard Worker uint16_t target_type; 53*2d543d20SAndroid Build Coastguard Worker uint16_t target_class; 54*2d543d20SAndroid Build Coastguard Worker #define AVTAB_ALLOWED 0x0001 55*2d543d20SAndroid Build Coastguard Worker #define AVTAB_AUDITALLOW 0x0002 56*2d543d20SAndroid Build Coastguard Worker #define AVTAB_AUDITDENY 0x0004 57*2d543d20SAndroid Build Coastguard Worker #define AVTAB_NEVERALLOW 0x0080 58*2d543d20SAndroid Build Coastguard Worker #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 59*2d543d20SAndroid Build Coastguard Worker #define AVTAB_TRANSITION 0x0010 60*2d543d20SAndroid Build Coastguard Worker #define AVTAB_MEMBER 0x0020 61*2d543d20SAndroid Build Coastguard Worker #define AVTAB_CHANGE 0x0040 62*2d543d20SAndroid Build Coastguard Worker #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 63*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_ALLOWED 0x0100 64*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_AUDITALLOW 0x0200 65*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_DONTAUDIT 0x0400 66*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_NEVERALLOW 0x0800 67*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS (AVTAB_XPERMS_ALLOWED | AVTAB_XPERMS_AUDITALLOW | AVTAB_XPERMS_DONTAUDIT) 68*2d543d20SAndroid Build Coastguard Worker #define AVTAB_ENABLED_OLD 0x80000000 69*2d543d20SAndroid Build Coastguard Worker #define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 70*2d543d20SAndroid Build Coastguard Worker uint16_t specified; /* what fields are specified */ 71*2d543d20SAndroid Build Coastguard Worker } avtab_key_t; 72*2d543d20SAndroid Build Coastguard Worker 73*2d543d20SAndroid Build Coastguard Worker typedef struct avtab_extended_perms { 74*2d543d20SAndroid Build Coastguard Worker 75*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_IOCTLFUNCTION 0x01 76*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_IOCTLDRIVER 0x02 77*2d543d20SAndroid Build Coastguard Worker #define AVTAB_XPERMS_NLMSG 0x03 78*2d543d20SAndroid Build Coastguard Worker /* extension of the avtab_key specified */ 79*2d543d20SAndroid Build Coastguard Worker uint8_t specified; 80*2d543d20SAndroid Build Coastguard Worker uint8_t driver; 81*2d543d20SAndroid Build Coastguard Worker uint32_t perms[8]; 82*2d543d20SAndroid Build Coastguard Worker } avtab_extended_perms_t; 83*2d543d20SAndroid Build Coastguard Worker 84*2d543d20SAndroid Build Coastguard Worker typedef struct avtab_datum { 85*2d543d20SAndroid Build Coastguard Worker uint32_t data; /* access vector or type */ 86*2d543d20SAndroid Build Coastguard Worker avtab_extended_perms_t *xperms; 87*2d543d20SAndroid Build Coastguard Worker } avtab_datum_t; 88*2d543d20SAndroid Build Coastguard Worker 89*2d543d20SAndroid Build Coastguard Worker typedef struct avtab_node *avtab_ptr_t; 90*2d543d20SAndroid Build Coastguard Worker 91*2d543d20SAndroid Build Coastguard Worker struct avtab_node { 92*2d543d20SAndroid Build Coastguard Worker avtab_key_t key; 93*2d543d20SAndroid Build Coastguard Worker avtab_datum_t datum; 94*2d543d20SAndroid Build Coastguard Worker avtab_ptr_t next; 95*2d543d20SAndroid Build Coastguard Worker void *parse_context; /* generic context pointer used by parser; 96*2d543d20SAndroid Build Coastguard Worker * not saved in binary policy */ 97*2d543d20SAndroid Build Coastguard Worker unsigned merged; /* flag for avtab_write only; 98*2d543d20SAndroid Build Coastguard Worker not saved in binary policy */ 99*2d543d20SAndroid Build Coastguard Worker }; 100*2d543d20SAndroid Build Coastguard Worker 101*2d543d20SAndroid Build Coastguard Worker typedef struct avtab { 102*2d543d20SAndroid Build Coastguard Worker avtab_ptr_t *htable; 103*2d543d20SAndroid Build Coastguard Worker uint32_t nel; /* number of elements */ 104*2d543d20SAndroid Build Coastguard Worker uint32_t nslot; /* number of hash slots */ 105*2d543d20SAndroid Build Coastguard Worker uint32_t mask; /* mask to compute hash func */ 106*2d543d20SAndroid Build Coastguard Worker } avtab_t; 107*2d543d20SAndroid Build Coastguard Worker 108*2d543d20SAndroid Build Coastguard Worker extern int avtab_init(avtab_t *); 109*2d543d20SAndroid Build Coastguard Worker extern int avtab_alloc(avtab_t *, uint32_t); 110*2d543d20SAndroid Build Coastguard Worker extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d); 111*2d543d20SAndroid Build Coastguard Worker 112*2d543d20SAndroid Build Coastguard Worker extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k); 113*2d543d20SAndroid Build Coastguard Worker 114*2d543d20SAndroid Build Coastguard Worker extern void avtab_destroy(avtab_t * h); 115*2d543d20SAndroid Build Coastguard Worker 116*2d543d20SAndroid Build Coastguard Worker extern int avtab_map(const avtab_t * h, 117*2d543d20SAndroid Build Coastguard Worker int (*apply) (avtab_key_t * k, 118*2d543d20SAndroid Build Coastguard Worker avtab_datum_t * d, void *args), void *args); 119*2d543d20SAndroid Build Coastguard Worker 120*2d543d20SAndroid Build Coastguard Worker extern void avtab_hash_eval(avtab_t * h, char *tag); 121*2d543d20SAndroid Build Coastguard Worker 122*2d543d20SAndroid Build Coastguard Worker struct policy_file; 123*2d543d20SAndroid Build Coastguard Worker extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, 124*2d543d20SAndroid Build Coastguard Worker int (*insert) (avtab_t * a, avtab_key_t * k, 125*2d543d20SAndroid Build Coastguard Worker avtab_datum_t * d, void *p), void *p); 126*2d543d20SAndroid Build Coastguard Worker 127*2d543d20SAndroid Build Coastguard Worker extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers); 128*2d543d20SAndroid Build Coastguard Worker 129*2d543d20SAndroid Build Coastguard Worker extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key, 130*2d543d20SAndroid Build Coastguard Worker avtab_datum_t * datum); 131*2d543d20SAndroid Build Coastguard Worker 132*2d543d20SAndroid Build Coastguard Worker extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h, 133*2d543d20SAndroid Build Coastguard Worker avtab_key_t * key, 134*2d543d20SAndroid Build Coastguard Worker avtab_datum_t * datum, 135*2d543d20SAndroid Build Coastguard Worker void *parse_context); 136*2d543d20SAndroid Build Coastguard Worker 137*2d543d20SAndroid Build Coastguard Worker extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key); 138*2d543d20SAndroid Build Coastguard Worker 139*2d543d20SAndroid Build Coastguard Worker extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified); 140*2d543d20SAndroid Build Coastguard Worker 141*2d543d20SAndroid Build Coastguard Worker #define MAX_AVTAB_HASH_BITS 20 142*2d543d20SAndroid Build Coastguard Worker #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 143*2d543d20SAndroid Build Coastguard Worker #define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) 144*2d543d20SAndroid Build Coastguard Worker /* avtab_alloc uses one bucket per 2-4 elements, so adjust to get maximum buckets */ 145*2d543d20SAndroid Build Coastguard Worker #define MAX_AVTAB_SIZE (MAX_AVTAB_HASH_BUCKETS << 1) 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 148*2d543d20SAndroid Build Coastguard Worker } 149*2d543d20SAndroid Build Coastguard Worker #endif 150*2d543d20SAndroid Build Coastguard Worker 151*2d543d20SAndroid Build Coastguard Worker #endif /* _AVTAB_H_ */ 152*2d543d20SAndroid Build Coastguard Worker 153*2d543d20SAndroid Build Coastguard Worker /* FLASK */ 154