1*2d543d20SAndroid Build Coastguard Worker /* Authors: Karl MacMillan <[email protected]> 2*2d543d20SAndroid Build Coastguard Worker * Frank Mayer <[email protected]> 3*2d543d20SAndroid Build Coastguard Worker * 4*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2003 - 2005 Tresys Technology, LLC 5*2d543d20SAndroid Build Coastguard Worker * 6*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or 7*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public 8*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either 9*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version. 10*2d543d20SAndroid Build Coastguard Worker * 11*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful, 12*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 13*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details. 15*2d543d20SAndroid Build Coastguard Worker * 16*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public 17*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software 18*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19*2d543d20SAndroid Build Coastguard Worker */ 20*2d543d20SAndroid Build Coastguard Worker 21*2d543d20SAndroid Build Coastguard Worker #ifndef _SEPOL_POLICYDB_CONDITIONAL_H_ 22*2d543d20SAndroid Build Coastguard Worker #define _SEPOL_POLICYDB_CONDITIONAL_H_ 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/flask_types.h> 25*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/avtab.h> 26*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/symtab.h> 27*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/policydb.h> 28*2d543d20SAndroid Build Coastguard Worker 29*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 30*2d543d20SAndroid Build Coastguard Worker extern "C" { 31*2d543d20SAndroid Build Coastguard Worker #endif 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Worker #define COND_EXPR_MAXDEPTH 10 34*2d543d20SAndroid Build Coastguard Worker 35*2d543d20SAndroid Build Coastguard Worker /* this is the max unique bools in a conditional expression 36*2d543d20SAndroid Build Coastguard Worker * for which we precompute all outcomes for the expression. 37*2d543d20SAndroid Build Coastguard Worker * 38*2d543d20SAndroid Build Coastguard Worker * NOTE - do _NOT_ use value greater than 5 because 39*2d543d20SAndroid Build Coastguard Worker * cond_node_t->expr_pre_comp can only hold at most 32 values 40*2d543d20SAndroid Build Coastguard Worker */ 41*2d543d20SAndroid Build Coastguard Worker #define COND_MAX_BOOLS 5 42*2d543d20SAndroid Build Coastguard Worker 43*2d543d20SAndroid Build Coastguard Worker /* 44*2d543d20SAndroid Build Coastguard Worker * A conditional expression is a list of operators and operands 45*2d543d20SAndroid Build Coastguard Worker * in reverse polish notation. 46*2d543d20SAndroid Build Coastguard Worker */ 47*2d543d20SAndroid Build Coastguard Worker typedef struct cond_expr { 48*2d543d20SAndroid Build Coastguard Worker #define COND_BOOL 1 /* plain bool */ 49*2d543d20SAndroid Build Coastguard Worker #define COND_NOT 2 /* !bool */ 50*2d543d20SAndroid Build Coastguard Worker #define COND_OR 3 /* bool || bool */ 51*2d543d20SAndroid Build Coastguard Worker #define COND_AND 4 /* bool && bool */ 52*2d543d20SAndroid Build Coastguard Worker #define COND_XOR 5 /* bool ^ bool */ 53*2d543d20SAndroid Build Coastguard Worker #define COND_EQ 6 /* bool == bool */ 54*2d543d20SAndroid Build Coastguard Worker #define COND_NEQ 7 /* bool != bool */ 55*2d543d20SAndroid Build Coastguard Worker #define COND_LAST COND_NEQ 56*2d543d20SAndroid Build Coastguard Worker uint32_t expr_type; 57*2d543d20SAndroid Build Coastguard Worker /* The member `boolean` was renamed from `bool` in version 3.6 */ 58*2d543d20SAndroid Build Coastguard Worker #define COND_EXPR_T_RENAME_BOOL_BOOLEAN 59*2d543d20SAndroid Build Coastguard Worker uint32_t boolean; 60*2d543d20SAndroid Build Coastguard Worker struct cond_expr *next; 61*2d543d20SAndroid Build Coastguard Worker } cond_expr_t; 62*2d543d20SAndroid Build Coastguard Worker 63*2d543d20SAndroid Build Coastguard Worker /* 64*2d543d20SAndroid Build Coastguard Worker * Each cond_node_t contains a list of rules to be enabled/disabled 65*2d543d20SAndroid Build Coastguard Worker * depending on the current value of the conditional expression. This 66*2d543d20SAndroid Build Coastguard Worker * struct is for that list. 67*2d543d20SAndroid Build Coastguard Worker */ 68*2d543d20SAndroid Build Coastguard Worker typedef struct cond_av_list { 69*2d543d20SAndroid Build Coastguard Worker avtab_ptr_t node; 70*2d543d20SAndroid Build Coastguard Worker struct cond_av_list *next; 71*2d543d20SAndroid Build Coastguard Worker } cond_av_list_t; 72*2d543d20SAndroid Build Coastguard Worker 73*2d543d20SAndroid Build Coastguard Worker /* 74*2d543d20SAndroid Build Coastguard Worker * A cond node represents a conditional block in a policy. It 75*2d543d20SAndroid Build Coastguard Worker * contains a conditional expression, the current state of the expression, 76*2d543d20SAndroid Build Coastguard Worker * two lists of rules to enable/disable depending on the value of the 77*2d543d20SAndroid Build Coastguard Worker * expression (the true list corresponds to if and the false list corresponds 78*2d543d20SAndroid Build Coastguard Worker * to else).. 79*2d543d20SAndroid Build Coastguard Worker */ 80*2d543d20SAndroid Build Coastguard Worker typedef struct cond_node { 81*2d543d20SAndroid Build Coastguard Worker int cur_state; 82*2d543d20SAndroid Build Coastguard Worker cond_expr_t *expr; 83*2d543d20SAndroid Build Coastguard Worker /* these true/false lists point into te_avtab when that is used */ 84*2d543d20SAndroid Build Coastguard Worker cond_av_list_t *true_list; 85*2d543d20SAndroid Build Coastguard Worker cond_av_list_t *false_list; 86*2d543d20SAndroid Build Coastguard Worker /* and these are used during parsing and for modules */ 87*2d543d20SAndroid Build Coastguard Worker avrule_t *avtrue_list; 88*2d543d20SAndroid Build Coastguard Worker avrule_t *avfalse_list; 89*2d543d20SAndroid Build Coastguard Worker /* these fields are not written to binary policy */ 90*2d543d20SAndroid Build Coastguard Worker unsigned int nbools; 91*2d543d20SAndroid Build Coastguard Worker uint32_t bool_ids[COND_MAX_BOOLS]; 92*2d543d20SAndroid Build Coastguard Worker uint32_t expr_pre_comp; 93*2d543d20SAndroid Build Coastguard Worker struct cond_node *next; 94*2d543d20SAndroid Build Coastguard Worker /* a tunable conditional, calculated and used at expansion */ 95*2d543d20SAndroid Build Coastguard Worker #define COND_NODE_FLAGS_TUNABLE UINT32_C(0x01) 96*2d543d20SAndroid Build Coastguard Worker uint32_t flags; 97*2d543d20SAndroid Build Coastguard Worker } cond_node_t; 98*2d543d20SAndroid Build Coastguard Worker 99*2d543d20SAndroid Build Coastguard Worker extern int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr); 100*2d543d20SAndroid Build Coastguard Worker extern cond_expr_t *cond_copy_expr(cond_expr_t * expr); 101*2d543d20SAndroid Build Coastguard Worker 102*2d543d20SAndroid Build Coastguard Worker extern int cond_expr_equal(cond_node_t * a, cond_node_t * b); 103*2d543d20SAndroid Build Coastguard Worker extern int cond_normalize_expr(policydb_t * p, cond_node_t * cn); 104*2d543d20SAndroid Build Coastguard Worker extern void cond_node_destroy(cond_node_t * node); 105*2d543d20SAndroid Build Coastguard Worker extern void cond_expr_destroy(cond_expr_t * expr); 106*2d543d20SAndroid Build Coastguard Worker 107*2d543d20SAndroid Build Coastguard Worker extern cond_node_t *cond_node_find(policydb_t * p, 108*2d543d20SAndroid Build Coastguard Worker cond_node_t * needle, cond_node_t * haystack, 109*2d543d20SAndroid Build Coastguard Worker int *was_created); 110*2d543d20SAndroid Build Coastguard Worker 111*2d543d20SAndroid Build Coastguard Worker extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node); 112*2d543d20SAndroid Build Coastguard Worker 113*2d543d20SAndroid Build Coastguard Worker extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list, 114*2d543d20SAndroid Build Coastguard Worker cond_node_t * cn); 115*2d543d20SAndroid Build Coastguard Worker 116*2d543d20SAndroid Build Coastguard Worker extern int evaluate_conds(policydb_t * p); 117*2d543d20SAndroid Build Coastguard Worker 118*2d543d20SAndroid Build Coastguard Worker extern avtab_datum_t *cond_av_list_search(avtab_key_t * key, 119*2d543d20SAndroid Build Coastguard Worker cond_av_list_t * cond_list); 120*2d543d20SAndroid Build Coastguard Worker 121*2d543d20SAndroid Build Coastguard Worker extern void cond_av_list_destroy(cond_av_list_t * list); 122*2d543d20SAndroid Build Coastguard Worker 123*2d543d20SAndroid Build Coastguard Worker extern void cond_optimize_lists(cond_list_t * cl); 124*2d543d20SAndroid Build Coastguard Worker 125*2d543d20SAndroid Build Coastguard Worker extern int cond_policydb_init(policydb_t * p); 126*2d543d20SAndroid Build Coastguard Worker extern void cond_policydb_destroy(policydb_t * p); 127*2d543d20SAndroid Build Coastguard Worker extern void cond_list_destroy(cond_list_t * list); 128*2d543d20SAndroid Build Coastguard Worker 129*2d543d20SAndroid Build Coastguard Worker extern int cond_init_bool_indexes(policydb_t * p); 130*2d543d20SAndroid Build Coastguard Worker extern int cond_destroy_bool(hashtab_key_t key, hashtab_datum_t datum, void *p); 131*2d543d20SAndroid Build Coastguard Worker 132*2d543d20SAndroid Build Coastguard Worker extern int cond_index_bool(hashtab_key_t key, hashtab_datum_t datum, 133*2d543d20SAndroid Build Coastguard Worker void *datap); 134*2d543d20SAndroid Build Coastguard Worker 135*2d543d20SAndroid Build Coastguard Worker extern int cond_read_bool(policydb_t * p, hashtab_t h, struct policy_file *fp); 136*2d543d20SAndroid Build Coastguard Worker 137*2d543d20SAndroid Build Coastguard Worker extern int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp); 138*2d543d20SAndroid Build Coastguard Worker 139*2d543d20SAndroid Build Coastguard Worker extern void cond_compute_av(avtab_t * ctab, avtab_key_t * key, 140*2d543d20SAndroid Build Coastguard Worker struct sepol_av_decision *avd); 141*2d543d20SAndroid Build Coastguard Worker 142*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 143*2d543d20SAndroid Build Coastguard Worker } 144*2d543d20SAndroid Build Coastguard Worker #endif 145*2d543d20SAndroid Build Coastguard Worker 146*2d543d20SAndroid Build Coastguard Worker #endif /* _CONDITIONAL_H_ */ 147