Linux Audio

Check our new training course

Loading...
v6.2
  1/* SPDX-License-Identifier: GPL-2.0-only */
  2/*
  3 * An access vector table (avtab) is a hash table
  4 * of access vectors and transition types indexed
  5 * by a type pair and a class.  An access vector
  6 * table is used to represent the type enforcement
  7 * tables.
  8 *
  9 *  Author : Stephen Smalley, <sds@tycho.nsa.gov>
 10 */
 11
 12/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 13 *
 14 * 	Added conditional policy language extensions
 15 *
 16 * Copyright (C) 2003 Tresys Technology, LLC
 17 *
 18 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
 19 * 	Tuned number of hash slots for avtab to reduce memory usage
 20 */
 21#ifndef _SS_AVTAB_H_
 22#define _SS_AVTAB_H_
 23
 24#include "security.h"
 25
 26struct avtab_key {
 27	u16 source_type;	/* source type */
 28	u16 target_type;	/* target type */
 29	u16 target_class;	/* target object class */
 30#define AVTAB_ALLOWED		0x0001
 31#define AVTAB_AUDITALLOW	0x0002
 32#define AVTAB_AUDITDENY		0x0004
 33#define AVTAB_AV		(AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
 34#define AVTAB_TRANSITION	0x0010
 35#define AVTAB_MEMBER		0x0020
 36#define AVTAB_CHANGE		0x0040
 37#define AVTAB_TYPE		(AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
 38/* extended permissions */
 39#define AVTAB_XPERMS_ALLOWED	0x0100
 40#define AVTAB_XPERMS_AUDITALLOW	0x0200
 41#define AVTAB_XPERMS_DONTAUDIT	0x0400
 42#define AVTAB_XPERMS		(AVTAB_XPERMS_ALLOWED | \
 43				AVTAB_XPERMS_AUDITALLOW | \
 44				AVTAB_XPERMS_DONTAUDIT)
 45#define AVTAB_ENABLED_OLD   0x80000000 /* reserved for used in cond_avtab */
 46#define AVTAB_ENABLED		0x8000 /* reserved for used in cond_avtab */
 47	u16 specified;	/* what field is specified */
 48};
 49
 50/*
 51 * For operations that require more than the 32 permissions provided by the avc
 52 * extended permissions may be used to provide 256 bits of permissions.
 53 */
 54struct avtab_extended_perms {
 55/* These are not flags. All 256 values may be used */
 56#define AVTAB_XPERMS_IOCTLFUNCTION	0x01
 57#define AVTAB_XPERMS_IOCTLDRIVER	0x02
 58	/* extension of the avtab_key specified */
 59	u8 specified; /* ioctl, netfilter, ... */
 60	/*
 61	 * if 256 bits is not adequate as is often the case with ioctls, then
 62	 * multiple extended perms may be used and the driver field
 63	 * specifies which permissions are included.
 64	 */
 65	u8 driver;
 66	/* 256 bits of permissions */
 67	struct extended_perms_data perms;
 68};
 69
 70struct avtab_datum {
 71	union {
 72		u32 data; /* access vector or type value */
 73		struct avtab_extended_perms *xperms;
 74	} u;
 75};
 76
 77struct avtab_node {
 78	struct avtab_key key;
 79	struct avtab_datum datum;
 80	struct avtab_node *next;
 81};
 82
 83struct avtab {
 84	struct avtab_node **htable;
 85	u32 nel;	/* number of elements */
 86	u32 nslot;      /* number of hash slots */
 87	u32 mask;       /* mask to compute hash func */
 88};
 89
 90void avtab_init(struct avtab *h);
 91int avtab_alloc(struct avtab *, u32);
 92int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
 93struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k);
 94void avtab_destroy(struct avtab *h);
 95void avtab_hash_eval(struct avtab *h, char *tag);
 
 
 
 
 
 
 
 96
 97struct policydb;
 98int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 99		    int (*insert)(struct avtab *a, const struct avtab_key *k,
100				  const struct avtab_datum *d, void *p),
101		    void *p);
102
103int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
104int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp);
105int avtab_write(struct policydb *p, struct avtab *a, void *fp);
106
107struct avtab_node *avtab_insert_nonunique(struct avtab *h,
108					  const struct avtab_key *key,
109					  const struct avtab_datum *datum);
110
111struct avtab_node *avtab_search_node(struct avtab *h,
112				     const struct avtab_key *key);
113
114struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
115
116#define MAX_AVTAB_HASH_BITS 16
117#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
118
119#endif	/* _SS_AVTAB_H_ */
120
v6.8
  1/* SPDX-License-Identifier: GPL-2.0-only */
  2/*
  3 * An access vector table (avtab) is a hash table
  4 * of access vectors and transition types indexed
  5 * by a type pair and a class.  An access vector
  6 * table is used to represent the type enforcement
  7 * tables.
  8 *
  9 *  Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
 10 */
 11
 12/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
 13 *
 14 * 	Added conditional policy language extensions
 15 *
 16 * Copyright (C) 2003 Tresys Technology, LLC
 17 *
 18 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
 19 * 	Tuned number of hash slots for avtab to reduce memory usage
 20 */
 21#ifndef _SS_AVTAB_H_
 22#define _SS_AVTAB_H_
 23
 24#include "security.h"
 25
 26struct avtab_key {
 27	u16 source_type;	/* source type */
 28	u16 target_type;	/* target type */
 29	u16 target_class;	/* target object class */
 30#define AVTAB_ALLOWED		0x0001
 31#define AVTAB_AUDITALLOW	0x0002
 32#define AVTAB_AUDITDENY		0x0004
 33#define AVTAB_AV		(AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
 34#define AVTAB_TRANSITION	0x0010
 35#define AVTAB_MEMBER		0x0020
 36#define AVTAB_CHANGE		0x0040
 37#define AVTAB_TYPE		(AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
 38/* extended permissions */
 39#define AVTAB_XPERMS_ALLOWED	0x0100
 40#define AVTAB_XPERMS_AUDITALLOW	0x0200
 41#define AVTAB_XPERMS_DONTAUDIT	0x0400
 42#define AVTAB_XPERMS		(AVTAB_XPERMS_ALLOWED | \
 43				AVTAB_XPERMS_AUDITALLOW | \
 44				AVTAB_XPERMS_DONTAUDIT)
 45#define AVTAB_ENABLED_OLD   0x80000000 /* reserved for used in cond_avtab */
 46#define AVTAB_ENABLED		0x8000 /* reserved for used in cond_avtab */
 47	u16 specified;	/* what field is specified */
 48};
 49
 50/*
 51 * For operations that require more than the 32 permissions provided by the avc
 52 * extended permissions may be used to provide 256 bits of permissions.
 53 */
 54struct avtab_extended_perms {
 55/* These are not flags. All 256 values may be used */
 56#define AVTAB_XPERMS_IOCTLFUNCTION	0x01
 57#define AVTAB_XPERMS_IOCTLDRIVER	0x02
 58	/* extension of the avtab_key specified */
 59	u8 specified; /* ioctl, netfilter, ... */
 60	/*
 61	 * if 256 bits is not adequate as is often the case with ioctls, then
 62	 * multiple extended perms may be used and the driver field
 63	 * specifies which permissions are included.
 64	 */
 65	u8 driver;
 66	/* 256 bits of permissions */
 67	struct extended_perms_data perms;
 68};
 69
 70struct avtab_datum {
 71	union {
 72		u32 data; /* access vector or type value */
 73		struct avtab_extended_perms *xperms;
 74	} u;
 75};
 76
 77struct avtab_node {
 78	struct avtab_key key;
 79	struct avtab_datum datum;
 80	struct avtab_node *next;
 81};
 82
 83struct avtab {
 84	struct avtab_node **htable;
 85	u32 nel;	/* number of elements */
 86	u32 nslot;      /* number of hash slots */
 87	u32 mask;       /* mask to compute hash func */
 88};
 89
 90void avtab_init(struct avtab *h);
 91int avtab_alloc(struct avtab *, u32);
 92int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
 
 93void avtab_destroy(struct avtab *h);
 94
 95#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 96void avtab_hash_eval(struct avtab *h, const char *tag);
 97#else
 98static inline void avtab_hash_eval(struct avtab *h, const char *tag)
 99{
100}
101#endif
102
103struct policydb;
104int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
105		    int (*insert)(struct avtab *a, const struct avtab_key *k,
106				  const struct avtab_datum *d, void *p),
107		    void *p);
108
109int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
110int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp);
111int avtab_write(struct policydb *p, struct avtab *a, void *fp);
112
113struct avtab_node *avtab_insert_nonunique(struct avtab *h,
114					  const struct avtab_key *key,
115					  const struct avtab_datum *datum);
116
117struct avtab_node *avtab_search_node(struct avtab *h,
118				     const struct avtab_key *key);
119
120struct avtab_node *avtab_search_node_next(struct avtab_node *node, u16 specified);
121
122#define MAX_AVTAB_HASH_BITS 16
123#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
124
125#endif	/* _SS_AVTAB_H_ */
126