Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Access vector cache interface for object managers. | |
3 | * | |
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | |
5 | */ | |
6 | #ifndef _SELINUX_AVC_H_ | |
7 | #define _SELINUX_AVC_H_ | |
8 | ||
9 | #include <linux/stddef.h> | |
10 | #include <linux/errno.h> | |
11 | #include <linux/kernel.h> | |
12 | #include <linux/kdev_t.h> | |
13 | #include <linux/spinlock.h> | |
14 | #include <linux/init.h> | |
d9250dea | 15 | #include <linux/audit.h> |
2bf49690 | 16 | #include <linux/lsm_audit.h> |
1da177e4 LT |
17 | #include <linux/in6.h> |
18 | #include <asm/system.h> | |
19 | #include "flask.h" | |
20 | #include "av_permissions.h" | |
21 | #include "security.h" | |
22 | ||
23 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | |
24 | extern int selinux_enforcing; | |
25 | #else | |
26 | #define selinux_enforcing 1 | |
27 | #endif | |
28 | ||
29 | /* | |
30 | * An entry in the AVC. | |
31 | */ | |
32 | struct avc_entry; | |
33 | ||
34 | struct task_struct; | |
1da177e4 LT |
35 | struct inode; |
36 | struct sock; | |
37 | struct sk_buff; | |
38 | ||
1da177e4 LT |
39 | /* |
40 | * AVC statistics | |
41 | */ | |
f5269710 | 42 | struct avc_cache_stats { |
1da177e4 LT |
43 | unsigned int lookups; |
44 | unsigned int hits; | |
45 | unsigned int misses; | |
46 | unsigned int allocations; | |
47 | unsigned int reclaims; | |
48 | unsigned int frees; | |
49 | }; | |
50 | ||
51 | /* | |
52 | * AVC operations | |
53 | */ | |
54 | ||
55 | void __init avc_init(void); | |
56 | ||
9ade0cf4 | 57 | int avc_audit(u32 ssid, u32 tsid, |
f5269710 | 58 | u16 tclass, u32 requested, |
2bf49690 TL |
59 | struct av_decision *avd, |
60 | int result, | |
9ade0cf4 | 61 | struct common_audit_data *a, unsigned flags); |
1da177e4 | 62 | |
2c3c05db | 63 | #define AVC_STRICT 1 /* Ignore permissive mode. */ |
1da177e4 | 64 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
2c3c05db SS |
65 | u16 tclass, u32 requested, |
66 | unsigned flags, | |
67 | struct av_decision *avd); | |
1da177e4 | 68 | |
9ade0cf4 EP |
69 | int avc_has_perm_flags(u32 ssid, u32 tsid, |
70 | u16 tclass, u32 requested, | |
71 | struct common_audit_data *auditdata, | |
72 | unsigned); | |
73 | ||
74 | static inline int avc_has_perm(u32 ssid, u32 tsid, | |
75 | u16 tclass, u32 requested, | |
76 | struct common_audit_data *auditdata) | |
77 | { | |
78 | return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0); | |
79 | } | |
1da177e4 | 80 | |
788e7dd4 YN |
81 | u32 avc_policy_seqno(void); |
82 | ||
1da177e4 LT |
83 | #define AVC_CALLBACK_GRANT 1 |
84 | #define AVC_CALLBACK_TRY_REVOKE 2 | |
85 | #define AVC_CALLBACK_REVOKE 4 | |
86 | #define AVC_CALLBACK_RESET 8 | |
87 | #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 | |
88 | #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 | |
89 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 | |
90 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | |
91 | ||
92 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | |
f5269710 | 93 | u16 tclass, u32 perms, |
1da177e4 LT |
94 | u32 *out_retained), |
95 | u32 events, u32 ssid, u32 tsid, | |
96 | u16 tclass, u32 perms); | |
97 | ||
98 | /* Exported to selinuxfs */ | |
99 | int avc_get_hash_stats(char *page); | |
100 | extern unsigned int avc_cache_threshold; | |
101 | ||
89c86576 TL |
102 | /* Attempt to free avc node cache */ |
103 | void avc_disable(void); | |
104 | ||
1da177e4 LT |
105 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS |
106 | DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); | |
107 | #endif | |
108 | ||
109 | #endif /* _SELINUX_AVC_H_ */ | |
110 |