| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * An access vector table (avtab) is a hash table |
| 3 | * of access vectors and transition types indexed |
| 4 | * by a type pair and a class. An access vector |
| 5 | * table is used to represent the type enforcement |
| 6 | * tables. |
| 7 | * |
| 8 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> |
| 9 | */ |
| 10 | |
| 11 | /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
| 12 | * |
| 13 | * Added conditional policy language extensions |
| 14 | * |
| 15 | * Copyright (C) 2003 Tresys Technology, LLC |
| 16 | * This program is free software; you can redistribute it and/or modify |
| 17 | * it under the terms of the GNU General Public License as published by |
| 18 | * the Free Software Foundation, version 2. |
| 19 | */ |
| 20 | #ifndef _SS_AVTAB_H_ |
| 21 | #define _SS_AVTAB_H_ |
| 22 | |
| 23 | struct avtab_key { |
| Stephen Smalley | 782ebb9 | 2005-09-03 15:55:16 -0700 | [diff] [blame] | 24 | u16 source_type; /* source type */ |
| 25 | u16 target_type; /* target type */ |
| 26 | u16 target_class; /* target object class */ |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 27 | #define AVTAB_ALLOWED 1 |
| 28 | #define AVTAB_AUDITALLOW 2 |
| 29 | #define AVTAB_AUDITDENY 4 |
| 30 | #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) |
| 31 | #define AVTAB_TRANSITION 16 |
| 32 | #define AVTAB_MEMBER 32 |
| 33 | #define AVTAB_CHANGE 64 |
| 34 | #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) |
| Stephen Smalley | 782ebb9 | 2005-09-03 15:55:16 -0700 | [diff] [blame] | 35 | #define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */ |
| 36 | #define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ |
| 37 | u16 specified; /* what field is specified */ |
| 38 | }; |
| 39 | |
| 40 | struct avtab_datum { |
| 41 | u32 data; /* access vector or type value */ |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 42 | }; |
| 43 | |
| 44 | struct avtab_node { |
| 45 | struct avtab_key key; |
| 46 | struct avtab_datum datum; |
| 47 | struct avtab_node *next; |
| 48 | }; |
| 49 | |
| 50 | struct avtab { |
| 51 | struct avtab_node **htable; |
| 52 | u32 nel; /* number of elements */ |
| 53 | }; |
| 54 | |
| 55 | int avtab_init(struct avtab *); |
| Stephen Smalley | 782ebb9 | 2005-09-03 15:55:16 -0700 | [diff] [blame] | 56 | struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k); |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 57 | void avtab_destroy(struct avtab *h); |
| 58 | void avtab_hash_eval(struct avtab *h, char *tag); |
| 59 | |
| Stephen Smalley | 782ebb9 | 2005-09-03 15:55:16 -0700 | [diff] [blame] | 60 | int avtab_read_item(void *fp, uint32_t vers, struct avtab *a, |
| 61 | int (*insert)(struct avtab *a, struct avtab_key *k, |
| 62 | struct avtab_datum *d, void *p), |
| 63 | void *p); |
| 64 | |
| 65 | int avtab_read(struct avtab *a, void *fp, u32 vers); |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 66 | |
| 67 | struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, |
| 68 | struct avtab_datum *datum); |
| 69 | |
| Stephen Smalley | 782ebb9 | 2005-09-03 15:55:16 -0700 | [diff] [blame] | 70 | struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key); |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 71 | |
| 72 | struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); |
| 73 | |
| 74 | void avtab_cache_init(void); |
| 75 | void avtab_cache_destroy(void); |
| 76 | |
| 77 | #define AVTAB_HASH_BITS 15 |
| 78 | #define AVTAB_HASH_BUCKETS (1 << AVTAB_HASH_BITS) |
| 79 | #define AVTAB_HASH_MASK (AVTAB_HASH_BUCKETS-1) |
| 80 | |
| 81 | #define AVTAB_SIZE AVTAB_HASH_BUCKETS |
| 82 | |
| 83 | #endif /* _SS_AVTAB_H_ */ |
| 84 | |