Blame - security/selinux/include/avc.h - kernel/msm

blob: d12ff1a9c0aa5e383347af29f9f03fe96e626ed2 [file] [log] [blame]

Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	1	/*
				2	* Access vector cache interface for object managers.
				3	*
				4	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
				5	*/
				6	#ifndef _SELINUX_AVC_H_
				7	#define _SELINUX_AVC_H_
				8
				9	#include <linux/stddef.h>
				10	#include <linux/errno.h>
				11	#include <linux/kernel.h>
				12	#include <linux/kdev_t.h>
				13	#include <linux/spinlock.h>
				14	#include <linux/init.h>
KaiGai Kohei	d9250de	2008-08-28 16:35:57 +0900	[diff] [blame]	15	#include <linux/audit.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	16	#include <linux/in6.h>
Jan Blunck	44707fd	2008-02-14 19:38:33 -0800	[diff] [blame]	17	#include <linux/path.h>
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	18	#include <asm/system.h>
				19	#include "flask.h"
				20	#include "av_permissions.h"
				21	#include "security.h"
				22
				23	#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
				24	extern int selinux_enforcing;
				25	#else
				26	#define selinux_enforcing 1
				27	#endif
				28
				29	/*
				30	* An entry in the AVC.
				31	*/
				32	struct avc_entry;
				33
				34	struct task_struct;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	35	struct inode;
				36	struct sock;
				37	struct sk_buff;
				38
				39	/* Auxiliary data to use in generating the audit record. */
				40	struct avc_audit_data {
				41	char type;
				42	#define AVC_AUDIT_DATA_FS 1
				43	#define AVC_AUDIT_DATA_NET 2
				44	#define AVC_AUDIT_DATA_CAP 3
				45	#define AVC_AUDIT_DATA_IPC 4
				46	struct task_struct *tsk;
				47	union {
				48	struct {
Jan Blunck	44707fd	2008-02-14 19:38:33 -0800	[diff] [blame]	49	struct path path;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	50	struct inode *inode;
				51	} fs;
				52	struct {
Paul Moore	da5645a	2008-01-29 08:38:10 -0500	[diff] [blame]	53	int netif;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	54	struct sock *sk;
				55	u16 family;
Al Viro	87fcd70	2006-12-04 22:00:55 +0000	[diff] [blame]	56	__be16 dport;
				57	__be16 sport;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	58	union {
				59	struct {
Al Viro	87fcd70	2006-12-04 22:00:55 +0000	[diff] [blame]	60	__be32 daddr;
				61	__be32 saddr;
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	62	} v4;
				63	struct {
				64	struct in6_addr daddr;
				65	struct in6_addr saddr;
				66	} v6;
				67	} fam;
				68	} net;
				69	int cap;
				70	int ipc_id;
				71	} u;
				72	};
				73
				74	#define v4info fam.v4
				75	#define v6info fam.v6
				76
				77	/* Initialize an AVC audit data structure. */
				78	#define AVC_AUDIT_DATA_INIT(_d,_t) \
Eric Paris	f526971	2008-05-14 11:27:45 -0400	[diff] [blame]	79	{ memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	80
				81	/*
				82	* AVC statistics
				83	*/
Eric Paris	f526971	2008-05-14 11:27:45 -0400	[diff] [blame]	84	struct avc_cache_stats {
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	85	unsigned int lookups;
				86	unsigned int hits;
				87	unsigned int misses;
				88	unsigned int allocations;
				89	unsigned int reclaims;
				90	unsigned int frees;
				91	};
				92
				93	/*
				94	* AVC operations
				95	*/
				96
				97	void __init avc_init(void);
				98
				99	void avc_audit(u32 ssid, u32 tsid,
Eric Paris	f526971	2008-05-14 11:27:45 -0400	[diff] [blame]	100	u16 tclass, u32 requested,
				101	struct av_decision avd, int result, struct avc_audit_data auditdata);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	102
Stephen Smalley	2c3c05d	2007-06-07 15:34:10 -0400	[diff] [blame]	103	#define AVC_STRICT 1 /* Ignore permissive mode. */
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	104	int avc_has_perm_noaudit(u32 ssid, u32 tsid,
Stephen Smalley	2c3c05d	2007-06-07 15:34:10 -0400	[diff] [blame]	105	u16 tclass, u32 requested,
				106	unsigned flags,
				107	struct av_decision *avd);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	108
				109	int avc_has_perm(u32 ssid, u32 tsid,
Eric Paris	f526971	2008-05-14 11:27:45 -0400	[diff] [blame]	110	u16 tclass, u32 requested,
				111	struct avc_audit_data *auditdata);
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	112
Yuichi Nakamura	788e7dd	2007-09-14 09:27:07 +0900	[diff] [blame]	113	u32 avc_policy_seqno(void);
				114
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	115	#define AVC_CALLBACK_GRANT 1
				116	#define AVC_CALLBACK_TRY_REVOKE 2
				117	#define AVC_CALLBACK_REVOKE 4
				118	#define AVC_CALLBACK_RESET 8
				119	#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
				120	#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
				121	#define AVC_CALLBACK_AUDITDENY_ENABLE 64
				122	#define AVC_CALLBACK_AUDITDENY_DISABLE 128
				123
				124	int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
Eric Paris	f526971	2008-05-14 11:27:45 -0400	[diff] [blame]	125	u16 tclass, u32 perms,
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	126	u32 *out_retained),
				127	u32 events, u32 ssid, u32 tsid,
				128	u16 tclass, u32 perms);
				129
KaiGai Kohei	d9250de	2008-08-28 16:35:57 +0900	[diff] [blame]	130	/* Shows permission in human readable form */
				131	void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av);
				132
Linus Torvalds	1da177e	2005-04-16 15:20:36 -0700	[diff] [blame]	133	/* Exported to selinuxfs */
				134	int avc_get_hash_stats(char *page);
				135	extern unsigned int avc_cache_threshold;
				136
				137	#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
				138	DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
				139	#endif
				140
				141	#endif /* _SELINUX_AVC_H_ */
				142