Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Access vector cache interface for object managers. | |
3 | * | |
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | |
5 | */ | |
6 | #ifndef _SELINUX_AVC_H_ | |
7 | #define _SELINUX_AVC_H_ | |
8 | ||
9 | #include <linux/stddef.h> | |
10 | #include <linux/errno.h> | |
11 | #include <linux/kernel.h> | |
12 | #include <linux/kdev_t.h> | |
13 | #include <linux/spinlock.h> | |
14 | #include <linux/init.h> | |
d9250dea | 15 | #include <linux/audit.h> |
2bf49690 | 16 | #include <linux/lsm_audit.h> |
1da177e4 | 17 | #include <linux/in6.h> |
44707fdf | 18 | #include <linux/path.h> |
1da177e4 LT |
19 | #include <asm/system.h> |
20 | #include "flask.h" | |
21 | #include "av_permissions.h" | |
22 | #include "security.h" | |
23 | ||
24 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | |
25 | extern int selinux_enforcing; | |
26 | #else | |
27 | #define selinux_enforcing 1 | |
28 | #endif | |
29 | ||
30 | /* | |
31 | * An entry in the AVC. | |
32 | */ | |
33 | struct avc_entry; | |
34 | ||
35 | struct task_struct; | |
1da177e4 LT |
36 | struct inode; |
37 | struct sock; | |
38 | struct sk_buff; | |
39 | ||
1da177e4 LT |
40 | /* |
41 | * AVC statistics | |
42 | */ | |
f5269710 | 43 | struct avc_cache_stats { |
1da177e4 LT |
44 | unsigned int lookups; |
45 | unsigned int hits; | |
46 | unsigned int misses; | |
47 | unsigned int allocations; | |
48 | unsigned int reclaims; | |
49 | unsigned int frees; | |
50 | }; | |
51 | ||
52 | /* | |
53 | * AVC operations | |
54 | */ | |
55 | ||
56 | void __init avc_init(void); | |
57 | ||
58 | void avc_audit(u32 ssid, u32 tsid, | |
f5269710 | 59 | u16 tclass, u32 requested, |
2bf49690 TL |
60 | struct av_decision *avd, |
61 | int result, | |
62 | struct common_audit_data *a); | |
1da177e4 | 63 | |
2c3c05db | 64 | #define AVC_STRICT 1 /* Ignore permissive mode. */ |
1da177e4 | 65 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
2c3c05db SS |
66 | u16 tclass, u32 requested, |
67 | unsigned flags, | |
68 | struct av_decision *avd); | |
1da177e4 LT |
69 | |
70 | int avc_has_perm(u32 ssid, u32 tsid, | |
f5269710 | 71 | u16 tclass, u32 requested, |
2bf49690 | 72 | struct common_audit_data *auditdata); |
1da177e4 | 73 | |
788e7dd4 YN |
74 | u32 avc_policy_seqno(void); |
75 | ||
1da177e4 LT |
76 | #define AVC_CALLBACK_GRANT 1 |
77 | #define AVC_CALLBACK_TRY_REVOKE 2 | |
78 | #define AVC_CALLBACK_REVOKE 4 | |
79 | #define AVC_CALLBACK_RESET 8 | |
80 | #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 | |
81 | #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 | |
82 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 | |
83 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | |
84 | ||
85 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | |
f5269710 | 86 | u16 tclass, u32 perms, |
1da177e4 LT |
87 | u32 *out_retained), |
88 | u32 events, u32 ssid, u32 tsid, | |
89 | u16 tclass, u32 perms); | |
90 | ||
91 | /* Exported to selinuxfs */ | |
92 | int avc_get_hash_stats(char *page); | |
93 | extern unsigned int avc_cache_threshold; | |
94 | ||
89c86576 TL |
95 | /* Attempt to free avc node cache */ |
96 | void avc_disable(void); | |
97 | ||
1da177e4 LT |
98 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS |
99 | DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); | |
100 | #endif | |
101 | ||
102 | #endif /* _SELINUX_AVC_H_ */ | |
103 |