~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/ss/conditional.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/selinux/ss/conditional.h (Version linux-6.11.5) and /security/selinux/ss/conditional.h (Version linux-5.0.21)


  1 /* SPDX-License-Identifier: GPL-2.0-only */    << 
  2 /* Authors: Karl MacMillan <kmacmillan@tresys.      1 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
  3  *          Frank Mayer <mayerf@tresys.com>         2  *          Frank Mayer <mayerf@tresys.com>
  4  *          Copyright (C) 2003 - 2004 Tresys T !!   3  *
                                                   >>   4  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
                                                   >>   5  *      This program is free software; you can redistribute it and/or modify
                                                   >>   6  *      it under the terms of the GNU General Public License as published by
                                                   >>   7  *      the Free Software Foundation, version 2.
  5  */                                                 8  */
  6                                                     9 
  7 #ifndef _CONDITIONAL_H_                            10 #ifndef _CONDITIONAL_H_
  8 #define _CONDITIONAL_H_                            11 #define _CONDITIONAL_H_
  9                                                    12 
 10 #include "avtab.h"                                 13 #include "avtab.h"
 11 #include "symtab.h"                                14 #include "symtab.h"
 12 #include "policydb.h"                              15 #include "policydb.h"
 13 #include "../include/conditional.h"                16 #include "../include/conditional.h"
 14                                                    17 
 15 #define COND_EXPR_MAXDEPTH 10                      18 #define COND_EXPR_MAXDEPTH 10
 16                                                    19 
 17 /*                                                 20 /*
 18  * A conditional expression is a list of opera     21  * A conditional expression is a list of operators and operands
 19  * in reverse polish notation.                     22  * in reverse polish notation.
 20  */                                                23  */
 21 struct cond_expr_node {                        << 
 22 #define COND_BOOL 1 /* plain bool */           << 
 23 #define COND_NOT  2 /* !bool */                << 
 24 #define COND_OR   3 /* bool || bool */         << 
 25 #define COND_AND  4 /* bool && bool */         << 
 26 #define COND_XOR  5 /* bool ^ bool */          << 
 27 #define COND_EQ   6 /* bool == bool */         << 
 28 #define COND_NEQ  7 /* bool != bool */         << 
 29 #define COND_LAST COND_NEQ                     << 
 30         u32 expr_type;                         << 
 31         u32 boolean;                           << 
 32 };                                             << 
 33                                                << 
 34 struct cond_expr {                                 24 struct cond_expr {
 35         struct cond_expr_node *nodes;          !!  25 #define COND_BOOL       1 /* plain bool */
 36         u32 len;                               !!  26 #define COND_NOT        2 /* !bool */
                                                   >>  27 #define COND_OR         3 /* bool || bool */
                                                   >>  28 #define COND_AND        4 /* bool && bool */
                                                   >>  29 #define COND_XOR        5 /* bool ^ bool */
                                                   >>  30 #define COND_EQ         6 /* bool == bool */
                                                   >>  31 #define COND_NEQ        7 /* bool != bool */
                                                   >>  32 #define COND_LAST       COND_NEQ
                                                   >>  33         __u32 expr_type;
                                                   >>  34         __u32 bool;
                                                   >>  35         struct cond_expr *next;
 37 };                                                 36 };
 38                                                    37 
 39 /*                                                 38 /*
 40  * Each cond_node contains a list of rules to      39  * Each cond_node contains a list of rules to be enabled/disabled
 41  * depending on the current value of the condi     40  * depending on the current value of the conditional expression. This
 42  * struct is for that list.                        41  * struct is for that list.
 43  */                                                42  */
 44 struct cond_av_list {                              43 struct cond_av_list {
 45         struct avtab_node **nodes;             !!  44         struct avtab_node *node;
 46         u32 len;                               !!  45         struct cond_av_list *next;
 47 };                                                 46 };
 48                                                    47 
 49 /*                                                 48 /*
 50  * A cond node represents a conditional block      49  * A cond node represents a conditional block in a policy. It
 51  * contains a conditional expression, the curr     50  * contains a conditional expression, the current state of the expression,
 52  * two lists of rules to enable/disable depend     51  * two lists of rules to enable/disable depending on the value of the
 53  * expression (the true list corresponds to if     52  * expression (the true list corresponds to if and the false list corresponds
 54  * to else)..                                      53  * to else)..
 55  */                                                54  */
 56 struct cond_node {                                 55 struct cond_node {
 57         int cur_state;                             56         int cur_state;
 58         struct cond_expr expr;                 !!  57         struct cond_expr *expr;
 59         struct cond_av_list true_list;         !!  58         struct cond_av_list *true_list;
 60         struct cond_av_list false_list;        !!  59         struct cond_av_list *false_list;
                                                   >>  60         struct cond_node *next;
 61 };                                                 61 };
 62                                                    62 
 63 void cond_policydb_init(struct policydb *p);   !!  63 int cond_policydb_init(struct policydb *p);
 64 void cond_policydb_destroy(struct policydb *p)     64 void cond_policydb_destroy(struct policydb *p);
 65                                                    65 
 66 int cond_init_bool_indexes(struct policydb *p)     66 int cond_init_bool_indexes(struct policydb *p);
 67 int cond_destroy_bool(void *key, void *datum,      67 int cond_destroy_bool(void *key, void *datum, void *p);
 68                                                    68 
 69 int cond_index_bool(void *key, void *datum, vo     69 int cond_index_bool(void *key, void *datum, void *datap);
 70                                                    70 
 71 int cond_read_bool(struct policydb *p, struct  !!  71 int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
 72 int cond_read_list(struct policydb *p, void *f     72 int cond_read_list(struct policydb *p, void *fp);
 73 int cond_write_bool(void *key, void *datum, vo     73 int cond_write_bool(void *key, void *datum, void *ptr);
 74 int cond_write_list(struct policydb *p, void * !!  74 int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
 75                                                    75 
 76 void cond_compute_av(struct avtab *ctab, struc     76 void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
 77                      struct av_decision *avd,  !!  77                 struct av_decision *avd, struct extended_perms *xperms);
 78 void cond_compute_xperms(struct avtab *ctab, s     78 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
 79                          struct extended_perms !!  79                 struct extended_perms_decision *xpermd);
 80 void evaluate_cond_nodes(struct policydb *p);  !!  80 int evaluate_cond_node(struct policydb *p, struct cond_node *node);
 81 void cond_policydb_destroy_dup(struct policydb << 
 82 int cond_policydb_dup(struct policydb *new, co << 
 83                                                    81 
 84 #endif /* _CONDITIONAL_H_ */                       82 #endif /* _CONDITIONAL_H_ */
 85                                                    83 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php