~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/selinux/include/avc.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 /* SPDX-License-Identifier: GPL-2.0 */
  2 /*
  3  * Access vector cache interface for object managers.
  4  *
  5  * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
  6  */
  7 
  8 #ifndef _SELINUX_AVC_H_
  9 #define _SELINUX_AVC_H_
 10 
 11 #include <linux/stddef.h>
 12 #include <linux/errno.h>
 13 #include <linux/kernel.h>
 14 #include <linux/kdev_t.h>
 15 #include <linux/spinlock.h>
 16 #include <linux/init.h>
 17 #include <linux/audit.h>
 18 #include <linux/lsm_audit.h>
 19 #include <linux/in6.h>
 20 #include "flask.h"
 21 #include "av_permissions.h"
 22 #include "security.h"
 23 
 24 /*
 25  * An entry in the AVC.
 26  */
 27 struct avc_entry;
 28 
 29 struct task_struct;
 30 struct inode;
 31 struct sock;
 32 struct sk_buff;
 33 
 34 /*
 35  * AVC statistics
 36  */
 37 struct avc_cache_stats {
 38         unsigned int lookups;
 39         unsigned int misses;
 40         unsigned int allocations;
 41         unsigned int reclaims;
 42         unsigned int frees;
 43 };
 44 
 45 /*
 46  * We only need this data after we have decided to send an audit message.
 47  */
 48 struct selinux_audit_data {
 49         u32 ssid;
 50         u32 tsid;
 51         u16 tclass;
 52         u32 requested;
 53         u32 audited;
 54         u32 denied;
 55         int result;
 56 } __randomize_layout;
 57 
 58 /*
 59  * AVC operations
 60  */
 61 
 62 void __init avc_init(void);
 63 
 64 static inline u32 avc_audit_required(u32 requested, struct av_decision *avd,
 65                                      int result, u32 auditdeny, u32 *deniedp)
 66 {
 67         u32 denied, audited;
 68         denied = requested & ~avd->allowed;
 69         if (unlikely(denied)) {
 70                 audited = denied & avd->auditdeny;
 71                 /*
 72                  * auditdeny is TRICKY!  Setting a bit in
 73                  * this field means that ANY denials should NOT be audited if
 74                  * the policy contains an explicit dontaudit rule for that
 75                  * permission.  Take notice that this is unrelated to the
 76                  * actual permissions that were denied.  As an example lets
 77                  * assume:
 78                  *
 79                  * denied == READ
 80                  * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
 81                  * auditdeny & ACCESS == 1
 82                  *
 83                  * We will NOT audit the denial even though the denied
 84                  * permission was READ and the auditdeny checks were for
 85                  * ACCESS
 86                  */
 87                 if (auditdeny && !(auditdeny & avd->auditdeny))
 88                         audited = 0;
 89         } else if (result)
 90                 audited = denied = requested;
 91         else
 92                 audited = requested & avd->auditallow;
 93         *deniedp = denied;
 94         return audited;
 95 }
 96 
 97 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited,
 98                    u32 denied, int result, struct common_audit_data *a);
 99 
100 /**
101  * avc_audit - Audit the granting or denial of permissions.
102  * @ssid: source security identifier
103  * @tsid: target security identifier
104  * @tclass: target security class
105  * @requested: requested permissions
106  * @avd: access vector decisions
107  * @result: result from avc_has_perm_noaudit
108  * @a:  auxiliary audit data
109  *
110  * Audit the granting or denial of permissions in accordance
111  * with the policy.  This function is typically called by
112  * avc_has_perm() after a permission check, but can also be
113  * called directly by callers who use avc_has_perm_noaudit()
114  * in order to separate the permission check from the auditing.
115  * For example, this separation is useful when the permission check must
116  * be performed under a lock, to allow the lock to be released
117  * before calling the auditing code.
118  */
119 static inline int avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
120                             struct av_decision *avd, int result,
121                             struct common_audit_data *a)
122 {
123         u32 audited, denied;
124         audited = avc_audit_required(requested, avd, result, 0, &denied);
125         if (likely(!audited))
126                 return 0;
127         return slow_avc_audit(ssid, tsid, tclass, requested, audited, denied,
128                               result, a);
129 }
130 
131 #define AVC_STRICT         1 /* Ignore permissive mode. */
132 #define AVC_EXTENDED_PERMS 2 /* update extended permissions */
133 int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
134                          unsigned int flags, struct av_decision *avd);
135 
136 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,
137                  struct common_audit_data *auditdata);
138 
139 int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
140                            u8 driver, u8 perm, struct common_audit_data *ad);
141 
142 u32 avc_policy_seqno(void);
143 
144 #define AVC_CALLBACK_GRANT              1
145 #define AVC_CALLBACK_TRY_REVOKE         2
146 #define AVC_CALLBACK_REVOKE             4
147 #define AVC_CALLBACK_RESET              8
148 #define AVC_CALLBACK_AUDITALLOW_ENABLE  16
149 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
150 #define AVC_CALLBACK_AUDITDENY_ENABLE   64
151 #define AVC_CALLBACK_AUDITDENY_DISABLE  128
152 #define AVC_CALLBACK_ADD_XPERMS         256
153 
154 int avc_add_callback(int (*callback)(u32 event), u32 events);
155 
156 /* Exported to selinuxfs */
157 int avc_get_hash_stats(char *page);
158 unsigned int avc_get_cache_threshold(void);
159 void avc_set_cache_threshold(unsigned int cache_threshold);
160 
161 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
162 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
163 #endif
164 
165 #endif /* _SELINUX_AVC_H_ */
166
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php