Linux/security/selinux/ss/avtab.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * An access vector table (avtab) is a hash table 4 * of access vectors and transition types indexed 5 * by a type pair and a class. An access vector 6 * table is used to represent the type enforcement 7 * tables. 8 * 9 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 10 */ 11 12 /* Updated: Frank Mayer <mayerf@tresys.com> and 13 * Karl MacMillan <kmacmillan@tresys.com> 14 * Added conditional policy language extensions 15 * Copyright (C) 2003 Tresys Technology, LLC 16 * 17 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> 18 * Tuned number of hash slots for avtab to reduce memory usage 19 */ 20 21 #ifndef _SS_AVTAB_H_ 22 #define _SS_AVTAB_H_ 23 24 #include "security.h" 25 26 struct avtab_key { 27 u16 source_type; /* source type */ 28 u16 target_type; /* target type */ 29 u16 target_class; /* target object class */ 30 #define AVTAB_ALLOWED 0x0001 31 #define AVTAB_AUDITALLOW 0x0002 32 #define AVTAB_AUDITDENY 0x0004 33 #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 34 #define AVTAB_TRANSITION 0x0010 35 #define AVTAB_MEMBER 0x0020 36 #define AVTAB_CHANGE 0x0040 37 #define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 38 /* extended permissions */ 39 #define AVTAB_XPERMS_ALLOWED 0x0100 40 #define AVTAB_XPERMS_AUDITALLOW 0x0200 41 #define AVTAB_XPERMS_DONTAUDIT 0x0400 42 #define AVTAB_XPERMS \ 43 (AVTAB_XPERMS_ALLOWED | AVTAB_XPERMS_AUDITALLOW | \ 44 AVTAB_XPERMS_DONTAUDIT) 45 #define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */ 46 #define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 47 u16 specified; /* what field is specified */ 48 }; 49 50 /* 51 * For operations that require more than the 32 permissions provided by the avc 52 * extended permissions may be used to provide 256 bits of permissions. 53 */ 54 struct avtab_extended_perms { 55 /* These are not flags. All 256 values may be used */ 56 #define AVTAB_XPERMS_IOCTLFUNCTION 0x01 57 #define AVTAB_XPERMS_IOCTLDRIVER 0x02 58 /* extension of the avtab_key specified */ 59 u8 specified; /* ioctl, netfilter, ... */ 60 /* 61 * if 256 bits is not adequate as is often the case with ioctls, then 62 * multiple extended perms may be used and the driver field 63 * specifies which permissions are included. 64 */ 65 u8 driver; 66 /* 256 bits of permissions */ 67 struct extended_perms_data perms; 68 }; 69 70 struct avtab_datum { 71 union { 72 u32 data; /* access vector or type value */ 73 struct avtab_extended_perms *xperms; 74 } u; 75 }; 76 77 struct avtab_node { 78 struct avtab_key key; 79 struct avtab_datum datum; 80 struct avtab_node *next; 81 }; 82 83 struct avtab { 84 struct avtab_node **htable; 85 u32 nel; /* number of elements */ 86 u32 nslot; /* number of hash slots */ 87 u32 mask; /* mask to compute hash func */ 88 }; 89 90 void avtab_init(struct avtab *h); 91 int avtab_alloc(struct avtab *, u32); 92 int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); 93 void avtab_destroy(struct avtab *h); 94 95 #define MAX_AVTAB_HASH_BITS 16 96 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 97 98 #ifdef CONFIG_SECURITY_SELINUX_DEBUG 99 void avtab_hash_eval(struct avtab *h, const char *tag); 100 #else 101 static inline void avtab_hash_eval(struct avtab *h, const char *tag) 102 { 103 } 104 #endif 105 106 struct policydb; 107 int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, 108 int (*insert)(struct avtab *a, const struct avtab_key *k, 109 const struct avtab_datum *d, void *p), 110 void *p); 111 112 int avtab_read(struct avtab *a, void *fp, struct policydb *pol); 113 int avtab_write_item(struct policydb *p, const struct avtab_node *cur, 114 void *fp); 115 int avtab_write(struct policydb *p, struct avtab *a, void *fp); 116 117 struct avtab_node *avtab_insert_nonunique(struct avtab *h, 118 const struct avtab_key *key, 119 const struct avtab_datum *datum); 120 121 struct avtab_node *avtab_search_node(struct avtab *h, 122 const struct avtab_key *key); 123 struct avtab_node *avtab_search_node_next(struct avtab_node *node, 124 u16 specified); 125 126 #endif /* _SS_AVTAB_H_ */ 127

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/security/selinux/ss/avtab.h

TOMOYO Linux Cross Reference
Linux/security/selinux/ss/avtab.h