security/selinux/include/avc.h at v3.1

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / security / selinux / include / avc.h
at v3.1 109 lines 2.5 kB view raw
wrap content
  1/*
  2 * Access vector cache interface for object managers.
  3 *
  4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  5 */
  6#ifndef _SELINUX_AVC_H_
  7#define _SELINUX_AVC_H_
  8
  9#include <linux/stddef.h>
 10#include <linux/errno.h>
 11#include <linux/kernel.h>
 12#include <linux/kdev_t.h>
 13#include <linux/spinlock.h>
 14#include <linux/init.h>
 15#include <linux/audit.h>
 16#include <linux/lsm_audit.h>
 17#include <linux/in6.h>
 18#include <asm/system.h>
 19#include "flask.h"
 20#include "av_permissions.h"
 21#include "security.h"
 22
 23#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 24extern int selinux_enforcing;
 25#else
 26#define selinux_enforcing 1
 27#endif
 28
 29/*
 30 * An entry in the AVC.
 31 */
 32struct avc_entry;
 33
 34struct task_struct;
 35struct inode;
 36struct sock;
 37struct sk_buff;
 38
 39/*
 40 * AVC statistics
 41 */
 42struct avc_cache_stats {
 43	unsigned int lookups;
 44	unsigned int misses;
 45	unsigned int allocations;
 46	unsigned int reclaims;
 47	unsigned int frees;
 48};
 49
 50/*
 51 * AVC operations
 52 */
 53
 54void __init avc_init(void);
 55
 56int avc_audit(u32 ssid, u32 tsid,
 57	       u16 tclass, u32 requested,
 58	       struct av_decision *avd,
 59	       int result,
 60	      struct common_audit_data *a, unsigned flags);
 61
 62#define AVC_STRICT 1 /* Ignore permissive mode. */
 63int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 64			 u16 tclass, u32 requested,
 65			 unsigned flags,
 66			 struct av_decision *avd);
 67
 68int avc_has_perm_flags(u32 ssid, u32 tsid,
 69		       u16 tclass, u32 requested,
 70		       struct common_audit_data *auditdata,
 71		       unsigned);
 72
 73static inline int avc_has_perm(u32 ssid, u32 tsid,
 74			       u16 tclass, u32 requested,
 75			       struct common_audit_data *auditdata)
 76{
 77	return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0);
 78}
 79
 80u32 avc_policy_seqno(void);
 81
 82#define AVC_CALLBACK_GRANT		1
 83#define AVC_CALLBACK_TRY_REVOKE		2
 84#define AVC_CALLBACK_REVOKE		4
 85#define AVC_CALLBACK_RESET		8
 86#define AVC_CALLBACK_AUDITALLOW_ENABLE	16
 87#define AVC_CALLBACK_AUDITALLOW_DISABLE	32
 88#define AVC_CALLBACK_AUDITDENY_ENABLE	64
 89#define AVC_CALLBACK_AUDITDENY_DISABLE	128
 90
 91int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
 92				     u16 tclass, u32 perms,
 93				     u32 *out_retained),
 94		     u32 events, u32 ssid, u32 tsid,
 95		     u16 tclass, u32 perms);
 96
 97/* Exported to selinuxfs */
 98int avc_get_hash_stats(char *page);
 99extern unsigned int avc_cache_threshold;
100
101/* Attempt to free avc node cache */
102void avc_disable(void);
103
104#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
105DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
106#endif
107
108#endif /* _SELINUX_AVC_H_ */
109
Configure Feed

Configure Feed
