security/selinux/include/avc.h at v4.16 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / security / selinux / include / avc.h
at v4.16 191 lines 5.0 kB view raw
  1/* SPDX-License-Identifier: GPL-2.0 */
  2/*
  3 * Access vector cache interface for object managers.
  4 *
  5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
  6 */
  7#ifndef _SELINUX_AVC_H_
  8#define _SELINUX_AVC_H_
  9
 10#include <linux/stddef.h>
 11#include <linux/errno.h>
 12#include <linux/kernel.h>
 13#include <linux/kdev_t.h>
 14#include <linux/spinlock.h>
 15#include <linux/init.h>
 16#include <linux/audit.h>
 17#include <linux/lsm_audit.h>
 18#include <linux/in6.h>
 19#include "flask.h"
 20#include "av_permissions.h"
 21#include "security.h"
 22
 23#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 24extern int selinux_enforcing;
 25#else
 26#define selinux_enforcing 1
 27#endif
 28
 29/*
 30 * An entry in the AVC.
 31 */
 32struct avc_entry;
 33
 34struct task_struct;
 35struct inode;
 36struct sock;
 37struct sk_buff;
 38
 39/*
 40 * AVC statistics
 41 */
 42struct avc_cache_stats {
 43	unsigned int lookups;
 44	unsigned int misses;
 45	unsigned int allocations;
 46	unsigned int reclaims;
 47	unsigned int frees;
 48};
 49
 50/*
 51 * We only need this data after we have decided to send an audit message.
 52 */
 53struct selinux_audit_data {
 54	u32 ssid;
 55	u32 tsid;
 56	u16 tclass;
 57	u32 requested;
 58	u32 audited;
 59	u32 denied;
 60	int result;
 61};
 62
 63/*
 64 * AVC operations
 65 */
 66
 67void __init avc_init(void);
 68
 69static inline u32 avc_audit_required(u32 requested,
 70			      struct av_decision *avd,
 71			      int result,
 72			      u32 auditdeny,
 73			      u32 *deniedp)
 74{
 75	u32 denied, audited;
 76	denied = requested & ~avd->allowed;
 77	if (unlikely(denied)) {
 78		audited = denied & avd->auditdeny;
 79		/*
 80		 * auditdeny is TRICKY!  Setting a bit in
 81		 * this field means that ANY denials should NOT be audited if
 82		 * the policy contains an explicit dontaudit rule for that
 83		 * permission.  Take notice that this is unrelated to the
 84		 * actual permissions that were denied.  As an example lets
 85		 * assume:
 86		 *
 87		 * denied == READ
 88		 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
 89		 * auditdeny & ACCESS == 1
 90		 *
 91		 * We will NOT audit the denial even though the denied
 92		 * permission was READ and the auditdeny checks were for
 93		 * ACCESS
 94		 */
 95		if (auditdeny && !(auditdeny & avd->auditdeny))
 96			audited = 0;
 97	} else if (result)
 98		audited = denied = requested;
 99	else
100		audited = requested & avd->auditallow;
101	*deniedp = denied;
102	return audited;
103}
104
105int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
106		   u32 requested, u32 audited, u32 denied, int result,
107		   struct common_audit_data *a,
108		   unsigned flags);
109
110/**
111 * avc_audit - Audit the granting or denial of permissions.
112 * @ssid: source security identifier
113 * @tsid: target security identifier
114 * @tclass: target security class
115 * @requested: requested permissions
116 * @avd: access vector decisions
117 * @result: result from avc_has_perm_noaudit
118 * @a:  auxiliary audit data
119 * @flags: VFS walk flags
120 *
121 * Audit the granting or denial of permissions in accordance
122 * with the policy.  This function is typically called by
123 * avc_has_perm() after a permission check, but can also be
124 * called directly by callers who use avc_has_perm_noaudit()
125 * in order to separate the permission check from the auditing.
126 * For example, this separation is useful when the permission check must
127 * be performed under a lock, to allow the lock to be released
128 * before calling the auditing code.
129 */
130static inline int avc_audit(u32 ssid, u32 tsid,
131			    u16 tclass, u32 requested,
132			    struct av_decision *avd,
133			    int result,
134			    struct common_audit_data *a,
135			    int flags)
136{
137	u32 audited, denied;
138	audited = avc_audit_required(requested, avd, result, 0, &denied);
139	if (likely(!audited))
140		return 0;
141	return slow_avc_audit(ssid, tsid, tclass,
142			      requested, audited, denied, result,
143			      a, flags);
144}
145
146#define AVC_STRICT 1 /* Ignore permissive mode. */
147#define AVC_EXTENDED_PERMS 2	/* update extended permissions */
148int avc_has_perm_noaudit(u32 ssid, u32 tsid,
149			 u16 tclass, u32 requested,
150			 unsigned flags,
151			 struct av_decision *avd);
152
153int avc_has_perm(u32 ssid, u32 tsid,
154		 u16 tclass, u32 requested,
155		 struct common_audit_data *auditdata);
156int avc_has_perm_flags(u32 ssid, u32 tsid,
157		       u16 tclass, u32 requested,
158		       struct common_audit_data *auditdata,
159		       int flags);
160
161int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
162		u8 driver, u8 perm, struct common_audit_data *ad);
163
164
165u32 avc_policy_seqno(void);
166
167#define AVC_CALLBACK_GRANT		1
168#define AVC_CALLBACK_TRY_REVOKE		2
169#define AVC_CALLBACK_REVOKE		4
170#define AVC_CALLBACK_RESET		8
171#define AVC_CALLBACK_AUDITALLOW_ENABLE	16
172#define AVC_CALLBACK_AUDITALLOW_DISABLE	32
173#define AVC_CALLBACK_AUDITDENY_ENABLE	64
174#define AVC_CALLBACK_AUDITDENY_DISABLE	128
175#define AVC_CALLBACK_ADD_XPERMS		256
176
177int avc_add_callback(int (*callback)(u32 event), u32 events);
178
179/* Exported to selinuxfs */
180int avc_get_hash_stats(char *page);
181extern unsigned int avc_cache_threshold;
182
183/* Attempt to free avc node cache */
184void avc_disable(void);
185
186#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
187DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
188#endif
189
190#endif /* _SELINUX_AVC_H_ */
191