2 * Access vector cache interface for object managers.
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
6 #ifndef _SELINUX_AVC_H_
7 #define _SELINUX_AVC_H_
9 #include <linux/stddef.h>
10 #include <linux/errno.h>
11 #include <linux/kernel.h>
12 #include <linux/kdev_t.h>
13 #include <linux/spinlock.h>
14 #include <linux/init.h>
15 #include <linux/audit.h>
16 #include <linux/lsm_audit.h>
17 #include <linux/in6.h>
19 #include "av_permissions.h"
22 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
23 extern int selinux_enforcing;
25 #define selinux_enforcing 1
29 * An entry in the AVC.
41 struct avc_cache_stats {
44 unsigned int allocations;
45 unsigned int reclaims;
50 * We only need this data after we have decided to send an audit message.
52 struct selinux_audit_data {
66 void __init avc_init(void);
68 static inline u32 avc_audit_required(u32 requested,
69 struct av_decision *avd,
75 denied = requested & ~avd->allowed;
76 if (unlikely(denied)) {
77 audited = denied & avd->auditdeny;
79 * auditdeny is TRICKY! Setting a bit in
80 * this field means that ANY denials should NOT be audited if
81 * the policy contains an explicit dontaudit rule for that
82 * permission. Take notice that this is unrelated to the
83 * actual permissions that were denied. As an example lets
87 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
88 * auditdeny & ACCESS == 1
90 * We will NOT audit the denial even though the denied
91 * permission was READ and the auditdeny checks were for
94 if (auditdeny && !(auditdeny & avd->auditdeny))
97 audited = denied = requested;
99 audited = requested & avd->auditallow;
104 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
105 u32 requested, u32 audited, u32 denied, int result,
106 struct common_audit_data *a,
110 * avc_audit - Audit the granting or denial of permissions.
111 * @ssid: source security identifier
112 * @tsid: target security identifier
113 * @tclass: target security class
114 * @requested: requested permissions
115 * @avd: access vector decisions
116 * @result: result from avc_has_perm_noaudit
117 * @a: auxiliary audit data
118 * @flags: VFS walk flags
120 * Audit the granting or denial of permissions in accordance
121 * with the policy. This function is typically called by
122 * avc_has_perm() after a permission check, but can also be
123 * called directly by callers who use avc_has_perm_noaudit()
124 * in order to separate the permission check from the auditing.
125 * For example, this separation is useful when the permission check must
126 * be performed under a lock, to allow the lock to be released
127 * before calling the auditing code.
129 static inline int avc_audit(u32 ssid, u32 tsid,
130 u16 tclass, u32 requested,
131 struct av_decision *avd,
133 struct common_audit_data *a)
136 audited = avc_audit_required(requested, avd, result, 0, &denied);
137 if (likely(!audited))
139 return slow_avc_audit(ssid, tsid, tclass,
140 requested, audited, denied, result,
144 #define AVC_STRICT 1 /* Ignore permissive mode. */
145 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
146 u16 tclass, u32 requested,
148 struct av_decision *avd);
150 int avc_has_perm(u32 ssid, u32 tsid,
151 u16 tclass, u32 requested,
152 struct common_audit_data *auditdata);
154 u32 avc_policy_seqno(void);
156 #define AVC_CALLBACK_GRANT 1
157 #define AVC_CALLBACK_TRY_REVOKE 2
158 #define AVC_CALLBACK_REVOKE 4
159 #define AVC_CALLBACK_RESET 8
160 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
161 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
162 #define AVC_CALLBACK_AUDITDENY_ENABLE 64
163 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
165 int avc_add_callback(int (*callback)(u32 event), u32 events);
167 /* Exported to selinuxfs */
168 int avc_get_hash_stats(char *page);
169 extern unsigned int avc_cache_threshold;
171 /* Attempt to free avc node cache */
172 void avc_disable(void);
174 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
175 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
178 #endif /* _SELINUX_AVC_H_ */
Code Review / kvmfornfv.git / blob