Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Access vector cache interface for object managers. | |
3 | * | |
4 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | |
5 | */ | |
6 | #ifndef _SELINUX_AVC_H_ | |
7 | #define _SELINUX_AVC_H_ | |
8 | ||
9 | #include <linux/stddef.h> | |
10 | #include <linux/errno.h> | |
11 | #include <linux/kernel.h> | |
12 | #include <linux/kdev_t.h> | |
13 | #include <linux/spinlock.h> | |
14 | #include <linux/init.h> | |
d9250dea | 15 | #include <linux/audit.h> |
2bf49690 | 16 | #include <linux/lsm_audit.h> |
1da177e4 | 17 | #include <linux/in6.h> |
1da177e4 LT |
18 | #include "flask.h" |
19 | #include "av_permissions.h" | |
20 | #include "security.h" | |
21 | ||
22 | #ifdef CONFIG_SECURITY_SELINUX_DEVELOP | |
23 | extern int selinux_enforcing; | |
24 | #else | |
25 | #define selinux_enforcing 1 | |
26 | #endif | |
27 | ||
28 | /* | |
29 | * An entry in the AVC. | |
30 | */ | |
31 | struct avc_entry; | |
32 | ||
33 | struct task_struct; | |
1da177e4 LT |
34 | struct inode; |
35 | struct sock; | |
36 | struct sk_buff; | |
37 | ||
1da177e4 LT |
38 | /* |
39 | * AVC statistics | |
40 | */ | |
f5269710 | 41 | struct avc_cache_stats { |
1da177e4 | 42 | unsigned int lookups; |
1da177e4 LT |
43 | unsigned int misses; |
44 | unsigned int allocations; | |
45 | unsigned int reclaims; | |
46 | unsigned int frees; | |
47 | }; | |
48 | ||
3f0882c4 EP |
49 | /* |
50 | * We only need this data after we have decided to send an audit message. | |
51 | */ | |
899838b2 | 52 | struct selinux_audit_data { |
3b3b0e4f EP |
53 | u32 ssid; |
54 | u32 tsid; | |
55 | u16 tclass; | |
56 | u32 requested; | |
57 | u32 audited; | |
58 | u32 denied; | |
3f0882c4 EP |
59 | int result; |
60 | }; | |
61 | ||
1da177e4 LT |
62 | /* |
63 | * AVC operations | |
64 | */ | |
65 | ||
66 | void __init avc_init(void); | |
67 | ||
2e334057 EP |
68 | static inline u32 avc_audit_required(u32 requested, |
69 | struct av_decision *avd, | |
70 | int result, | |
71 | u32 auditdeny, | |
72 | u32 *deniedp) | |
73 | { | |
74 | u32 denied, audited; | |
75 | denied = requested & ~avd->allowed; | |
76 | if (unlikely(denied)) { | |
77 | audited = denied & avd->auditdeny; | |
78 | /* | |
79 | * auditdeny is TRICKY! Setting a bit in | |
80 | * this field means that ANY denials should NOT be audited if | |
81 | * the policy contains an explicit dontaudit rule for that | |
82 | * permission. Take notice that this is unrelated to the | |
83 | * actual permissions that were denied. As an example lets | |
84 | * assume: | |
85 | * | |
86 | * denied == READ | |
87 | * avd.auditdeny & ACCESS == 0 (not set means explicit rule) | |
88 | * auditdeny & ACCESS == 1 | |
89 | * | |
90 | * We will NOT audit the denial even though the denied | |
91 | * permission was READ and the auditdeny checks were for | |
92 | * ACCESS | |
93 | */ | |
94 | if (auditdeny && !(auditdeny & avd->auditdeny)) | |
95 | audited = 0; | |
96 | } else if (result) | |
97 | audited = denied = requested; | |
98 | else | |
99 | audited = requested & avd->auditallow; | |
100 | *deniedp = denied; | |
101 | return audited; | |
102 | } | |
103 | ||
104 | int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | |
6fa3eb70 | 105 | u32 requested, u32 audited, u32 denied, int result, |
2e334057 EP |
106 | struct common_audit_data *a, |
107 | unsigned flags); | |
108 | ||
109 | /** | |
110 | * avc_audit - Audit the granting or denial of permissions. | |
111 | * @ssid: source security identifier | |
112 | * @tsid: target security identifier | |
113 | * @tclass: target security class | |
114 | * @requested: requested permissions | |
115 | * @avd: access vector decisions | |
116 | * @result: result from avc_has_perm_noaudit | |
117 | * @a: auxiliary audit data | |
118 | * @flags: VFS walk flags | |
119 | * | |
120 | * Audit the granting or denial of permissions in accordance | |
121 | * with the policy. This function is typically called by | |
122 | * avc_has_perm() after a permission check, but can also be | |
123 | * called directly by callers who use avc_has_perm_noaudit() | |
124 | * in order to separate the permission check from the auditing. | |
125 | * For example, this separation is useful when the permission check must | |
126 | * be performed under a lock, to allow the lock to be released | |
127 | * before calling the auditing code. | |
128 | */ | |
129 | static inline int avc_audit(u32 ssid, u32 tsid, | |
130 | u16 tclass, u32 requested, | |
131 | struct av_decision *avd, | |
132 | int result, | |
133 | struct common_audit_data *a, unsigned flags) | |
134 | { | |
135 | u32 audited, denied; | |
1d349292 | 136 | audited = avc_audit_required(requested, avd, result, 0, &denied); |
2e334057 EP |
137 | if (likely(!audited)) |
138 | return 0; | |
139 | return slow_avc_audit(ssid, tsid, tclass, | |
6fa3eb70 | 140 | requested, audited, denied, result, |
2e334057 EP |
141 | a, flags); |
142 | } | |
1da177e4 | 143 | |
949c2c1d S |
144 | #define AVC_STRICT 0 |
145 | #define AVC_EXTENDED_PERMS 2 /* update extended permissions */ | |
1da177e4 | 146 | int avc_has_perm_noaudit(u32 ssid, u32 tsid, |
2c3c05db SS |
147 | u16 tclass, u32 requested, |
148 | unsigned flags, | |
149 | struct av_decision *avd); | |
1da177e4 | 150 | |
9ade0cf4 EP |
151 | int avc_has_perm_flags(u32 ssid, u32 tsid, |
152 | u16 tclass, u32 requested, | |
153 | struct common_audit_data *auditdata, | |
154 | unsigned); | |
155 | ||
156 | static inline int avc_has_perm(u32 ssid, u32 tsid, | |
157 | u16 tclass, u32 requested, | |
158 | struct common_audit_data *auditdata) | |
159 | { | |
160 | return avc_has_perm_flags(ssid, tsid, tclass, requested, auditdata, 0); | |
161 | } | |
1da177e4 | 162 | |
949c2c1d S |
163 | int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested, |
164 | u8 driver, u8 perm, struct common_audit_data *ad); | |
165 | ||
788e7dd4 YN |
166 | u32 avc_policy_seqno(void); |
167 | ||
1da177e4 LT |
168 | #define AVC_CALLBACK_GRANT 1 |
169 | #define AVC_CALLBACK_TRY_REVOKE 2 | |
170 | #define AVC_CALLBACK_REVOKE 4 | |
171 | #define AVC_CALLBACK_RESET 8 | |
172 | #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 | |
173 | #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 | |
174 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 | |
175 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | |
949c2c1d | 176 | #define AVC_CALLBACK_ADD_XPERMS 256 |
1da177e4 | 177 | |
562c99f2 | 178 | int avc_add_callback(int (*callback)(u32 event), u32 events); |
1da177e4 LT |
179 | |
180 | /* Exported to selinuxfs */ | |
181 | int avc_get_hash_stats(char *page); | |
182 | extern unsigned int avc_cache_threshold; | |
183 | ||
89c86576 TL |
184 | /* Attempt to free avc node cache */ |
185 | void avc_disable(void); | |
186 | ||
1da177e4 LT |
187 | #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS |
188 | DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); | |
189 | #endif | |
190 | ||
191 | #endif /* _SELINUX_AVC_H_ */ |