projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
selinux: introduce schedule points in policydb_destroy()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / security / selinux / include / avc.h
CommitLineData
1da177e4
LT		 1/*
2 * Access vector cache interface for object managers.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6#ifndef _SELINUX_AVC_H_
7#define _SELINUX_AVC_H_
8
9#include <linux/stddef.h>
10#include <linux/errno.h>
11#include <linux/kernel.h>
12#include <linux/kdev_t.h>
13#include <linux/spinlock.h>
14#include <linux/init.h>
15#include <linux/in6.h>
16#include <asm/system.h>
17#include "flask.h"
18#include "av_permissions.h"
19#include "security.h"
20
21#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
22extern int selinux_enforcing;
23#else
24#define selinux_enforcing 1
25#endif
26
27/*
28 * An entry in the AVC.
29 */
30struct avc_entry;
31
32struct task_struct;
33struct vfsmount;
34struct dentry;
35struct inode;
36struct sock;
37struct sk_buff;
38
39/* Auxiliary data to use in generating the audit record. */
40struct avc_audit_data {
41 char type;
42#define AVC_AUDIT_DATA_FS 1
43#define AVC_AUDIT_DATA_NET 2
44#define AVC_AUDIT_DATA_CAP 3
45#define AVC_AUDIT_DATA_IPC 4
46 struct task_struct *tsk;
47 union {
48 struct {
49 struct vfsmount *mnt;
50 struct dentry *dentry;
51 struct inode *inode;
52 } fs;
53 struct {
54 char *netif;
55 struct sock *sk;
56 u16 family;
87fcd70d
AV		 57 __be16 dport;
58 __be16 sport;
1da177e4
LT		 59 union {
60 struct {
87fcd70d
AV		 61 __be32 daddr;
62 __be32 saddr;
1da177e4
LT		 63 } v4;
64 struct {
65 struct in6_addr daddr;
66 struct in6_addr saddr;
67 } v6;
68 } fam;
69 } net;
70 int cap;
71 int ipc_id;
72 } u;
73};
74
75#define v4info fam.v4
76#define v6info fam.v6
77
78/* Initialize an AVC audit data structure. */
79#define AVC_AUDIT_DATA_INIT(_d,_t) \
80 { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
81
82/*
83 * AVC statistics
84 */
85struct avc_cache_stats
86{
87 unsigned int lookups;
88 unsigned int hits;
89 unsigned int misses;
90 unsigned int allocations;
91 unsigned int reclaims;
92 unsigned int frees;
93};
94
95/*
96 * AVC operations
97 */
98
99void __init avc_init(void);
100
101void avc_audit(u32 ssid, u32 tsid,
102 u16 tclass, u32 requested,
103 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
104
105int avc_has_perm_noaudit(u32 ssid, u32 tsid,
106 u16 tclass, u32 requested,
107 struct av_decision *avd);
108
109int avc_has_perm(u32 ssid, u32 tsid,
110 u16 tclass, u32 requested,
111 struct avc_audit_data *auditdata);
112
113#define AVC_CALLBACK_GRANT 1
114#define AVC_CALLBACK_TRY_REVOKE 2
115#define AVC_CALLBACK_REVOKE 4
116#define AVC_CALLBACK_RESET 8
117#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
118#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
119#define AVC_CALLBACK_AUDITDENY_ENABLE 64
120#define AVC_CALLBACK_AUDITDENY_DISABLE 128
121
122int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
123 u16 tclass, u32 perms,
124 u32 *out_retained),
125 u32 events, u32 ssid, u32 tsid,
126 u16 tclass, u32 perms);
127
128/* Exported to selinuxfs */
129int avc_get_hash_stats(char *page);
130extern unsigned int avc_cache_threshold;
131
132#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
133DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
134#endif
135
136#endif /* _SELINUX_AVC_H_ */
137
kernel source for telekom puls (alcatel/mediatek)