search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
[cris-mirror.git] / security / selinux / include / avc.h
blob57d61cf36500f87ad217ccbfec942116f16654f7
1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3 * Access vector cache interface for object managers.
4 *
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
6 */
7 #ifndef _SELINUX_AVC_H_
8 #define _SELINUX_AVC_H_
9
10 #include <linux/stddef.h>
11 #include <linux/errno.h>
12 #include <linux/kernel.h>
13 #include <linux/kdev_t.h>
14 #include <linux/spinlock.h>
15 #include <linux/init.h>
16 #include <linux/audit.h>
17 #include <linux/lsm_audit.h>
18 #include <linux/in6.h>
19 #include "flask.h"
20 #include "av_permissions.h"
21 #include "security.h"
22
23 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
24 extern int selinux_enforcing;
25 #else
26 #define selinux_enforcing 1
27 #endif
28
29 /*
30 * An entry in the AVC.
31 */
32 struct avc_entry;
33
34 struct task_struct;
35 struct inode;
36 struct sock;
37 struct sk_buff;
38
39 /*
40 * AVC statistics
41 */
42 struct avc_cache_stats {
43 unsigned int lookups;
44 unsigned int misses;
45 unsigned int allocations;
46 unsigned int reclaims;
47 unsigned int frees;
48 };
49
50 /*
51 * We only need this data after we have decided to send an audit message.
52 */
53 struct selinux_audit_data {
54 u32 ssid;
55 u32 tsid;
56 u16 tclass;
57 u32 requested;
58 u32 audited;
59 u32 denied;
60 int result;
61 };
62
63 /*
64 * AVC operations
65 */
66
67 void __init avc_init(void);
68
69 static inline u32 avc_audit_required(u32 requested,
70 struct av_decision *avd,
71 int result,
72 u32 auditdeny,
73 u32 *deniedp)
74 {
75 u32 denied, audited;
76 denied = requested & ~avd->allowed;
77 if (unlikely(denied)) {
78 audited = denied & avd->auditdeny;
79 /*
80 * auditdeny is TRICKY! Setting a bit in
81 * this field means that ANY denials should NOT be audited if
82 * the policy contains an explicit dontaudit rule for that
83 * permission. Take notice that this is unrelated to the
84 * actual permissions that were denied. As an example lets
85 * assume:
86 *
87 * denied == READ
88 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
89 * auditdeny & ACCESS == 1
90 *
91 * We will NOT audit the denial even though the denied
92 * permission was READ and the auditdeny checks were for
93 * ACCESS
94 */
95 if (auditdeny && !(auditdeny & avd->auditdeny))
96 audited = 0;
97 } else if (result)
98 audited = denied = requested;
99 else
100 audited = requested & avd->auditallow;
101 *deniedp = denied;
102 return audited;
103 }
104
105 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
106 u32 requested, u32 audited, u32 denied, int result,
107 struct common_audit_data *a,
108 unsigned flags);
109
110 /**
111 * avc_audit - Audit the granting or denial of permissions.
112 * @ssid: source security identifier
113 * @tsid: target security identifier
114 * @tclass: target security class
115 * @requested: requested permissions
116 * @avd: access vector decisions
117 * @result: result from avc_has_perm_noaudit
118 * @a: auxiliary audit data
119 * @flags: VFS walk flags
120 *
121 * Audit the granting or denial of permissions in accordance
122 * with the policy. This function is typically called by
123 * avc_has_perm() after a permission check, but can also be
124 * called directly by callers who use avc_has_perm_noaudit()
125 * in order to separate the permission check from the auditing.
126 * For example, this separation is useful when the permission check must
127 * be performed under a lock, to allow the lock to be released
128 * before calling the auditing code.
129 */
130 static inline int avc_audit(u32 ssid, u32 tsid,
131 u16 tclass, u32 requested,
132 struct av_decision *avd,
133 int result,
134 struct common_audit_data *a,
135 int flags)
136 {
137 u32 audited, denied;
138 audited = avc_audit_required(requested, avd, result, 0, &denied);
139 if (likely(!audited))
140 return 0;
141 return slow_avc_audit(ssid, tsid, tclass,
142 requested, audited, denied, result,
143 a, flags);
144 }
145
146 #define AVC_STRICT 1 /* Ignore permissive mode. */
147 #define AVC_EXTENDED_PERMS 2 /* update extended permissions */
148 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
149 u16 tclass, u32 requested,
150 unsigned flags,
151 struct av_decision *avd);
152
153 int avc_has_perm(u32 ssid, u32 tsid,
154 u16 tclass, u32 requested,
155 struct common_audit_data *auditdata);
156 int avc_has_perm_flags(u32 ssid, u32 tsid,
157 u16 tclass, u32 requested,
158 struct common_audit_data *auditdata,
159 int flags);
160
161 int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
162 u8 driver, u8 perm, struct common_audit_data *ad);
163
164
165 u32 avc_policy_seqno(void);
166
167 #define AVC_CALLBACK_GRANT 1
168 #define AVC_CALLBACK_TRY_REVOKE 2
169 #define AVC_CALLBACK_REVOKE 4
170 #define AVC_CALLBACK_RESET 8
171 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
172 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
173 #define AVC_CALLBACK_AUDITDENY_ENABLE 64
174 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
175 #define AVC_CALLBACK_ADD_XPERMS 256
176
177 int avc_add_callback(int (*callback)(u32 event), u32 events);
178
179 /* Exported to selinuxfs */
180 int avc_get_hash_stats(char *page);
181 extern unsigned int avc_cache_threshold;
182
183 /* Attempt to free avc node cache */
184 void avc_disable(void);
185
186 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
187 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
188 #endif
189
190 #endif /* _SELINUX_AVC_H_ */
191
CRIS linux kernel tree