1 2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3 4/* 5 * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> 6 * Tuned number of hash slots for avtab to reduce memory usage 7 */ 8 9/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 10 * 11 * Added conditional policy language extensions 12 * 13 * Copyright (C) 2003 Tresys Technology, LLC 14 * 15 * This library is free software; you can redistribute it and/or 16 * modify it under the terms of the GNU Lesser General Public 17 * License as published by the Free Software Foundation; either 18 * version 2.1 of the License, or (at your option) any later version. 19 * 20 * This library is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23 * Lesser General Public License for more details. 24 * 25 * You should have received a copy of the GNU Lesser General Public 26 * License along with this library; if not, write to the Free Software 27 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 28 */ 29 30/* FLASK */ 31 32/* 33 * An access vector table (avtab) is a hash table 34 * of access vectors and transition types indexed 35 * by a type pair and a class. An access vector 36 * table is used to represent the type enforcement 37 * tables. 38 */ 39 40#ifndef _SEPOL_POLICYDB_AVTAB_H_ 41#define _SEPOL_POLICYDB_AVTAB_H_ 42 43#include <sys/types.h> 44#include <stdint.h> 45 46typedef struct avtab_key { 47 uint16_t source_type; 48 uint16_t target_type; 49 uint16_t target_class; 50#define AVTAB_ALLOWED 1 51#define AVTAB_AUDITALLOW 2 52#define AVTAB_AUDITDENY 4 53#define AVTAB_NEVERALLOW 128 54#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 55#define AVTAB_TRANSITION 16 56#define AVTAB_MEMBER 32 57#define AVTAB_CHANGE 64 58#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 59#define AVTAB_ENABLED_OLD 0x80000000 60#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 61 uint16_t specified; /* what fields are specified */ 62} avtab_key_t; 63 64typedef struct avtab_datum { 65 uint32_t data; /* access vector or type */ 66} avtab_datum_t; 67 68typedef struct avtab_node *avtab_ptr_t; 69 70struct avtab_node { 71 avtab_key_t key; 72 avtab_datum_t datum; 73 avtab_ptr_t next; 74 void *parse_context; /* generic context pointer used by parser; 75 * not saved in binary policy */ 76 unsigned merged; /* flag for avtab_write only; 77 not saved in binary policy */ 78}; 79 80typedef struct avtab { 81 avtab_ptr_t *htable; 82 uint32_t nel; /* number of elements */ 83 uint32_t nslot; /* number of hash slots */ 84 uint16_t mask; /* mask to compute hash func */ 85} avtab_t; 86 87extern int avtab_init(avtab_t *); 88extern int avtab_alloc(avtab_t *, uint32_t); 89extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d); 90 91extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k); 92 93extern void avtab_destroy(avtab_t * h); 94 95extern int avtab_map(avtab_t * h, 96 int (*apply) (avtab_key_t * k, 97 avtab_datum_t * d, void *args), void *args); 98 99extern void avtab_hash_eval(avtab_t * h, char *tag); 100 101struct policy_file; 102extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, 103 int (*insert) (avtab_t * a, avtab_key_t * k, 104 avtab_datum_t * d, void *p), void *p); 105 106extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers); 107 108extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key, 109 avtab_datum_t * datum); 110 111extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h, 112 avtab_key_t * key, 113 avtab_datum_t * datum, 114 void *parse_context); 115 116extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key); 117 118extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified); 119 120#define MAX_AVTAB_HASH_BITS 13 121#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 122#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) 123#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS 124 125#endif /* _AVTAB_H_ */ 126 127/* FLASK */ 128