1/*
2 * This file describes the internal interface used by the AVC
3 * for calling the user-supplied memory allocation, supplemental
4 * auditing, and locking routine, as well as incrementing the
5 * statistics fields.
6 *
7 * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
8 */
9#ifndef _SELINUX_AVC_INTERNAL_H_
10#define _SELINUX_AVC_INTERNAL_H_
11
12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
15#include <selinux/avc.h>
16#include "callbacks.h"
17#include "dso.h"
18
19/* callback pointers */
20extern void *(*avc_func_malloc) (size_t) hidden;
21extern void (*avc_func_free) (void *)hidden;
22
23extern void (*avc_func_log) (const char *, ...)hidden;
24extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
25
26extern int avc_using_threads hidden;
27extern int avc_app_main_loop hidden;
28extern void *(*avc_func_create_thread) (void (*)(void))hidden;
29extern void (*avc_func_stop_thread) (void *)hidden;
30
31extern void *(*avc_func_alloc_lock) (void)hidden;
32extern void (*avc_func_get_lock) (void *)hidden;
33extern void (*avc_func_release_lock) (void *)hidden;
34extern void (*avc_func_free_lock) (void *)hidden;
35
36static inline void set_callbacks(const struct avc_memory_callback *mem_cb,
37				 const struct avc_log_callback *log_cb,
38				 const struct avc_thread_callback *thread_cb,
39				 const struct avc_lock_callback *lock_cb)
40{
41	if (mem_cb) {
42		avc_func_malloc = mem_cb->func_malloc;
43		avc_func_free = mem_cb->func_free;
44	}
45	if (log_cb) {
46		avc_func_log = log_cb->func_log;
47		avc_func_audit = log_cb->func_audit;
48	}
49	if (thread_cb) {
50		avc_using_threads = 1;
51		avc_func_create_thread = thread_cb->func_create_thread;
52		avc_func_stop_thread = thread_cb->func_stop_thread;
53	}
54	if (lock_cb) {
55		avc_func_alloc_lock = lock_cb->func_alloc_lock;
56		avc_func_get_lock = lock_cb->func_get_lock;
57		avc_func_release_lock = lock_cb->func_release_lock;
58		avc_func_free_lock = lock_cb->func_free_lock;
59	}
60}
61
62/* message prefix and enforcing mode*/
63#define AVC_PREFIX_SIZE 16
64extern char avc_prefix[AVC_PREFIX_SIZE] hidden;
65extern int avc_running hidden;
66extern int avc_enforcing hidden;
67extern int avc_setenforce hidden;
68
69/* user-supplied callback interface for avc */
70static inline void *avc_malloc(size_t size)
71{
72	return avc_func_malloc ? avc_func_malloc(size) : malloc(size);
73}
74
75static inline void avc_free(void *ptr)
76{
77	if (avc_func_free)
78		avc_func_free(ptr);
79	else
80		free(ptr);
81}
82
83/* this is a macro in order to use the variadic capability. */
84#define avc_log(type, format...) \
85  if (avc_func_log) \
86    avc_func_log(format); \
87  else \
88    selinux_log(type, format);
89
90static inline void avc_suppl_audit(void *ptr, security_class_t class,
91				   char *buf, size_t len)
92{
93	if (avc_func_audit)
94		avc_func_audit(ptr, class, buf, len);
95	else
96		selinux_audit(ptr, class, buf, len);
97}
98
99static inline void *avc_create_thread(void (*run) (void))
100{
101	return avc_func_create_thread ? avc_func_create_thread(run) : NULL;
102}
103
104static inline void avc_stop_thread(void *thread)
105{
106	if (avc_func_stop_thread)
107		avc_func_stop_thread(thread);
108}
109
110static inline void *avc_alloc_lock(void)
111{
112	return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL;
113}
114
115static inline void avc_get_lock(void *lock)
116{
117	if (avc_func_get_lock)
118		avc_func_get_lock(lock);
119}
120
121static inline void avc_release_lock(void *lock)
122{
123	if (avc_func_release_lock)
124		avc_func_release_lock(lock);
125}
126
127static inline void avc_free_lock(void *lock)
128{
129	if (avc_func_free_lock)
130		avc_func_free_lock(lock);
131}
132
133/* statistics helper routines */
134#ifdef AVC_CACHE_STATS
135
136#define avc_cache_stats_incr(field) \
137  cache_stats.field ++;
138#define avc_cache_stats_add(field, num) \
139  cache_stats.field += num;
140
141#else
142
143#define avc_cache_stats_incr(field)
144#define avc_cache_stats_add(field, num)
145
146#endif
147
148/* logging helper routines */
149#define AVC_AUDIT_BUFSIZE 1024
150
151/* again, we need the variadic capability here */
152#define log_append(buf,format...) \
153  snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format)
154
155/* internal callbacks */
156int avc_ss_grant(security_id_t ssid, security_id_t tsid,
157		 security_class_t tclass, access_vector_t perms,
158		 uint32_t seqno) hidden;
159int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
160		      security_class_t tclass,
161		      access_vector_t perms, uint32_t seqno,
162		      access_vector_t * out_retained) hidden;
163int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
164		  security_class_t tclass, access_vector_t perms,
165		  uint32_t seqno) hidden;
166int avc_ss_reset(uint32_t seqno) hidden;
167int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
168			  security_class_t tclass, access_vector_t perms,
169			  uint32_t seqno, uint32_t enable) hidden;
170int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
171			 security_class_t tclass, access_vector_t perms,
172			 uint32_t seqno, uint32_t enable) hidden;
173
174/* netlink kernel message code */
175extern int avc_netlink_trouble hidden;
176
177hidden_proto(avc_av_stats)
178    hidden_proto(avc_cleanup)
179    hidden_proto(avc_reset)
180    hidden_proto(avc_audit)
181    hidden_proto(avc_has_perm_noaudit)
182#endif				/* _SELINUX_AVC_INTERNAL_H_ */
183