policydb.h revision 8fd7c65a336d45d5225f32363a9f26c1e3e60c3c 
1
2/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
3
4/*
5 * Updated: Joshua Brindle <jbrindle@tresys.com>
6 *	    Karl MacMillan <kmacmillan@tresys.com>
7 *	    Jason Tang <jtang@tresys.com>
8 *
9 *	Module support
10 *
11 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
12 *
13 *	Support for enhanced MLS infrastructure.
14 *
15 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
16 *
17 * 	Added conditional policy language extensions
18 *
19 * Updated: Red Hat, Inc.  James Morris <jmorris@redhat.com>
20 *
21 *      Fine-grained netlink support
22 *      IPv6 support
23 *      Code cleanup
24 *
25 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
26 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
27 * Copyright (C) 2003 - 2004 Red Hat, Inc.
28 *
29 *  This library is free software; you can redistribute it and/or
30 *  modify it under the terms of the GNU Lesser General Public
31 *  License as published by the Free Software Foundation; either
32 *  version 2.1 of the License, or (at your option) any later version.
33 *
34 *  This library is distributed in the hope that it will be useful,
35 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
36 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
37 *  Lesser General Public License for more details.
38 *
39 *  You should have received a copy of the GNU Lesser General Public
40 *  License along with this library; if not, write to the Free Software
41 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
42 */
43
44/* FLASK */
45
46/*
47 * A policy database (policydb) specifies the
48 * configuration data for the security policy.
49 */
50
51#ifndef _SEPOL_POLICYDB_POLICYDB_H_
52#define _SEPOL_POLICYDB_POLICYDB_H_
53
54#include <stdio.h>
55#include <stddef.h>
56
57#include <sepol/policydb.h>
58
59#include <sepol/policydb/flask_types.h>
60#include <sepol/policydb/symtab.h>
61#include <sepol/policydb/avtab.h>
62#include <sepol/policydb/context.h>
63#include <sepol/policydb/constraint.h>
64#include <sepol/policydb/sidtab.h>
65
66#define ERRMSG_LEN 1024
67
68#define POLICYDB_SUCCESS      0
69#define POLICYDB_ERROR       -1
70#define POLICYDB_UNSUPPORTED -2
71
72/*
73 * A datum type is defined for each kind of symbol
74 * in the configuration data:  individual permissions,
75 * common prefixes for access vectors, classes,
76 * users, roles, types, sensitivities, categories, etc.
77 */
78
79/* type set preserves data needed by modules such as *, ~ and attributes */
80typedef struct type_set {
81	ebitmap_t types;
82	ebitmap_t negset;
83#define TYPE_STAR 1
84#define TYPE_COMP 2
85	uint32_t flags;
86} type_set_t;
87
88typedef struct role_set {
89	ebitmap_t roles;
90#define ROLE_STAR 1
91#define ROLE_COMP 2
92	uint32_t flags;
93} role_set_t;
94
95/* Permission attributes */
96typedef struct perm_datum {
97	symtab_datum_t s;
98} perm_datum_t;
99
100/* Attributes of a common prefix for access vectors */
101typedef struct common_datum {
102	symtab_datum_t s;
103	symtab_t permissions;	/* common permissions */
104} common_datum_t;
105
106/* Class attributes */
107typedef struct class_datum {
108	symtab_datum_t s;
109	char *comkey;		/* common name */
110	common_datum_t *comdatum;	/* common datum */
111	symtab_t permissions;	/* class-specific permission symbol table */
112	constraint_node_t *constraints;	/* constraints on class permissions */
113	constraint_node_t *validatetrans;	/* special transition rules */
114/* Options how a new object user and role should be decided */
115#define DEFAULT_SOURCE		1
116#define DEFAULT_TARGET		2
117	char default_user;
118	char default_role;
119	char default_type;
120/* Options how a new object range should be decided */
121#define DEFAULT_SOURCE_LOW	1
122#define DEFAULT_SOURCE_HIGH	2
123#define DEFAULT_SOURCE_LOW_HIGH	3
124#define DEFAULT_TARGET_LOW	4
125#define DEFAULT_TARGET_HIGH	5
126#define DEFAULT_TARGET_LOW_HIGH	6
127	char default_range;
128} class_datum_t;
129
130/* Role attributes */
131typedef struct role_datum {
132	symtab_datum_t s;
133	ebitmap_t dominates;	/* set of roles dominated by this role */
134	type_set_t types;	/* set of authorized types for role */
135	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
136	uint32_t bounds;	/* bounds role, if exist */
137#define ROLE_ROLE 0		/* regular role in kernel policies */
138#define ROLE_ATTRIB 1		/* attribute */
139	uint32_t flavor;
140	ebitmap_t roles;	/* roles with this attribute */
141} role_datum_t;
142
143typedef struct role_trans {
144	uint32_t role;		/* current role */
145	uint32_t type;		/* program executable type, or new object type */
146	uint32_t tclass;	/* process class, or new object class */
147	uint32_t new_role;	/* new role */
148	struct role_trans *next;
149} role_trans_t;
150
151typedef struct role_allow {
152	uint32_t role;		/* current role */
153	uint32_t new_role;	/* new role */
154	struct role_allow *next;
155} role_allow_t;
156
157/* filename_trans rules */
158typedef struct filename_trans {
159	uint32_t stype;
160	uint32_t ttype;
161	uint32_t tclass;
162	char *name;
163	uint32_t otype;
164	struct filename_trans *next;
165} filename_trans_t;
166
167/* Type attributes */
168typedef struct type_datum {
169	symtab_datum_t s;
170	uint32_t primary;	/* primary name? can be set to primary value if below is TYPE_ */
171#define TYPE_TYPE 0		/* regular type or alias in kernel policies */
172#define TYPE_ATTRIB 1		/* attribute */
173#define TYPE_ALIAS 2		/* alias in modular policy */
174	uint32_t flavor;
175	ebitmap_t types;	/* types with this attribute */
176#define TYPE_FLAGS_PERMISSIVE	0x01
177	uint32_t flags;
178	uint32_t bounds;	/* bounds type, if exist */
179} type_datum_t;
180
181/*
182 * Properties of type_datum
183 * available on the policy version >= (MOD_)POLICYDB_VERSION_BOUNDARY
184 */
185#define TYPEDATUM_PROPERTY_PRIMARY	0x0001
186#define TYPEDATUM_PROPERTY_ATTRIBUTE	0x0002
187#define TYPEDATUM_PROPERTY_ALIAS	0x0004	/* userspace only */
188#define TYPEDATUM_PROPERTY_PERMISSIVE	0x0008	/* userspace only */
189
190/* User attributes */
191typedef struct user_datum {
192	symtab_datum_t s;
193	role_set_t roles;	/* set of authorized roles for user */
194	mls_semantic_range_t range;	/* MLS range (min. - max.) for user */
195	mls_semantic_level_t dfltlevel;	/* default login MLS level for user */
196	ebitmap_t cache;	/* This is an expanded set used for context validation during parsing */
197	mls_range_t exp_range;     /* expanded range used for validation */
198	mls_level_t exp_dfltlevel; /* expanded range used for validation */
199	uint32_t bounds;	/* bounds user, if exist */
200} user_datum_t;
201
202/* Sensitivity attributes */
203typedef struct level_datum {
204	mls_level_t *level;	/* sensitivity and associated categories */
205	unsigned char isalias;	/* is this sensitivity an alias for another? */
206	unsigned char defined;
207} level_datum_t;
208
209/* Category attributes */
210typedef struct cat_datum {
211	symtab_datum_t s;
212	unsigned char isalias;	/* is this category an alias for another? */
213} cat_datum_t;
214
215typedef struct range_trans {
216	uint32_t source_type;
217	uint32_t target_type;
218	uint32_t target_class;
219	mls_range_t target_range;
220	struct range_trans *next;
221} range_trans_t;
222
223/* Boolean data type */
224typedef struct cond_bool_datum {
225	symtab_datum_t s;
226	int state;
227#define COND_BOOL_FLAGS_TUNABLE	0x01	/* is this a tunable? */
228	uint32_t flags;
229} cond_bool_datum_t;
230
231struct cond_node;
232
233typedef struct cond_node cond_list_t;
234struct cond_av_list;
235
236typedef struct class_perm_node {
237	uint32_t class;
238	uint32_t data;		/* permissions or new type */
239	struct class_perm_node *next;
240} class_perm_node_t;
241
242typedef struct avrule {
243/* these typedefs are almost exactly the same as those in avtab.h - they are
244 * here because of the need to include neverallow and dontaudit messages */
245#define AVRULE_ALLOWED     1
246#define AVRULE_AUDITALLOW  2
247#define AVRULE_AUDITDENY   4
248#define AVRULE_DONTAUDIT   8
249#define AVRULE_NEVERALLOW 128
250#define AVRULE_AV         (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW)
251#define AVRULE_TRANSITION 16
252#define AVRULE_MEMBER     32
253#define AVRULE_CHANGE     64
254#define AVRULE_TYPE       (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE)
255	uint32_t specified;
256#define RULE_SELF 1
257	uint32_t flags;
258	type_set_t stypes;
259	type_set_t ttypes;
260	class_perm_node_t *perms;
261	unsigned long line;	/* line number from policy.conf where
262				 * this rule originated  */
263	struct avrule *next;
264} avrule_t;
265
266typedef struct role_trans_rule {
267	role_set_t roles;	/* current role */
268	type_set_t types;	/* program executable type, or new object type */
269	ebitmap_t classes;	/* process class, or new object class */
270	uint32_t new_role;	/* new role */
271	struct role_trans_rule *next;
272} role_trans_rule_t;
273
274typedef struct role_allow_rule {
275	role_set_t roles;	/* current role */
276	role_set_t new_roles;	/* new roles */
277	struct role_allow_rule *next;
278} role_allow_rule_t;
279
280typedef struct filename_trans_rule {
281	type_set_t stypes;
282	type_set_t ttypes;
283	uint32_t tclass;
284	char *name;
285	uint32_t otype;	/* new type */
286	struct filename_trans_rule *next;
287} filename_trans_rule_t;
288
289typedef struct range_trans_rule {
290	type_set_t stypes;
291	type_set_t ttypes;
292	ebitmap_t tclasses;
293	mls_semantic_range_t trange;
294	struct range_trans_rule *next;
295} range_trans_rule_t;
296
297/*
298 * The configuration data includes security contexts for
299 * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
300 * network interfaces, and nodes.  This structure stores the
301 * relevant data for one such entry.  Entries of the same kind
302 * (e.g. all initial SIDs) are linked together into a list.
303 */
304typedef struct ocontext {
305	union {
306		char *name;	/* name of initial SID, fs, netif, fstype, path */
307		struct {
308			uint8_t protocol;
309			uint16_t low_port;
310			uint16_t high_port;
311		} port;		/* TCP or UDP port information */
312		struct {
313			uint32_t addr; /* network order */
314			uint32_t mask; /* network order */
315		} node;		/* node information */
316		struct {
317			uint32_t addr[4]; /* network order */
318			uint32_t mask[4]; /* network order */
319		} node6;	/* IPv6 node information */
320		uint32_t device;
321		uint16_t pirq;
322		struct {
323			uint32_t low_iomem;
324			uint32_t high_iomem;
325		} iomem;
326		struct {
327			uint32_t low_ioport;
328			uint32_t high_ioport;
329		} ioport;
330	} u;
331	union {
332		uint32_t sclass;	/* security class for genfs */
333		uint32_t behavior;	/* labeling behavior for fs_use */
334	} v;
335	context_struct_t context[2];	/* security context(s) */
336	sepol_security_id_t sid[2];	/* SID(s) */
337	struct ocontext *next;
338} ocontext_t;
339
340typedef struct genfs {
341	char *fstype;
342	struct ocontext *head;
343	struct genfs *next;
344} genfs_t;
345
346/* symbol table array indices */
347#define SYM_COMMONS 0
348#define SYM_CLASSES 1
349#define SYM_ROLES   2
350#define SYM_TYPES   3
351#define SYM_USERS   4
352#define SYM_BOOLS   5
353#define SYM_LEVELS  6
354#define SYM_CATS    7
355#define SYM_NUM     8
356
357/* object context array indices */
358#define OCON_ISID  0		/* initial SIDs */
359#define OCON_FS    1		/* unlabeled file systems */
360#define OCON_PORT  2		/* TCP and UDP port numbers */
361#define OCON_NETIF 3		/* network interfaces */
362#define OCON_NODE  4		/* nodes */
363#define OCON_FSUSE 5		/* fs_use */
364#define OCON_NODE6 6		/* IPv6 nodes */
365#define OCON_GENFS 7            /* needed for ocontext_supported */
366
367/* object context array indices for Xen */
368#define OCON_XEN_ISID  	    0    /* initial SIDs */
369#define OCON_XEN_PIRQ       1    /* physical irqs */
370#define OCON_XEN_IOPORT     2    /* io ports */
371#define OCON_XEN_IOMEM	    3    /* io memory */
372#define OCON_XEN_PCIDEVICE  4    /* pci devices */
373
374/* OCON_NUM needs to be the largest index in any platform's ocontext array */
375#define OCON_NUM   7
376
377/* section: module information */
378
379/* scope_index_t holds all of the symbols that are in scope in a
380 * particular situation.  The bitmaps are indices (and thus must
381 * subtract one) into the global policydb->scope array. */
382typedef struct scope_index {
383	ebitmap_t scope[SYM_NUM];
384#define p_classes_scope scope[SYM_CLASSES]
385#define p_roles_scope scope[SYM_ROLES]
386#define p_types_scope scope[SYM_TYPES]
387#define p_users_scope scope[SYM_USERS]
388#define p_bools_scope scope[SYM_BOOLS]
389#define p_sens_scope scope[SYM_LEVELS]
390#define p_cat_scope scope[SYM_CATS]
391
392	/* this array maps from class->value to the permissions within
393	 * scope.  if bit (perm->value - 1) is set in map
394	 * class_perms_map[class->value - 1] then that permission is
395	 * enabled for this class within this decl.  */
396	ebitmap_t *class_perms_map;
397	/* total number of classes in class_perms_map array */
398	uint32_t class_perms_len;
399} scope_index_t;
400
401/* a list of declarations for a particular avrule_decl */
402
403/* These two structs declare a block of policy that has TE and RBAC
404 * statements and declarations.  The root block (the global policy)
405 * can never have an ELSE branch. */
406typedef struct avrule_decl {
407	uint32_t decl_id;
408	uint32_t enabled;	/* whether this block is enabled */
409
410	cond_list_t *cond_list;
411	avrule_t *avrules;
412	role_trans_rule_t *role_tr_rules;
413	role_allow_rule_t *role_allow_rules;
414	range_trans_rule_t *range_tr_rules;
415	scope_index_t required;	/* symbols needed to activate this block */
416	scope_index_t declared;	/* symbols declared within this block */
417
418	/* type transition rules with a 'name' component */
419	filename_trans_rule_t *filename_trans_rules;
420
421	/* for additive statements (type attribute, roles, and users) */
422	symtab_t symtab[SYM_NUM];
423
424	/* In a linked module this will contain the name of the module
425	 * from which this avrule_decl originated. */
426	char *module_name;
427
428	struct avrule_decl *next;
429} avrule_decl_t;
430
431typedef struct avrule_block {
432	avrule_decl_t *branch_list;
433	avrule_decl_t *enabled;	/* pointer to which branch is enabled.  this is
434				   used in linking and never written to disk */
435#define AVRULE_OPTIONAL 1
436	uint32_t flags;		/* any flags for this block, currently just optional */
437	struct avrule_block *next;
438} avrule_block_t;
439
440/* Every identifier has its own scope datum.  The datum describes if
441 * the item is to be included into the final policy during
442 * expansion. */
443typedef struct scope_datum {
444/* Required for this decl */
445#define SCOPE_REQ  1
446/* Declared in this decl */
447#define SCOPE_DECL 2
448	uint32_t scope;
449	uint32_t *decl_ids;
450	uint32_t decl_ids_len;
451	/* decl_ids is a list of avrule_decl's that declare/require
452	 * this symbol.  If scope==SCOPE_DECL then this is a list of
453	 * declarations.  If the symbol may only be declared once
454	 * (types, bools) then decl_ids_len will be exactly 1.  For
455	 * implicitly declared things (roles, users) then decl_ids_len
456	 * will be at least 1. */
457} scope_datum_t;
458
459/* The policy database */
460typedef struct policydb {
461#define POLICY_KERN SEPOL_POLICY_KERN
462#define POLICY_BASE SEPOL_POLICY_BASE
463#define POLICY_MOD SEPOL_POLICY_MOD
464	uint32_t policy_type;
465	char *name;
466	char *version;
467	int  target_platform;
468
469	/* Set when the policydb is modified such that writing is unsupported */
470	int unsupported_format;
471
472	/* Whether this policydb is mls, should always be set */
473	int mls;
474
475	/* symbol tables */
476	symtab_t symtab[SYM_NUM];
477#define p_commons symtab[SYM_COMMONS]
478#define p_classes symtab[SYM_CLASSES]
479#define p_roles symtab[SYM_ROLES]
480#define p_types symtab[SYM_TYPES]
481#define p_users symtab[SYM_USERS]
482#define p_bools symtab[SYM_BOOLS]
483#define p_levels symtab[SYM_LEVELS]
484#define p_cats symtab[SYM_CATS]
485
486	/* symbol names indexed by (value - 1) */
487	char **sym_val_to_name[SYM_NUM];
488#define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
489#define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
490#define p_role_val_to_name sym_val_to_name[SYM_ROLES]
491#define p_type_val_to_name sym_val_to_name[SYM_TYPES]
492#define p_user_val_to_name sym_val_to_name[SYM_USERS]
493#define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
494#define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
495#define p_cat_val_to_name sym_val_to_name[SYM_CATS]
496
497	/* class, role, and user attributes indexed by (value - 1) */
498	class_datum_t **class_val_to_struct;
499	role_datum_t **role_val_to_struct;
500	user_datum_t **user_val_to_struct;
501	type_datum_t **type_val_to_struct;
502
503	/* module stuff section -- used in parsing and for modules */
504
505	/* keep track of the scope for every identifier.  these are
506	 * hash tables, where the key is the identifier name and value
507	 * a scope_datum_t.  as a convenience, one may use the
508	 * p_*_macros (cf. struct scope_index_t declaration). */
509	symtab_t scope[SYM_NUM];
510
511	/* module rule storage */
512	avrule_block_t *global;
513	/* avrule_decl index used for link/expand */
514	avrule_decl_t **decl_val_to_struct;
515
516	/* compiled storage of rules - use for the kernel policy */
517
518	/* type enforcement access vectors and transitions */
519	avtab_t te_avtab;
520
521	/* bools indexed by (value - 1) */
522	cond_bool_datum_t **bool_val_to_struct;
523	/* type enforcement conditional access vectors and transitions */
524	avtab_t te_cond_avtab;
525	/* linked list indexing te_cond_avtab by conditional */
526	cond_list_t *cond_list;
527
528	/* role transitions */
529	role_trans_t *role_tr;
530
531	/* type transition rules with a 'name' component */
532	filename_trans_t *filename_trans;
533
534	/* role allows */
535	role_allow_t *role_allow;
536
537	/* security contexts of initial SIDs, unlabeled file systems,
538	   TCP or UDP port numbers, network interfaces and nodes */
539	ocontext_t *ocontexts[OCON_NUM];
540
541	/* security contexts for files in filesystems that cannot support
542	   a persistent label mapping or use another
543	   fixed labeling behavior. */
544	genfs_t *genfs;
545
546	/* range transitions */
547	range_trans_t *range_tr;
548
549	ebitmap_t *type_attr_map;
550
551	ebitmap_t *attr_type_map;	/* not saved in the binary policy */
552
553	ebitmap_t policycaps;
554
555	/* this bitmap is referenced by type NOT the typical type-1 used in other
556	   bitmaps.  Someday the 0 bit may be used for global permissive */
557	ebitmap_t permissive_map;
558
559	unsigned policyvers;
560
561	unsigned handle_unknown;
562} policydb_t;
563
564struct sepol_policydb {
565	struct policydb p;
566};
567
568extern int policydb_init(policydb_t * p);
569
570extern int policydb_from_image(sepol_handle_t * handle,
571			       void *data, size_t len, policydb_t * policydb);
572
573extern int policydb_to_image(sepol_handle_t * handle,
574			     policydb_t * policydb, void **newdata,
575			     size_t * newlen);
576
577extern int policydb_index_classes(policydb_t * p);
578
579extern int policydb_index_bools(policydb_t * p);
580
581extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
582				 unsigned int verbose);
583
584extern int policydb_reindex_users(policydb_t * p);
585
586extern void policydb_destroy(policydb_t * p);
587
588extern int policydb_load_isids(policydb_t * p, sidtab_t * s);
589
590/* Deprecated */
591extern int policydb_context_isvalid(const policydb_t * p,
592				    const context_struct_t * c);
593
594extern void symtabs_destroy(symtab_t * symtab);
595extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
596typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
597					void *args);
598extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);
599
600extern void class_perm_node_init(class_perm_node_t * x);
601extern void type_set_init(type_set_t * x);
602extern void type_set_destroy(type_set_t * x);
603extern int type_set_cpy(type_set_t * dst, type_set_t * src);
604extern int type_set_or_eq(type_set_t * dst, type_set_t * other);
605extern void role_set_init(role_set_t * x);
606extern void role_set_destroy(role_set_t * x);
607extern void avrule_init(avrule_t * x);
608extern void avrule_destroy(avrule_t * x);
609extern void avrule_list_destroy(avrule_t * x);
610extern void role_trans_rule_init(role_trans_rule_t * x);
611extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
612extern void filename_trans_rule_init(filename_trans_rule_t * x);
613extern void filename_trans_rule_list_destroy(filename_trans_rule_t * x);
614
615extern void role_datum_init(role_datum_t * x);
616extern void role_datum_destroy(role_datum_t * x);
617extern void role_allow_rule_init(role_allow_rule_t * x);
618extern void role_allow_rule_destroy(role_allow_rule_t * x);
619extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
620extern void range_trans_rule_init(range_trans_rule_t *x);
621extern void range_trans_rule_destroy(range_trans_rule_t *x);
622extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
623extern void type_datum_init(type_datum_t * x);
624extern void type_datum_destroy(type_datum_t * x);
625extern void user_datum_init(user_datum_t * x);
626extern void user_datum_destroy(user_datum_t * x);
627extern void level_datum_init(level_datum_t * x);
628extern void level_datum_destroy(level_datum_t * x);
629extern void cat_datum_init(cat_datum_t * x);
630extern void cat_datum_destroy(cat_datum_t * x);
631
632extern int check_assertions(sepol_handle_t * handle,
633			    policydb_t * p, avrule_t * avrules);
634
635extern int symtab_insert(policydb_t * x, uint32_t sym,
636			 hashtab_key_t key, hashtab_datum_t datum,
637			 uint32_t scope, uint32_t avrule_decl_id,
638			 uint32_t * value);
639
640/* A policy "file" may be a memory region referenced by a (data, len) pair
641   or a file referenced by a FILE pointer. */
642typedef struct policy_file {
643#define PF_USE_MEMORY  0
644#define PF_USE_STDIO   1
645#define PF_LEN         2	/* total up length in len field */
646	unsigned type;
647	char *data;
648	size_t len;
649	size_t size;
650	FILE *fp;
651	struct sepol_handle *handle;
652} policy_file_t;
653
654struct sepol_policy_file {
655	struct policy_file pf;
656};
657
658extern void policy_file_init(policy_file_t * x);
659
660extern int policydb_read(policydb_t * p, struct policy_file *fp,
661			 unsigned int verbose);
662extern int avrule_read_list(policydb_t * p, avrule_t ** avrules,
663			    struct policy_file *fp);
664
665extern int policydb_write(struct policydb *p, struct policy_file *pf);
666extern int policydb_set_target_platform(policydb_t *p, int platform);
667
668#define PERM_SYMTAB_SIZE 32
669
670/* Identify specific policy version changes */
671#define POLICYDB_VERSION_BASE		15
672#define POLICYDB_VERSION_BOOL		16
673#define POLICYDB_VERSION_IPV6		17
674#define POLICYDB_VERSION_NLCLASS	18
675#define POLICYDB_VERSION_VALIDATETRANS	19
676#define POLICYDB_VERSION_MLS		19
677#define POLICYDB_VERSION_AVTAB		20
678#define POLICYDB_VERSION_RANGETRANS	21
679#define POLICYDB_VERSION_POLCAP		22
680#define POLICYDB_VERSION_PERMISSIVE	23
681#define POLICYDB_VERSION_BOUNDARY	24
682#define POLICYDB_VERSION_FILENAME_TRANS	25
683#define POLICYDB_VERSION_ROLETRANS	26
684#define POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	27
685#define POLICYDB_VERSION_DEFAULT_TYPE	28
686#define POLICYDB_VERSION_CONSTRAINT_NAMES	29
687
688/* Range of policy versions we understand*/
689#define POLICYDB_VERSION_MIN	POLICYDB_VERSION_BASE
690#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_CONSTRAINT_NAMES
691
692/* Module versions and specific changes*/
693#define MOD_POLICYDB_VERSION_BASE		4
694#define MOD_POLICYDB_VERSION_VALIDATETRANS	5
695#define MOD_POLICYDB_VERSION_MLS		5
696#define MOD_POLICYDB_VERSION_RANGETRANS 	6
697#define MOD_POLICYDB_VERSION_MLS_USERS		6
698#define MOD_POLICYDB_VERSION_POLCAP		7
699#define MOD_POLICYDB_VERSION_PERMISSIVE		8
700#define MOD_POLICYDB_VERSION_BOUNDARY		9
701#define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS	10
702#define MOD_POLICYDB_VERSION_FILENAME_TRANS	11
703#define MOD_POLICYDB_VERSION_ROLETRANS		12
704#define MOD_POLICYDB_VERSION_ROLEATTRIB		13
705#define MOD_POLICYDB_VERSION_TUNABLE_SEP	14
706#define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS	15
707#define MOD_POLICYDB_VERSION_DEFAULT_TYPE	16
708#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES  17
709
710#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
711#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_CONSTRAINT_NAMES
712
713#define POLICYDB_CONFIG_MLS    1
714
715/* macros to check policy feature */
716
717/* TODO: add other features here */
718
719#define policydb_has_boundary_feature(p)			\
720	(((p)->policy_type == POLICY_KERN			\
721	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
722	 ((p)->policy_type != POLICY_KERN			\
723	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
724
725/* the config flags related to unknown classes/perms are bits 2 and 3 */
726#define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
727#define REJECT_UNKNOWN	SEPOL_REJECT_UNKNOWN
728#define ALLOW_UNKNOWN 	SEPOL_ALLOW_UNKNOWN
729
730#define POLICYDB_CONFIG_UNKNOWN_MASK	(DENY_UNKNOWN | REJECT_UNKNOWN | ALLOW_UNKNOWN)
731
732#define OBJECT_R "object_r"
733#define OBJECT_R_VAL 1
734
735#define POLICYDB_MAGIC SELINUX_MAGIC
736#define POLICYDB_STRING "SE Linux"
737#define POLICYDB_XEN_STRING "XenFlask"
738#define POLICYDB_STRING_MAX_LENGTH 32
739#define POLICYDB_MOD_MAGIC SELINUX_MOD_MAGIC
740#define POLICYDB_MOD_STRING "SE Linux Module"
741#define SEPOL_TARGET_SELINUX 0
742#define SEPOL_TARGET_XEN     1
743
744
745#endif				/* _POLICYDB_H_ */
746
747/* FLASK */
748