1255e72915d4cbddceb435e13d81601755714e9fSE Android/* Authors: Karl MacMillan <kmacmillan@tresys.com> 2255e72915d4cbddceb435e13d81601755714e9fSE Android * Frank Mayer <mayerf@tresys.com> 3255e72915d4cbddceb435e13d81601755714e9fSE Android * 4255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2003 - 2005 Tresys Technology, LLC 5255e72915d4cbddceb435e13d81601755714e9fSE Android * 6255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 7255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 8255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 9255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 10255e72915d4cbddceb435e13d81601755714e9fSE Android * 11255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 12255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 13255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 15255e72915d4cbddceb435e13d81601755714e9fSE Android * 16255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 17255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 18255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19255e72915d4cbddceb435e13d81601755714e9fSE Android */ 20255e72915d4cbddceb435e13d81601755714e9fSE Android 21255e72915d4cbddceb435e13d81601755714e9fSE Android#ifndef _SEPOL_POLICYDB_CONDITIONAL_H_ 22255e72915d4cbddceb435e13d81601755714e9fSE Android#define _SEPOL_POLICYDB_CONDITIONAL_H_ 23255e72915d4cbddceb435e13d81601755714e9fSE Android 24255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/flask_types.h> 25255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/avtab.h> 26255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/symtab.h> 27255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sepol/policydb/policydb.h> 28255e72915d4cbddceb435e13d81601755714e9fSE Android 29255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_EXPR_MAXDEPTH 10 30255e72915d4cbddceb435e13d81601755714e9fSE Android 31255e72915d4cbddceb435e13d81601755714e9fSE Android/* this is the max unique bools in a conditional expression 32255e72915d4cbddceb435e13d81601755714e9fSE Android * for which we precompute all outcomes for the expression. 33255e72915d4cbddceb435e13d81601755714e9fSE Android * 34255e72915d4cbddceb435e13d81601755714e9fSE Android * NOTE - do _NOT_ use value greater than 5 because 35255e72915d4cbddceb435e13d81601755714e9fSE Android * cond_node_t->expr_pre_comp can only hold at most 32 values 36255e72915d4cbddceb435e13d81601755714e9fSE Android */ 37255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_MAX_BOOLS 5 38255e72915d4cbddceb435e13d81601755714e9fSE Android 39255e72915d4cbddceb435e13d81601755714e9fSE Android/* 40255e72915d4cbddceb435e13d81601755714e9fSE Android * A conditional expression is a list of operators and operands 41255e72915d4cbddceb435e13d81601755714e9fSE Android * in reverse polish notation. 42255e72915d4cbddceb435e13d81601755714e9fSE Android */ 43255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct cond_expr { 44255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_BOOL 1 /* plain bool */ 45255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_NOT 2 /* !bool */ 46255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_OR 3 /* bool || bool */ 47255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_AND 4 /* bool && bool */ 48255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_XOR 5 /* bool ^ bool */ 49255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_EQ 6 /* bool == bool */ 50255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_NEQ 7 /* bool != bool */ 51255e72915d4cbddceb435e13d81601755714e9fSE Android#define COND_LAST COND_NEQ 52255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t expr_type; 53255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t bool; 54255e72915d4cbddceb435e13d81601755714e9fSE Android struct cond_expr *next; 55255e72915d4cbddceb435e13d81601755714e9fSE Android} cond_expr_t; 56255e72915d4cbddceb435e13d81601755714e9fSE Android 57255e72915d4cbddceb435e13d81601755714e9fSE Android/* 58255e72915d4cbddceb435e13d81601755714e9fSE Android * Each cond_node_t contains a list of rules to be enabled/disabled 59255e72915d4cbddceb435e13d81601755714e9fSE Android * depending on the current value of the conditional expression. This 60255e72915d4cbddceb435e13d81601755714e9fSE Android * struct is for that list. 61255e72915d4cbddceb435e13d81601755714e9fSE Android */ 62255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct cond_av_list { 63255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_ptr_t node; 64255e72915d4cbddceb435e13d81601755714e9fSE Android struct cond_av_list *next; 65255e72915d4cbddceb435e13d81601755714e9fSE Android} cond_av_list_t; 66255e72915d4cbddceb435e13d81601755714e9fSE Android 67255e72915d4cbddceb435e13d81601755714e9fSE Android/* 68255e72915d4cbddceb435e13d81601755714e9fSE Android * A cond node represents a conditional block in a policy. It 69255e72915d4cbddceb435e13d81601755714e9fSE Android * contains a conditional expression, the current state of the expression, 70255e72915d4cbddceb435e13d81601755714e9fSE Android * two lists of rules to enable/disable depending on the value of the 71255e72915d4cbddceb435e13d81601755714e9fSE Android * expression (the true list corresponds to if and the false list corresponds 72255e72915d4cbddceb435e13d81601755714e9fSE Android * to else).. 73255e72915d4cbddceb435e13d81601755714e9fSE Android */ 74255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct cond_node { 75255e72915d4cbddceb435e13d81601755714e9fSE Android int cur_state; 76255e72915d4cbddceb435e13d81601755714e9fSE Android cond_expr_t *expr; 77255e72915d4cbddceb435e13d81601755714e9fSE Android /* these true/false lists point into te_avtab when that is used */ 78255e72915d4cbddceb435e13d81601755714e9fSE Android cond_av_list_t *true_list; 79255e72915d4cbddceb435e13d81601755714e9fSE Android cond_av_list_t *false_list; 80fb82f8ed213dd54eebc6bdd5557984c3ba870496Stephen Smalley /* and these are used during parsing and for modules */ 81255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_t *avtrue_list; 82255e72915d4cbddceb435e13d81601755714e9fSE Android avrule_t *avfalse_list; 83255e72915d4cbddceb435e13d81601755714e9fSE Android /* these fields are not written to binary policy */ 84255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned int nbools; 85255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t bool_ids[COND_MAX_BOOLS]; 86255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t expr_pre_comp; 87255e72915d4cbddceb435e13d81601755714e9fSE Android struct cond_node *next; 88fb82f8ed213dd54eebc6bdd5557984c3ba870496Stephen Smalley /* a tunable conditional, calculated and used at expansion */ 89fb82f8ed213dd54eebc6bdd5557984c3ba870496Stephen Smalley#define COND_NODE_FLAGS_TUNABLE 0x01 90fb82f8ed213dd54eebc6bdd5557984c3ba870496Stephen Smalley uint32_t flags; 91255e72915d4cbddceb435e13d81601755714e9fSE Android} cond_node_t; 92255e72915d4cbddceb435e13d81601755714e9fSE Android 93255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr); 94255e72915d4cbddceb435e13d81601755714e9fSE Androidextern cond_expr_t *cond_copy_expr(cond_expr_t * expr); 95255e72915d4cbddceb435e13d81601755714e9fSE Android 96255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_expr_equal(cond_node_t * a, cond_node_t * b); 97255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_normalize_expr(policydb_t * p, cond_node_t * cn); 98255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_node_destroy(cond_node_t * node); 99255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_expr_destroy(cond_expr_t * expr); 100255e72915d4cbddceb435e13d81601755714e9fSE Android 101255e72915d4cbddceb435e13d81601755714e9fSE Androidextern cond_node_t *cond_node_find(policydb_t * p, 102255e72915d4cbddceb435e13d81601755714e9fSE Android cond_node_t * needle, cond_node_t * haystack, 103255e72915d4cbddceb435e13d81601755714e9fSE Android int *was_created); 104255e72915d4cbddceb435e13d81601755714e9fSE Android 105255e72915d4cbddceb435e13d81601755714e9fSE Androidextern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node); 106255e72915d4cbddceb435e13d81601755714e9fSE Android 107255e72915d4cbddceb435e13d81601755714e9fSE Androidextern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list, 108255e72915d4cbddceb435e13d81601755714e9fSE Android cond_node_t * cn); 109255e72915d4cbddceb435e13d81601755714e9fSE Android 110255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int evaluate_conds(policydb_t * p); 111255e72915d4cbddceb435e13d81601755714e9fSE Android 112255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_datum_t *cond_av_list_search(avtab_key_t * key, 113255e72915d4cbddceb435e13d81601755714e9fSE Android cond_av_list_t * cond_list); 114255e72915d4cbddceb435e13d81601755714e9fSE Android 115255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_av_list_destroy(cond_av_list_t * list); 116255e72915d4cbddceb435e13d81601755714e9fSE Android 117255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_optimize_lists(cond_list_t * cl); 118255e72915d4cbddceb435e13d81601755714e9fSE Android 119255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_policydb_init(policydb_t * p); 120255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_policydb_destroy(policydb_t * p); 121255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_list_destroy(cond_list_t * list); 122255e72915d4cbddceb435e13d81601755714e9fSE Android 123255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_init_bool_indexes(policydb_t * p); 124255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_destroy_bool(hashtab_key_t key, hashtab_datum_t datum, void *p); 125255e72915d4cbddceb435e13d81601755714e9fSE Android 126255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_index_bool(hashtab_key_t key, hashtab_datum_t datum, 127255e72915d4cbddceb435e13d81601755714e9fSE Android void *datap); 128255e72915d4cbddceb435e13d81601755714e9fSE Android 129255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_read_bool(policydb_t * p, hashtab_t h, struct policy_file *fp); 130255e72915d4cbddceb435e13d81601755714e9fSE Android 131255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp); 132255e72915d4cbddceb435e13d81601755714e9fSE Android 133255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void cond_compute_av(avtab_t * ctab, avtab_key_t * key, 134255e72915d4cbddceb435e13d81601755714e9fSE Android struct sepol_av_decision *avd); 135255e72915d4cbddceb435e13d81601755714e9fSE Android 136255e72915d4cbddceb435e13d81601755714e9fSE Android#endif /* _CONDITIONAL_H_ */ 137