1/* 2 * This file describes the internal interface used by the AVC 3 * for calling the user-supplied memory allocation, supplemental 4 * auditing, and locking routine, as well as incrementing the 5 * statistics fields. 6 * 7 * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> 8 */ 9#ifndef _SELINUX_AVC_INTERNAL_H_ 10#define _SELINUX_AVC_INTERNAL_H_ 11 12#include <stdio.h> 13#include <stdlib.h> 14#include <string.h> 15#include <selinux/avc.h> 16#include "callbacks.h" 17#include "dso.h" 18 19/* callback pointers */ 20extern void *(*avc_func_malloc) (size_t) hidden; 21extern void (*avc_func_free) (void *)hidden; 22 23extern void (*avc_func_log) (const char *, ...)hidden; 24extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; 25 26extern int avc_using_threads hidden; 27extern int avc_app_main_loop hidden; 28extern void *(*avc_func_create_thread) (void (*)(void))hidden; 29extern void (*avc_func_stop_thread) (void *)hidden; 30 31extern void *(*avc_func_alloc_lock) (void)hidden; 32extern void (*avc_func_get_lock) (void *)hidden; 33extern void (*avc_func_release_lock) (void *)hidden; 34extern void (*avc_func_free_lock) (void *)hidden; 35 36static inline void set_callbacks(const struct avc_memory_callback *mem_cb, 37 const struct avc_log_callback *log_cb, 38 const struct avc_thread_callback *thread_cb, 39 const struct avc_lock_callback *lock_cb) 40{ 41 if (mem_cb) { 42 avc_func_malloc = mem_cb->func_malloc; 43 avc_func_free = mem_cb->func_free; 44 } 45 if (log_cb) { 46 avc_func_log = log_cb->func_log; 47 avc_func_audit = log_cb->func_audit; 48 } 49 if (thread_cb) { 50 avc_using_threads = 1; 51 avc_func_create_thread = thread_cb->func_create_thread; 52 avc_func_stop_thread = thread_cb->func_stop_thread; 53 } 54 if (lock_cb) { 55 avc_func_alloc_lock = lock_cb->func_alloc_lock; 56 avc_func_get_lock = lock_cb->func_get_lock; 57 avc_func_release_lock = lock_cb->func_release_lock; 58 avc_func_free_lock = lock_cb->func_free_lock; 59 } 60} 61 62/* message prefix and enforcing mode*/ 63#define AVC_PREFIX_SIZE 16 64extern char avc_prefix[AVC_PREFIX_SIZE] hidden; 65extern int avc_running hidden; 66extern int avc_enforcing hidden; 67extern int avc_setenforce hidden; 68 69/* user-supplied callback interface for avc */ 70static inline void *avc_malloc(size_t size) 71{ 72 return avc_func_malloc ? avc_func_malloc(size) : malloc(size); 73} 74 75static inline void avc_free(void *ptr) 76{ 77 if (avc_func_free) 78 avc_func_free(ptr); 79 else 80 free(ptr); 81} 82 83/* this is a macro in order to use the variadic capability. */ 84#define avc_log(type, format...) \ 85 if (avc_func_log) \ 86 avc_func_log(format); \ 87 else \ 88 selinux_log(type, format); 89 90static inline void avc_suppl_audit(void *ptr, security_class_t class, 91 char *buf, size_t len) 92{ 93 if (avc_func_audit) 94 avc_func_audit(ptr, class, buf, len); 95 else 96 selinux_audit(ptr, class, buf, len); 97} 98 99static inline void *avc_create_thread(void (*run) (void)) 100{ 101 return avc_func_create_thread ? avc_func_create_thread(run) : NULL; 102} 103 104static inline void avc_stop_thread(void *thread) 105{ 106 if (avc_func_stop_thread) 107 avc_func_stop_thread(thread); 108} 109 110static inline void *avc_alloc_lock(void) 111{ 112 return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL; 113} 114 115static inline void avc_get_lock(void *lock) 116{ 117 if (avc_func_get_lock) 118 avc_func_get_lock(lock); 119} 120 121static inline void avc_release_lock(void *lock) 122{ 123 if (avc_func_release_lock) 124 avc_func_release_lock(lock); 125} 126 127static inline void avc_free_lock(void *lock) 128{ 129 if (avc_func_free_lock) 130 avc_func_free_lock(lock); 131} 132 133/* statistics helper routines */ 134#ifdef AVC_CACHE_STATS 135 136#define avc_cache_stats_incr(field) \ 137 cache_stats.field ++; 138#define avc_cache_stats_add(field, num) \ 139 cache_stats.field += num; 140 141#else 142 143#define avc_cache_stats_incr(field) 144#define avc_cache_stats_add(field, num) 145 146#endif 147 148/* logging helper routines */ 149#define AVC_AUDIT_BUFSIZE 1024 150 151/* again, we need the variadic capability here */ 152#define log_append(buf,format...) \ 153 snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format) 154 155/* internal callbacks */ 156int avc_ss_grant(security_id_t ssid, security_id_t tsid, 157 security_class_t tclass, access_vector_t perms, 158 uint32_t seqno) hidden; 159int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, 160 security_class_t tclass, 161 access_vector_t perms, uint32_t seqno, 162 access_vector_t * out_retained) hidden; 163int avc_ss_revoke(security_id_t ssid, security_id_t tsid, 164 security_class_t tclass, access_vector_t perms, 165 uint32_t seqno) hidden; 166int avc_ss_reset(uint32_t seqno) hidden; 167int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, 168 security_class_t tclass, access_vector_t perms, 169 uint32_t seqno, uint32_t enable) hidden; 170int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, 171 security_class_t tclass, access_vector_t perms, 172 uint32_t seqno, uint32_t enable) hidden; 173 174/* netlink kernel message code */ 175extern int avc_netlink_trouble hidden; 176 177hidden_proto(avc_av_stats) 178 hidden_proto(avc_cleanup) 179 hidden_proto(avc_reset) 180 hidden_proto(avc_audit) 181 hidden_proto(avc_has_perm_noaudit) 182#endif /* _SELINUX_AVC_INTERNAL_H_ */ 183