1255e72915d4cbddceb435e13d81601755714e9fSE Android 2255e72915d4cbddceb435e13d81601755714e9fSE Android/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ 3255e72915d4cbddceb435e13d81601755714e9fSE Android 4255e72915d4cbddceb435e13d81601755714e9fSE Android/* 5255e72915d4cbddceb435e13d81601755714e9fSE Android * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> 6255e72915d4cbddceb435e13d81601755714e9fSE Android * Tuned number of hash slots for avtab to reduce memory usage 7255e72915d4cbddceb435e13d81601755714e9fSE Android */ 8255e72915d4cbddceb435e13d81601755714e9fSE Android 9255e72915d4cbddceb435e13d81601755714e9fSE Android/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 10255e72915d4cbddceb435e13d81601755714e9fSE Android * 11255e72915d4cbddceb435e13d81601755714e9fSE Android * Added conditional policy language extensions 12255e72915d4cbddceb435e13d81601755714e9fSE Android * 13255e72915d4cbddceb435e13d81601755714e9fSE Android * Copyright (C) 2003 Tresys Technology, LLC 14255e72915d4cbddceb435e13d81601755714e9fSE Android * 15255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is free software; you can redistribute it and/or 16255e72915d4cbddceb435e13d81601755714e9fSE Android * modify it under the terms of the GNU Lesser General Public 17255e72915d4cbddceb435e13d81601755714e9fSE Android * License as published by the Free Software Foundation; either 18255e72915d4cbddceb435e13d81601755714e9fSE Android * version 2.1 of the License, or (at your option) any later version. 19255e72915d4cbddceb435e13d81601755714e9fSE Android * 20255e72915d4cbddceb435e13d81601755714e9fSE Android * This library is distributed in the hope that it will be useful, 21255e72915d4cbddceb435e13d81601755714e9fSE Android * but WITHOUT ANY WARRANTY; without even the implied warranty of 22255e72915d4cbddceb435e13d81601755714e9fSE Android * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 23255e72915d4cbddceb435e13d81601755714e9fSE Android * Lesser General Public License for more details. 24255e72915d4cbddceb435e13d81601755714e9fSE Android * 25255e72915d4cbddceb435e13d81601755714e9fSE Android * You should have received a copy of the GNU Lesser General Public 26255e72915d4cbddceb435e13d81601755714e9fSE Android * License along with this library; if not, write to the Free Software 27255e72915d4cbddceb435e13d81601755714e9fSE Android * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 28255e72915d4cbddceb435e13d81601755714e9fSE Android */ 29255e72915d4cbddceb435e13d81601755714e9fSE Android 30255e72915d4cbddceb435e13d81601755714e9fSE Android/* FLASK */ 31255e72915d4cbddceb435e13d81601755714e9fSE Android 32255e72915d4cbddceb435e13d81601755714e9fSE Android/* 33255e72915d4cbddceb435e13d81601755714e9fSE Android * An access vector table (avtab) is a hash table 34255e72915d4cbddceb435e13d81601755714e9fSE Android * of access vectors and transition types indexed 35255e72915d4cbddceb435e13d81601755714e9fSE Android * by a type pair and a class. An access vector 36255e72915d4cbddceb435e13d81601755714e9fSE Android * table is used to represent the type enforcement 37255e72915d4cbddceb435e13d81601755714e9fSE Android * tables. 38255e72915d4cbddceb435e13d81601755714e9fSE Android */ 39255e72915d4cbddceb435e13d81601755714e9fSE Android 40255e72915d4cbddceb435e13d81601755714e9fSE Android#ifndef _SEPOL_POLICYDB_AVTAB_H_ 41255e72915d4cbddceb435e13d81601755714e9fSE Android#define _SEPOL_POLICYDB_AVTAB_H_ 42255e72915d4cbddceb435e13d81601755714e9fSE Android 43255e72915d4cbddceb435e13d81601755714e9fSE Android#include <sys/types.h> 44255e72915d4cbddceb435e13d81601755714e9fSE Android#include <stdint.h> 45255e72915d4cbddceb435e13d81601755714e9fSE Android 46255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct avtab_key { 47255e72915d4cbddceb435e13d81601755714e9fSE Android uint16_t source_type; 48255e72915d4cbddceb435e13d81601755714e9fSE Android uint16_t target_type; 49255e72915d4cbddceb435e13d81601755714e9fSE Android uint16_t target_class; 50255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_ALLOWED 1 51255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_AUDITALLOW 2 52255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_AUDITDENY 4 53255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_NEVERALLOW 128 54255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) 55255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_TRANSITION 16 56255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_MEMBER 32 57255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_CHANGE 64 58255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE) 59255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_ENABLED_OLD 0x80000000 60255e72915d4cbddceb435e13d81601755714e9fSE Android#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */ 61255e72915d4cbddceb435e13d81601755714e9fSE Android uint16_t specified; /* what fields are specified */ 62255e72915d4cbddceb435e13d81601755714e9fSE Android} avtab_key_t; 63255e72915d4cbddceb435e13d81601755714e9fSE Android 64255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct avtab_datum { 65255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t data; /* access vector or type */ 66255e72915d4cbddceb435e13d81601755714e9fSE Android} avtab_datum_t; 67255e72915d4cbddceb435e13d81601755714e9fSE Android 68255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct avtab_node *avtab_ptr_t; 69255e72915d4cbddceb435e13d81601755714e9fSE Android 70255e72915d4cbddceb435e13d81601755714e9fSE Androidstruct avtab_node { 71255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_key_t key; 72255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_datum_t datum; 73255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_ptr_t next; 74255e72915d4cbddceb435e13d81601755714e9fSE Android void *parse_context; /* generic context pointer used by parser; 75255e72915d4cbddceb435e13d81601755714e9fSE Android * not saved in binary policy */ 76255e72915d4cbddceb435e13d81601755714e9fSE Android unsigned merged; /* flag for avtab_write only; 77255e72915d4cbddceb435e13d81601755714e9fSE Android not saved in binary policy */ 78255e72915d4cbddceb435e13d81601755714e9fSE Android}; 79255e72915d4cbddceb435e13d81601755714e9fSE Android 80255e72915d4cbddceb435e13d81601755714e9fSE Androidtypedef struct avtab { 81255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_ptr_t *htable; 82255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t nel; /* number of elements */ 83255e72915d4cbddceb435e13d81601755714e9fSE Android uint32_t nslot; /* number of hash slots */ 84255e72915d4cbddceb435e13d81601755714e9fSE Android uint16_t mask; /* mask to compute hash func */ 85255e72915d4cbddceb435e13d81601755714e9fSE Android} avtab_t; 86255e72915d4cbddceb435e13d81601755714e9fSE Android 87255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_init(avtab_t *); 88255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_alloc(avtab_t *, uint32_t); 89255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d); 90255e72915d4cbddceb435e13d81601755714e9fSE Android 91255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k); 92255e72915d4cbddceb435e13d81601755714e9fSE Android 93255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void avtab_destroy(avtab_t * h); 94255e72915d4cbddceb435e13d81601755714e9fSE Android 95255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_map(avtab_t * h, 96255e72915d4cbddceb435e13d81601755714e9fSE Android int (*apply) (avtab_key_t * k, 97255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_datum_t * d, void *args), void *args); 98255e72915d4cbddceb435e13d81601755714e9fSE Android 99255e72915d4cbddceb435e13d81601755714e9fSE Androidextern void avtab_hash_eval(avtab_t * h, char *tag); 100255e72915d4cbddceb435e13d81601755714e9fSE Android 101255e72915d4cbddceb435e13d81601755714e9fSE Androidstruct policy_file; 102255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, 103255e72915d4cbddceb435e13d81601755714e9fSE Android int (*insert) (avtab_t * a, avtab_key_t * k, 104255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_datum_t * d, void *p), void *p); 105255e72915d4cbddceb435e13d81601755714e9fSE Android 106255e72915d4cbddceb435e13d81601755714e9fSE Androidextern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers); 107255e72915d4cbddceb435e13d81601755714e9fSE Android 108255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key, 109255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_datum_t * datum); 110255e72915d4cbddceb435e13d81601755714e9fSE Android 111255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h, 112255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_key_t * key, 113255e72915d4cbddceb435e13d81601755714e9fSE Android avtab_datum_t * datum, 114255e72915d4cbddceb435e13d81601755714e9fSE Android void *parse_context); 115255e72915d4cbddceb435e13d81601755714e9fSE Android 116255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key); 117255e72915d4cbddceb435e13d81601755714e9fSE Android 118255e72915d4cbddceb435e13d81601755714e9fSE Androidextern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified); 119255e72915d4cbddceb435e13d81601755714e9fSE Android 120255e72915d4cbddceb435e13d81601755714e9fSE Android#define MAX_AVTAB_HASH_BITS 13 121255e72915d4cbddceb435e13d81601755714e9fSE Android#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) 122255e72915d4cbddceb435e13d81601755714e9fSE Android#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1) 123255e72915d4cbddceb435e13d81601755714e9fSE Android#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS 124255e72915d4cbddceb435e13d81601755714e9fSE Android 125255e72915d4cbddceb435e13d81601755714e9fSE Android#endif /* _AVTAB_H_ */ 126255e72915d4cbddceb435e13d81601755714e9fSE Android 127255e72915d4cbddceb435e13d81601755714e9fSE Android/* FLASK */ 128