debuggers.hg

view tools/flask/libflask/flask_op.c @ 22848:6341fe0f4e5a

Added tag 4.1.0-rc2 for changeset 9dca60d88c63
author Keir Fraser <keir@xen.org>
date Tue Jan 25 14:06:55 2011 +0000 (2011-01-25)
parents 779c0ef9682c
children
line source
1 /*
2 *
3 * Authors: Michael LeMay, <mdlemay@epoch.ncsc.mil>
4 * George Coker, <gscoker@alpha.ncsc.mil>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2,
8 * as published by the Free Software Foundation.
9 */
11 #include <unistd.h>
12 #include <stdio.h>
13 #include <errno.h>
14 #include <fcntl.h>
15 #include <string.h>
16 #include <sys/mman.h>
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <stdlib.h>
20 #include <stdint.h>
21 #include <sys/ioctl.h>
22 #include <libflask.h>
24 int flask_load(xc_interface *xc_handle, char *buf, uint32_t size)
25 {
26 int err;
27 flask_op_t op;
29 op.cmd = FLASK_LOAD;
30 op.buf = buf;
31 op.size = size;
33 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
34 return err;
36 return 0;
37 }
39 int flask_context_to_sid(xc_interface *xc_handle, char *buf, uint32_t size, uint32_t *sid)
40 {
41 int err;
42 flask_op_t op;
44 op.cmd = FLASK_CONTEXT_TO_SID;
45 op.buf = buf;
46 op.size = size;
48 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
49 return err;
51 sscanf(buf, "%u", sid);
53 return 0;
54 }
56 int flask_sid_to_context(xc_interface *xc_handle, int sid, char *buf, uint32_t size)
57 {
58 int err;
59 flask_op_t op;
61 op.cmd = FLASK_SID_TO_CONTEXT;
62 op.buf = buf;
63 op.size = size;
65 snprintf(buf, size, "%u", sid);
67 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
68 return err;
70 return 0;
71 }
73 int flask_getenforce(xc_interface *xc_handle)
74 {
75 int err;
76 flask_op_t op;
77 char buf[20];
78 int size = 20;
79 int mode;
81 op.cmd = FLASK_GETENFORCE;
82 op.buf = buf;
83 op.size = size;
85 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
86 return err;
88 sscanf(buf, "%i", &mode);
90 return mode;
91 }
93 int flask_setenforce(xc_interface *xc_handle, int mode)
94 {
95 int err;
96 flask_op_t op;
97 char buf[20];
98 int size = 20;
100 op.cmd = FLASK_SETENFORCE;
101 op.buf = buf;
102 op.size = size;
104 snprintf(buf, size, "%i", mode);
106 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
107 return err;
109 return 0;
110 }
112 int flask_add_pirq(xc_interface *xc_handle, unsigned int pirq, char *scontext)
113 {
114 int err;
115 flask_op_t op;
116 char *buf;
117 char *pirq_s = OCON_PIRQ_STR;
118 int size = INITCONTEXTLEN + strlen(pirq_s) + (sizeof(unsigned int)) +
119 (sizeof(char) * 3);
121 if ( (buf = (char *) malloc(size)) == NULL )
122 return -ENOMEM;
123 memset(buf, 0, size);
125 op.cmd = FLASK_ADD_OCONTEXT;
126 snprintf(buf, size, "%s %255s %u", pirq_s, scontext, pirq);
127 op.buf = buf;
128 op.size = size;
130 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
131 {
132 free(buf);
133 return err;
134 }
136 free(buf);
137 return 0;
139 }
141 int flask_add_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high,
142 char *scontext)
143 {
144 int err;
145 flask_op_t op;
146 char *buf;
147 char *ioport = OCON_IOPORT_STR;
148 int size = INITCONTEXTLEN + strlen(ioport) +
149 (sizeof(unsigned long) * 2) + (sizeof(char) * 4);
151 if ( (buf = (char *) malloc(size)) == NULL )
152 return -ENOMEM;
153 memset(buf, 0, size);
155 op.cmd = FLASK_ADD_OCONTEXT;
156 snprintf(buf, size, "%s %255s %lu %lu", ioport, scontext, low, high);
157 op.buf = buf;
158 op.size = size;
160 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
161 {
162 free(buf);
163 return err;
164 }
166 free(buf);
167 return 0;
169 }
171 int flask_add_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high,
172 char *scontext)
173 {
174 int err;
175 flask_op_t op;
176 char *buf;
177 char *iomem = OCON_IOMEM_STR;
178 int size = INITCONTEXTLEN + strlen(iomem) +
179 (sizeof(unsigned long) * 2) + (sizeof(char) * 4);
181 if ( (buf = (char *) malloc(size)) == NULL )
182 return -ENOMEM;
183 memset(buf, 0, size);
185 op.cmd = FLASK_ADD_OCONTEXT;
186 snprintf(buf, size, "%s %255s %lu %lu", iomem, scontext, low, high);
187 op.buf = buf;
188 op.size = size;
190 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
191 {
192 free(buf);
193 return err;
194 }
196 free(buf);
197 return 0;
199 }
201 int flask_add_device(xc_interface *xc_handle, unsigned long device, char *scontext)
202 {
203 int err;
204 flask_op_t op;
205 char *buf;
206 char *dev = OCON_DEVICE_STR;
207 int size = INITCONTEXTLEN + strlen(dev) + (sizeof(unsigned long)) +
208 (sizeof(char) * 3);
210 if ( (buf = (char *) malloc(size)) == NULL )
211 return -ENOMEM;
212 memset(buf, 0, size);
214 op.cmd = FLASK_ADD_OCONTEXT;
215 snprintf(buf, size, "%s %255s %lu", dev, scontext, device);
216 op.buf = buf;
217 op.size = size;
219 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
220 {
221 free(buf);
222 return err;
223 }
225 free(buf);
226 return 0;
228 }
230 int flask_del_pirq(xc_interface *xc_handle, unsigned int pirq)
231 {
232 int err;
233 flask_op_t op;
234 char *buf;
235 char *pirq_s = OCON_PIRQ_STR;
236 int size = strlen(pirq_s) + (sizeof(unsigned int)) +
237 (sizeof(char) * 2);
239 if ( (buf = (char *) malloc(size)) == NULL )
240 return -ENOMEM;
241 memset(buf, 0, size);
243 op.cmd = FLASK_DEL_OCONTEXT;
244 snprintf(buf, size, "%s %u", pirq_s, pirq);
245 op.buf = buf;
246 op.size = size;
248 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
249 {
250 free(buf);
251 return err;
252 }
254 free(buf);
255 return 0;
257 }
259 int flask_del_ioport(xc_interface *xc_handle, unsigned long low, unsigned long high)
260 {
261 int err;
262 flask_op_t op;
263 char *buf;
264 char *ioport = OCON_IOPORT_STR;
265 int size = strlen(ioport) + (sizeof(unsigned long) * 2) +
266 (sizeof(char) * 3);
268 if ( (buf = (char *) malloc(size)) == NULL )
269 return -ENOMEM;
270 memset(buf, 0, size);
272 op.cmd = FLASK_DEL_OCONTEXT;
273 snprintf(buf, size, "%s %lu %lu", ioport, low, high);
274 op.buf = buf;
275 op.size = size;
277 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
278 {
279 free(buf);
280 return err;
281 }
283 free(buf);
284 return 0;
286 }
288 int flask_del_iomem(xc_interface *xc_handle, unsigned long low, unsigned long high)
289 {
290 int err;
291 flask_op_t op;
292 char *buf;
293 char *iomem = OCON_IOMEM_STR;
294 int size = strlen(iomem) + (sizeof(unsigned long) * 2) +
295 (sizeof(char) * 3);
297 if ( (buf = (char *) malloc(size)) == NULL )
298 return -ENOMEM;
299 memset(buf, 0, size);
301 op.cmd = FLASK_DEL_OCONTEXT;
302 snprintf(buf, size, "%s %lu %lu", iomem, low, high);
303 op.buf = buf;
304 op.size = size;
306 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
307 {
308 free(buf);
309 return err;
310 }
312 free(buf);
313 return 0;
315 }
317 int flask_del_device(xc_interface *xc_handle, unsigned long device)
318 {
319 int err;
320 flask_op_t op;
321 char *buf;
322 char *dev = OCON_DEVICE_STR;
323 int size = strlen(dev) + (sizeof(unsigned long)) + (sizeof(char) * 2);
325 if ( (buf = (char *) malloc(size)) == NULL )
326 return -ENOMEM;
327 memset(buf, 0, size);
329 op.cmd = FLASK_DEL_OCONTEXT;
330 snprintf(buf, size, "%s %lu", dev, device);
331 op.buf = buf;
332 op.size = size;
334 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
335 {
336 free(buf);
337 return err;
338 }
340 free(buf);
341 return 0;
343 }
345 int flask_access(xc_interface *xc_handle, const char *scon, const char *tcon,
346 u_int16_t tclass, u_int32_t req,
347 u_int32_t *allowed, u_int32_t *decided,
348 u_int32_t *auditallow, u_int32_t *auditdeny,
349 u_int32_t *seqno)
350 {
351 /* maximum number of digits in a 16-bit decimal number: */
352 #define MAX_SHORT_DEC_LEN 5
354 char *buf;
355 int bufLen;
356 int err;
357 flask_op_t op;
358 u_int32_t dummy_allowed;
359 u_int32_t dummy_decided;
360 u_int32_t dummy_auditallow;
361 u_int32_t dummy_auditdeny;
362 u_int32_t dummy_seqno;
364 if (!allowed)
365 allowed = &dummy_allowed;
366 if (!decided)
367 decided = &dummy_decided;
368 if (!auditallow)
369 auditallow = &dummy_auditallow;
370 if (!auditdeny)
371 auditdeny = &dummy_auditdeny;
372 if (!seqno)
373 seqno = &dummy_seqno;
375 if (!scon)
376 return -EINVAL;
377 if (!tcon)
378 return -EINVAL;
380 bufLen = strlen(scon) + 1 + strlen(tcon) + 1 +
381 MAX_SHORT_DEC_LEN + 1 +
382 sizeof(req)*2 + 1;
383 buf = malloc(bufLen);
384 snprintf(buf, bufLen, "%s %s %hu %x", scon, tcon, tclass, req);
386 op.cmd = FLASK_ACCESS;
387 op.buf = buf;
388 op.size = strlen(buf)+1;
390 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
391 {
392 free(buf);
393 return err;
394 }
396 if (sscanf(op.buf, "%x %x %x %x %u",
397 allowed, decided,
398 auditallow, auditdeny,
399 seqno) != 5) {
400 err = -EILSEQ;
401 }
403 err = ((*allowed & req) == req)? 0 : -EPERM;
405 return err;
407 }
409 int flask_avc_hashstats(xc_interface *xc_handle, char *buf, int size)
410 {
411 int err;
412 flask_op_t op;
414 op.cmd = FLASK_AVC_HASHSTATS;
415 op.buf = buf;
416 op.size = size;
418 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
419 {
420 free(buf);
421 return err;
422 }
424 return 0;
425 }
427 int flask_avc_cachestats(xc_interface *xc_handle, char *buf, int size)
428 {
429 int err;
430 flask_op_t op;
432 op.cmd = FLASK_AVC_CACHESTATS;
433 op.buf = buf;
434 op.size = size;
436 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
437 {
438 free(buf);
439 return err;
440 }
442 return 0;
443 }
445 int flask_policyvers(xc_interface *xc_handle, char *buf, int size)
446 {
447 int err;
448 flask_op_t op;
450 op.cmd = FLASK_POLICYVERS;
451 op.buf = buf;
452 op.size = size;
454 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
455 {
456 free(buf);
457 return err;
458 }
460 return 0;
461 }
463 int flask_getavc_threshold(xc_interface *xc_handle)
464 {
465 int err;
466 flask_op_t op;
467 char buf[20];
468 int size = 20;
469 int threshold;
471 op.cmd = FLASK_GETAVC_THRESHOLD;
472 op.buf = buf;
473 op.size = size;
475 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
476 return err;
478 sscanf(buf, "%i", &threshold);
480 return threshold;
481 }
483 int flask_setavc_threshold(xc_interface *xc_handle, int threshold)
484 {
485 int err;
486 flask_op_t op;
487 char buf[20];
488 int size = 20;
490 op.cmd = FLASK_SETAVC_THRESHOLD;
491 op.buf = buf;
492 op.size = size;
494 snprintf(buf, size, "%i", threshold);
496 if ( (err = xc_flask_op(xc_handle, &op)) != 0 )
497 return err;
499 return 0;
500 }