debuggers.hg

view xen/xsm/flask/include/avc.h @ 0:7d21f7218375

Exact replica of unstable on 051908 + README-this
author Mukesh Rathor
date Mon May 19 15:34:57 2008 -0700 (2008-05-19)
parents
children 5c0bf00e371d
line source
1 /*
2 * Access vector cache interface for object managers.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
7 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
9 #ifndef _FLASK_AVC_H_
10 #define _FLASK_AVC_H_
12 #include <xen/errno.h>
13 #include <xen/lib.h>
14 #include <xen/spinlock.h>
15 #include <asm/percpu.h>
16 #include "flask.h"
17 #include "av_permissions.h"
18 #include "security.h"
20 #ifdef FLASK_DEVELOP
21 extern int flask_enforcing;
22 #else
23 #define flask_enforcing 1
24 #endif
26 /*
27 * An entry in the AVC.
28 */
29 struct avc_entry;
31 struct task_struct;
32 struct vfsmount;
33 struct dentry;
34 struct inode;
35 struct sock;
36 struct sk_buff;
38 /* Auxiliary data to use in generating the audit record. */
39 struct avc_audit_data {
40 char type;
41 #define AVC_AUDIT_DATA_FS 1
42 #define AVC_AUDIT_DATA_NET 2
43 #define AVC_AUDIT_DATA_CAP 3
44 #define AVC_AUDIT_DATA_IPC 4
45 struct domain *d;
46 };
48 #define v4info fam.v4
49 #define v6info fam.v6
51 /* Initialize an AVC audit data structure. */
52 #define AVC_AUDIT_DATA_INIT(_d,_t) \
53 { memset((_d), 0, sizeof(struct avc_audit_data)); \
54 (_d)->type = AVC_AUDIT_DATA_##_t; }
56 /*
57 * AVC statistics
58 */
59 struct avc_cache_stats
60 {
61 unsigned int lookups;
62 unsigned int hits;
63 unsigned int misses;
64 unsigned int allocations;
65 unsigned int reclaims;
66 unsigned int frees;
67 };
69 /*
70 * AVC operations
71 */
73 void avc_init(void);
75 void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
76 struct av_decision *avd, int result, struct avc_audit_data *auditdata);
78 int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
79 struct av_decision *avd);
81 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,
82 struct avc_audit_data *auditdata);
84 #define AVC_CALLBACK_GRANT 1
85 #define AVC_CALLBACK_TRY_REVOKE 2
86 #define AVC_CALLBACK_REVOKE 4
87 #define AVC_CALLBACK_RESET 8
88 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
89 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
90 #define AVC_CALLBACK_AUDITDENY_ENABLE 64
91 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
93 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
94 u16 tclass, u32 perms, u32 *out_retained), u32 events,
95 u32 ssid, u32 tsid, u16 tclass, u32 perms);
97 /* Exported to selinuxfs */
98 int avc_get_hash_stats(char *page);
99 extern unsigned int avc_cache_threshold;
101 #ifdef FLASK_AVC_STATS
102 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
103 #endif
105 #endif /* _FLASK_AVC_H_ */