Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/security/selinux/ss/conditional.h
10817 views
1
/* Authors: Karl MacMillan <[email protected]>

2
 *          Frank Mayer <[email protected]>

3
 *

4
 * Copyright (C) 2003 - 2004 Tresys Technology, LLC

5
 *	This program is free software; you can redistribute it and/or modify

6
 *  	it under the terms of the GNU General Public License as published by

7
 *	the Free Software Foundation, version 2.

8
 */

9


10
#ifndef _CONDITIONAL_H_

11
#define _CONDITIONAL_H_

12


13
#include "avtab.h"

14
#include "symtab.h"

15
#include "policydb.h"

16


17
#define COND_EXPR_MAXDEPTH 10

18


19
/*

20
 * A conditional expression is a list of operators and operands

21
 * in reverse polish notation.

22
 */

23
struct cond_expr {

24
#define COND_BOOL	1 /* plain bool */

25
#define COND_NOT	2 /* !bool */

26
#define COND_OR		3 /* bool || bool */

27
#define COND_AND	4 /* bool && bool */

28
#define COND_XOR	5 /* bool ^ bool */

29
#define COND_EQ		6 /* bool == bool */

30
#define COND_NEQ	7 /* bool != bool */

31
#define COND_LAST	COND_NEQ

32
	__u32 expr_type;

33
	__u32 bool;

34
	struct cond_expr *next;

35
};

36


37
/*

38
 * Each cond_node contains a list of rules to be enabled/disabled

39
 * depending on the current value of the conditional expression. This

40
 * struct is for that list.

41
 */

42
struct cond_av_list {

43
	struct avtab_node *node;

44
	struct cond_av_list *next;

45
};

46


47
/*

48
 * A cond node represents a conditional block in a policy. It

49
 * contains a conditional expression, the current state of the expression,

50
 * two lists of rules to enable/disable depending on the value of the

51
 * expression (the true list corresponds to if and the false list corresponds

52
 * to else)..

53
 */

54
struct cond_node {

55
	int cur_state;

56
	struct cond_expr *expr;

57
	struct cond_av_list *true_list;

58
	struct cond_av_list *false_list;

59
	struct cond_node *next;

60
};

61


62
int cond_policydb_init(struct policydb *p);

63
void cond_policydb_destroy(struct policydb *p);

64


65
int cond_init_bool_indexes(struct policydb *p);

66
int cond_destroy_bool(void *key, void *datum, void *p);

67


68
int cond_index_bool(void *key, void *datum, void *datap);

69


70
int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);

71
int cond_read_list(struct policydb *p, void *fp);

72
int cond_write_bool(void *key, void *datum, void *ptr);

73
int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);

74


75
void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd);

76


77
int evaluate_cond_node(struct policydb *p, struct cond_node *node);

78


79
#endif /* _CONDITIONAL_H_ */

80


81