Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/selinux/include/avc.h
26439 views
1
/* SPDX-License-Identifier: GPL-2.0 */

2
/*

3
 * Access vector cache interface for object managers.

4
 *

5
 * Author : Stephen Smalley, <[email protected]>

6
 */

7


8
#ifndef _SELINUX_AVC_H_

9
#define _SELINUX_AVC_H_

10


11
#include <linux/stddef.h>

12
#include <linux/errno.h>

13
#include <linux/kernel.h>

14
#include <linux/kdev_t.h>

15
#include <linux/spinlock.h>

16
#include <linux/init.h>

17
#include <linux/audit.h>

18
#include <linux/lsm_audit.h>

19
#include <linux/in6.h>

20
#include "flask.h"

21
#include "av_permissions.h"

22
#include "security.h"

23


24
/*

25
 * An entry in the AVC.

26
 */

27
struct avc_entry;

28


29
struct task_struct;

30
struct inode;

31
struct sock;

32
struct sk_buff;

33


34
/*

35
 * AVC statistics

36
 */

37
struct avc_cache_stats {

38
	unsigned int lookups;

39
	unsigned int misses;

40
	unsigned int allocations;

41
	unsigned int reclaims;

42
	unsigned int frees;

43
};

44


45
/*

46
 * We only need this data after we have decided to send an audit message.

47
 */

48
struct selinux_audit_data {

49
	u32 ssid;

50
	u32 tsid;

51
	u16 tclass;

52
	u32 requested;

53
	u32 audited;

54
	u32 denied;

55
	int result;

56
} __randomize_layout;

57


58
/*

59
 * AVC operations

60
 */

61


62
void __init avc_init(void);

63


64
static inline u32 avc_audit_required(u32 requested, struct av_decision *avd,

65
				     int result, u32 auditdeny, u32 *deniedp)

66
{

67
	u32 denied, audited;

68


69
	if (avd->flags & AVD_FLAGS_NEVERAUDIT)

70
		return 0;

71


72
	denied = requested & ~avd->allowed;

73
	if (unlikely(denied)) {

74
		audited = denied & avd->auditdeny;

75
		/*

76
		 * auditdeny is TRICKY!  Setting a bit in

77
		 * this field means that ANY denials should NOT be audited if

78
		 * the policy contains an explicit dontaudit rule for that

79
		 * permission.  Take notice that this is unrelated to the

80
		 * actual permissions that were denied.  As an example lets

81
		 * assume:

82
		 *

83
		 * denied == READ

84
		 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)

85
		 * auditdeny & ACCESS == 1

86
		 *

87
		 * We will NOT audit the denial even though the denied

88
		 * permission was READ and the auditdeny checks were for

89
		 * ACCESS

90
		 */

91
		if (auditdeny && !(auditdeny & avd->auditdeny))

92
			audited = 0;

93
	} else if (result)

94
		audited = denied = requested;

95
	else

96
		audited = requested & avd->auditallow;

97
	*deniedp = denied;

98
	return audited;

99
}

100


101
int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested, u32 audited,

102
		   u32 denied, int result, struct common_audit_data *a);

103


104
/**

105
 * avc_audit - Audit the granting or denial of permissions.

106
 * @ssid: source security identifier

107
 * @tsid: target security identifier

108
 * @tclass: target security class

109
 * @requested: requested permissions

110
 * @avd: access vector decisions

111
 * @result: result from avc_has_perm_noaudit

112
 * @a:  auxiliary audit data

113
 *

114
 * Audit the granting or denial of permissions in accordance

115
 * with the policy.  This function is typically called by

116
 * avc_has_perm() after a permission check, but can also be

117
 * called directly by callers who use avc_has_perm_noaudit()

118
 * in order to separate the permission check from the auditing.

119
 * For example, this separation is useful when the permission check must

120
 * be performed under a lock, to allow the lock to be released

121
 * before calling the auditing code.

122
 */

123
static inline int avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,

124
			    struct av_decision *avd, int result,

125
			    struct common_audit_data *a)

126
{

127
	u32 audited, denied;

128
	audited = avc_audit_required(requested, avd, result, 0, &denied);

129
	if (likely(!audited))

130
		return 0;

131
	return slow_avc_audit(ssid, tsid, tclass, requested, audited, denied,

132
			      result, a);

133
}

134


135
#define AVC_STRICT	   1 /* Ignore permissive mode. */

136
#define AVC_EXTENDED_PERMS 2 /* update extended permissions */

137
int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,

138
			 unsigned int flags, struct av_decision *avd);

139


140
int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,

141
		 struct common_audit_data *auditdata);

142


143
#define AVC_EXT_IOCTL	(1 << 0) /* Cache entry for an ioctl extended permission */

144
#define AVC_EXT_NLMSG	(1 << 1) /* Cache entry for an nlmsg extended permission */

145
int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,

146
			   u8 driver, u8 base_perm, u8 perm,

147
			   struct common_audit_data *ad);

148


149
u32 avc_policy_seqno(void);

150


151
#define AVC_CALLBACK_GRANT		1

152
#define AVC_CALLBACK_TRY_REVOKE		2

153
#define AVC_CALLBACK_REVOKE		4

154
#define AVC_CALLBACK_RESET		8

155
#define AVC_CALLBACK_AUDITALLOW_ENABLE	16

156
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32

157
#define AVC_CALLBACK_AUDITDENY_ENABLE	64

158
#define AVC_CALLBACK_AUDITDENY_DISABLE	128

159
#define AVC_CALLBACK_ADD_XPERMS		256

160


161
int avc_add_callback(int (*callback)(u32 event), u32 events);

162


163
/* Exported to selinuxfs */

164
int avc_get_hash_stats(char *page);

165
unsigned int avc_get_cache_threshold(void);

166
void avc_set_cache_threshold(unsigned int cache_threshold);

167


168
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS

169
DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);

170
#endif

171


172
#endif /* _SELINUX_AVC_H_ */

173


174