Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/selinux/ss/avtab.h 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) /* SPDX-License-Identifier: GPL-2.0-only */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * An access vector table (avtab) is a hash table
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * of access vectors and transition types indexed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * by a type pair and a class.  An access vector
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * table is used to represent the type enforcement
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * tables.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *  Author : Stephen Smalley, <sds@tycho.nsa.gov>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  * 	Added conditional policy language extensions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  * Copyright (C) 2003 Tresys Technology, LLC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18)  * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19)  * 	Tuned number of hash slots for avtab to reduce memory usage
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) #ifndef _SS_AVTAB_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #define _SS_AVTAB_H_
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) #include "security.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) struct avtab_key {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	u16 source_type;	/* source type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	u16 target_type;	/* target type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	u16 target_class;	/* target object class */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #define AVTAB_ALLOWED		0x0001
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) #define AVTAB_AUDITALLOW	0x0002
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) #define AVTAB_AUDITDENY		0x0004
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) #define AVTAB_AV		(AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) #define AVTAB_TRANSITION	0x0010
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) #define AVTAB_MEMBER		0x0020
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) #define AVTAB_CHANGE		0x0040
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) #define AVTAB_TYPE		(AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) /* extended permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) #define AVTAB_XPERMS_ALLOWED	0x0100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) #define AVTAB_XPERMS_AUDITALLOW	0x0200
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) #define AVTAB_XPERMS_DONTAUDIT	0x0400
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) #define AVTAB_XPERMS		(AVTAB_XPERMS_ALLOWED | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 				AVTAB_XPERMS_AUDITALLOW | \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 				AVTAB_XPERMS_DONTAUDIT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) #define AVTAB_ENABLED_OLD   0x80000000 /* reserved for used in cond_avtab */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) #define AVTAB_ENABLED		0x8000 /* reserved for used in cond_avtab */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	u16 specified;	/* what field is specified */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51)  * For operations that require more than the 32 permissions provided by the avc
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  * extended permissions may be used to provide 256 bits of permissions.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) struct avtab_extended_perms {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) /* These are not flags. All 256 values may be used */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) #define AVTAB_XPERMS_IOCTLFUNCTION	0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) #define AVTAB_XPERMS_IOCTLDRIVER	0x02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	/* extension of the avtab_key specified */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 	u8 specified; /* ioctl, netfilter, ... */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	/*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 	 * if 256 bits is not adequate as is often the case with ioctls, then
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	 * multiple extended perms may be used and the driver field
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	 * specifies which permissions are included.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	u8 driver;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	/* 256 bits of permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	struct extended_perms_data perms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) struct avtab_datum {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 		u32 data; /* access vector or type value */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 		struct avtab_extended_perms *xperms;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	} u;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) struct avtab_node {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	struct avtab_key key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	struct avtab_datum datum;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	struct avtab_node *next;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) struct avtab {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	struct avtab_node **htable;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	u32 nel;	/* number of elements */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	u32 nslot;      /* number of hash slots */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	u32 mask;       /* mask to compute hash func */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) void avtab_init(struct avtab *h);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) int avtab_alloc(struct avtab *, u32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) void avtab_destroy(struct avtab *h);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) void avtab_hash_eval(struct avtab *h, char *tag);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) struct policydb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		    int (*insert)(struct avtab *a, struct avtab_key *k,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 				  struct avtab_datum *d, void *p),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		    void *p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) int avtab_write(struct policydb *p, struct avtab *a, void *fp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 					  struct avtab_datum *datum);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) #define MAX_AVTAB_HASH_BITS 16
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) #endif	/* _SS_AVTAB_H_ */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.