1 files changed, 137 insertions, 0 deletions
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
new file mode 100644
index 000000000000..960ef18ddc41
--- /dev/null
+++ b/security/selinux/include/avc.h
@@ -0,0 +1,137 @@
+/*
+ * Access vector cache interface for object managers.
+ *
+ * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
+ */
+#ifndef _SELINUX_AVC_H_
+#define _SELINUX_AVC_H_
+#include <linux/stddef.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/kdev_t.h>
+#include <linux/spinlock.h>
+#include <linux/init.h>
+#include <linux/in6.h>
+#include <asm/system.h>
+#include "flask.h"
+#include "av_permissions.h"
+#include "security.h"
+#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
+extern int selinux_enforcing;
+#else
+#define selinux_enforcing 1
+#endif
+/*
+ * An entry in the AVC.
+ */
+struct avc_entry;
+struct task_struct;
+struct vfsmount;
+struct dentry;
+struct inode;
+struct sock;
+struct sk_buff;
+/* Auxiliary data to use in generating the audit record. */
+struct avc_audit_data {
+        char    type;
+#define AVC_AUDIT_DATA_FS   1
+#define AVC_AUDIT_DATA_NET  2
+#define AVC_AUDIT_DATA_CAP  3
+#define AVC_AUDIT_DATA_IPC  4
+        struct task_struct *tsk;
+        union   {
+                struct {
+                        struct vfsmount *mnt;
+                        struct dentry *dentry;
+                        struct inode *inode;
+                } fs;
+                struct {
+                        char *netif;
+                        struct sock *sk;
+                        u16 family;
+                        u16 dport;
+                        u16 sport;
+                        union {
+                                struct {
+                                        u32 daddr;
+                                        u32 saddr;
+                                } v4;
+                                struct {
+                                        struct in6_addr daddr;
+                                        struct in6_addr saddr;
+                                } v6;
+                        } fam;
+                } net;
+                int cap;
+                int ipc_id;
+        } u;
+};
+#define v4info fam.v4
+#define v6info fam.v6
+/* Initialize an AVC audit data structure. */
+#define AVC_AUDIT_DATA_INIT(_d,_t) \
+        { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
+/*
+ * AVC statistics
+ */
+struct avc_cache_stats
+{
+        unsigned int lookups;
+        unsigned int hits;
+        unsigned int misses;
+        unsigned int allocations;
+        unsigned int reclaims;
+        unsigned int frees;
+};
+/*
+ * AVC operations
+ */
+void __init avc_init(void);
+void avc_audit(u32 ssid, u32 tsid,
+               u16 tclass, u32 requested,
+               struct av_decision *avd, int result, struct avc_audit_data *auditdata);
+int avc_has_perm_noaudit(u32 ssid, u32 tsid,
+                         u16 tclass, u32 requested,
+                         struct av_decision *avd);
+int avc_has_perm(u32 ssid, u32 tsid,
+                 u16 tclass, u32 requested,
+                 struct avc_audit_data *auditdata);
+#define AVC_CALLBACK_GRANT              1
+#define AVC_CALLBACK_TRY_REVOKE         2
+#define AVC_CALLBACK_REVOKE             4
+#define AVC_CALLBACK_RESET              8
+#define AVC_CALLBACK_AUDITALLOW_ENABLE  16
+#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
+#define AVC_CALLBACK_AUDITDENY_ENABLE   64
+#define AVC_CALLBACK_AUDITDENY_DISABLE  128
+int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
+                                     u16 tclass, u32 perms,
+                                     u32 *out_retained),
+                     u32 events, u32 ssid, u32 tsid,
+                     u16 tclass, u32 perms);
+/* Exported to selinuxfs */
+int avc_get_hash_stats(char *page);
+extern unsigned int avc_cache_threshold;
+#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
+DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
+#endif
+#endif /* _SELINUX_AVC_H_ */

diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h new file mode 100644 index 000000000000..960ef18ddc41 --- /dev/null +++ b/security/selinux/include/avc.h
@@ -0,0 +1,137 @@
	1	/*
	2	* Access vector cache interface for object managers.
	3	*
	4	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
	5	*/
	6	#ifndef _SELINUX_AVC_H_
	7	#define _SELINUX_AVC_H_
	8
	9	#include <linux/stddef.h>
	10	#include <linux/errno.h>
	11	#include <linux/kernel.h>
	12	#include <linux/kdev_t.h>
	13	#include <linux/spinlock.h>
	14	#include <linux/init.h>
	15	#include <linux/in6.h>
	16	#include <asm/system.h>
	17	#include "flask.h"
	18	#include "av_permissions.h"
	19	#include "security.h"
	20
	21	#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
	22	extern int selinux_enforcing;
	23	#else
	24	#define selinux_enforcing 1
	25	#endif
	26
	27	/*
	28	* An entry in the AVC.
	29	*/
	30	struct avc_entry;
	31
	32	struct task_struct;
	33	struct vfsmount;
	34	struct dentry;
	35	struct inode;
	36	struct sock;
	37	struct sk_buff;
	38
	39	/* Auxiliary data to use in generating the audit record. */
	40	struct avc_audit_data {
	41	char type;
	42	#define AVC_AUDIT_DATA_FS 1
	43	#define AVC_AUDIT_DATA_NET 2
	44	#define AVC_AUDIT_DATA_CAP 3
	45	#define AVC_AUDIT_DATA_IPC 4
	46	struct task_struct *tsk;
	47	union {
	48	struct {
	49	struct vfsmount *mnt;
	50	struct dentry *dentry;
	51	struct inode *inode;
	52	} fs;
	53	struct {
	54	char *netif;
	55	struct sock *sk;
	56	u16 family;
	57	u16 dport;
	58	u16 sport;
	59	union {
	60	struct {
	61	u32 daddr;
	62	u32 saddr;
	63	} v4;
	64	struct {
	65	struct in6_addr daddr;
	66	struct in6_addr saddr;
	67	} v6;
	68	} fam;
	69	} net;
	70	int cap;
	71	int ipc_id;
	72	} u;
	73	};
	74
	75	#define v4info fam.v4
	76	#define v6info fam.v6
	77
	78	/* Initialize an AVC audit data structure. */
	79	#define AVC_AUDIT_DATA_INIT(_d,_t) \
	80	{ memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
	81
	82	/*
	83	* AVC statistics
	84	*/
	85	struct avc_cache_stats
	86	{
	87	unsigned int lookups;
	88	unsigned int hits;
	89	unsigned int misses;
	90	unsigned int allocations;
	91	unsigned int reclaims;
	92	unsigned int frees;
	93	};
	94
	95	/*
	96	* AVC operations
	97	*/
	98
	99	void __init avc_init(void);
	100
	101	void avc_audit(u32 ssid, u32 tsid,
	102	u16 tclass, u32 requested,
	103	struct av_decision avd, int result, struct avc_audit_data auditdata);
	104
	105	int avc_has_perm_noaudit(u32 ssid, u32 tsid,
	106	u16 tclass, u32 requested,
	107	struct av_decision *avd);
	108
	109	int avc_has_perm(u32 ssid, u32 tsid,
	110	u16 tclass, u32 requested,
	111	struct avc_audit_data *auditdata);
	112
	113	#define AVC_CALLBACK_GRANT 1
	114	#define AVC_CALLBACK_TRY_REVOKE 2
	115	#define AVC_CALLBACK_REVOKE 4
	116	#define AVC_CALLBACK_RESET 8
	117	#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
	118	#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
	119	#define AVC_CALLBACK_AUDITDENY_ENABLE 64
	120	#define AVC_CALLBACK_AUDITDENY_DISABLE 128
	121
	122	int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
	123	u16 tclass, u32 perms,
	124	u32 *out_retained),
	125	u32 events, u32 ssid, u32 tsid,
	126	u16 tclass, u32 perms);
	127
	128	/* Exported to selinuxfs */
	129	int avc_get_hash_stats(char *page);
	130	extern unsigned int avc_cache_threshold;
	131
	132	#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
	133	DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
	134	#endif
	135
	136	#endif /* _SELINUX_AVC_H_ */
	137