Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / kernel / linux / v4.14 / security / selinux / include / avc.h
blob: 57d61cf36500f87ad217ccbfec942116f16654f7 [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * Access vector cache interface for object managers.
4 *
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
6 */
7#ifndef _SELINUX_AVC_H_
8#define _SELINUX_AVC_H_
9
10#include <linux/stddef.h>
11#include <linux/errno.h>
12#include <linux/kernel.h>
13#include <linux/kdev_t.h>
14#include <linux/spinlock.h>
15#include <linux/init.h>
16#include <linux/audit.h>
17#include <linux/lsm_audit.h>
18#include <linux/in6.h>
19#include "flask.h"
20#include "av_permissions.h"
21#include "security.h"
22
23#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
24extern int selinux_enforcing;
25#else
26#define selinux_enforcing 1
27#endif
28
29/*
30 * An entry in the AVC.
31 */
32struct avc_entry;
33
34struct task_struct;
35struct inode;
36struct sock;
37struct sk_buff;
38
39/*
40 * AVC statistics
41 */
42struct avc_cache_stats {
43 unsigned int lookups;
44 unsigned int misses;
45 unsigned int allocations;
46 unsigned int reclaims;
47 unsigned int frees;
48};
49
50/*
51 * We only need this data after we have decided to send an audit message.
52 */
53struct selinux_audit_data {
54 u32 ssid;
55 u32 tsid;
56 u16 tclass;
57 u32 requested;
58 u32 audited;
59 u32 denied;
60 int result;
61};
62
63/*
64 * AVC operations
65 */
66
67void __init avc_init(void);
68
69static inline u32 avc_audit_required(u32 requested,
70 struct av_decision *avd,
71 int result,
72 u32 auditdeny,
73 u32 *deniedp)
74{
75 u32 denied, audited;
76 denied = requested & ~avd->allowed;
77 if (unlikely(denied)) {
78 audited = denied & avd->auditdeny;
79 /*
80 * auditdeny is TRICKY! Setting a bit in
81 * this field means that ANY denials should NOT be audited if
82 * the policy contains an explicit dontaudit rule for that
83 * permission. Take notice that this is unrelated to the
84 * actual permissions that were denied. As an example lets
85 * assume:
86 *
87 * denied == READ
88 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
89 * auditdeny & ACCESS == 1
90 *
91 * We will NOT audit the denial even though the denied
92 * permission was READ and the auditdeny checks were for
93 * ACCESS
94 */
95 if (auditdeny && !(auditdeny & avd->auditdeny))
96 audited = 0;
97 } else if (result)
98 audited = denied = requested;
99 else
100 audited = requested & avd->auditallow;
101 *deniedp = denied;
102 return audited;
103}
104
105int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
106 u32 requested, u32 audited, u32 denied, int result,
107 struct common_audit_data *a,
108 unsigned flags);
109
110/**
111 * avc_audit - Audit the granting or denial of permissions.
112 * @ssid: source security identifier
113 * @tsid: target security identifier
114 * @tclass: target security class
115 * @requested: requested permissions
116 * @avd: access vector decisions
117 * @result: result from avc_has_perm_noaudit
118 * @a: auxiliary audit data
119 * @flags: VFS walk flags
120 *
121 * Audit the granting or denial of permissions in accordance
122 * with the policy. This function is typically called by
123 * avc_has_perm() after a permission check, but can also be
124 * called directly by callers who use avc_has_perm_noaudit()
125 * in order to separate the permission check from the auditing.
126 * For example, this separation is useful when the permission check must
127 * be performed under a lock, to allow the lock to be released
128 * before calling the auditing code.
129 */
130static inline int avc_audit(u32 ssid, u32 tsid,
131 u16 tclass, u32 requested,
132 struct av_decision *avd,
133 int result,
134 struct common_audit_data *a,
135 int flags)
136{
137 u32 audited, denied;
138 audited = avc_audit_required(requested, avd, result, 0, &denied);
139 if (likely(!audited))
140 return 0;
141 return slow_avc_audit(ssid, tsid, tclass,
142 requested, audited, denied, result,
143 a, flags);
144}
145
146#define AVC_STRICT 1 /* Ignore permissive mode. */
147#define AVC_EXTENDED_PERMS 2 /* update extended permissions */
148int avc_has_perm_noaudit(u32 ssid, u32 tsid,
149 u16 tclass, u32 requested,
150 unsigned flags,
151 struct av_decision *avd);
152
153int avc_has_perm(u32 ssid, u32 tsid,
154 u16 tclass, u32 requested,
155 struct common_audit_data *auditdata);
156int avc_has_perm_flags(u32 ssid, u32 tsid,
157 u16 tclass, u32 requested,
158 struct common_audit_data *auditdata,
159 int flags);
160
161int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
162 u8 driver, u8 perm, struct common_audit_data *ad);
163
164
165u32 avc_policy_seqno(void);
166
167#define AVC_CALLBACK_GRANT 1
168#define AVC_CALLBACK_TRY_REVOKE 2
169#define AVC_CALLBACK_REVOKE 4
170#define AVC_CALLBACK_RESET 8
171#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
172#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
173#define AVC_CALLBACK_AUDITDENY_ENABLE 64
174#define AVC_CALLBACK_AUDITDENY_DISABLE 128
175#define AVC_CALLBACK_ADD_XPERMS 256
176
177int avc_add_callback(int (*callback)(u32 event), u32 events);
178
179/* Exported to selinuxfs */
180int avc_get_hash_stats(char *page);
181extern unsigned int avc_cache_threshold;
182
183/* Attempt to free avc node cache */
184void avc_disable(void);
185
186#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
187DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
188#endif
189
190#endif /* _SELINUX_AVC_H_ */
191