1 /*
2  * Access vector cache interface for object managers.
3  *
4  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5  */
6 
7 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
8 
9 #ifndef _FLASK_AVC_H_
10 #define _FLASK_AVC_H_
11 
12 #include <xen/errno.h>
13 #include <xen/lib.h>
14 #include <xen/percpu.h>
15 #include <xen/spinlock.h>
16 
17 #include "flask.h"
18 #include "av_permissions.h"
19 #include "security.h"
20 
21 extern bool flask_enforcing;
22 
23 /*
24  * An entry in the AVC.
25  */
26 struct avc_entry;
27 
28 struct task_struct;
29 struct vfsmount;
30 struct dentry;
31 struct inode;
32 struct sock;
33 struct sk_buff;
34 
35 /* Auxiliary data to use in generating the audit record. */
36 struct avc_audit_data {
37     char    type;
38 #define AVC_AUDIT_DATA_NONE  0
39 #define AVC_AUDIT_DATA_DEV   1
40 #define AVC_AUDIT_DATA_IRQ   2
41 #define AVC_AUDIT_DATA_RANGE 3
42 #define AVC_AUDIT_DATA_MEMORY 4
43 #define AVC_AUDIT_DATA_DTDEV 5
44     const struct domain *sdom;
45     const struct domain *tdom;
46     union {
47         unsigned long device;
48         int irq;
49         struct {
50             unsigned long start;
51             unsigned long end;
52         } range;
53         struct {
54             unsigned long pte;
55             unsigned long mfn;
56         } memory;
57         const char *dtdev;
58     };
59 };
60 
61 /* Initialize an AVC audit data structure. */
62 #define AVC_AUDIT_DATA_INIT(_d,_t) \
63         { memset((_d), 0, sizeof(struct avc_audit_data)); \
64          (_d)->type = AVC_AUDIT_DATA_##_t; }
65 
66 /*
67  * AVC statistics
68  */
69 struct avc_cache_stats
70 {
71     unsigned int lookups;
72     unsigned int hits;
73     unsigned int misses;
74     unsigned int allocations;
75     unsigned int reclaims;
76     unsigned int frees;
77 };
78 
79 /*
80  * AVC operations
81  */
82 
83 void avc_init(void);
84 
85 void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
86         struct av_decision *avd, int result, struct avc_audit_data *auditdata);
87 
88 int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
89                                                      struct av_decision *avd);
90 
91 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,
92                                              struct avc_audit_data *auditdata);
93 
94 /* Exported to selinuxfs */
95 struct xen_flask_hash_stats;
96 int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
97 extern unsigned int avc_cache_threshold;
98 
99 #ifdef CONFIG_XSM_FLASK_AVC_STATS
100 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
101 #endif
102 
103 #endif /* _FLASK_AVC_H_ */
104 
105