1 /*
2  * A policy database (policydb) specifies the
3  * configuration data for the security policy.
4  *
5  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
6  */
7 
8 /*
9  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
10  *
11  *    Support for enhanced MLS infrastructure.
12  *
13  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
14  *
15  *     Added conditional policy language extensions
16  *
17  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
18  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
19  *    This program is free software; you can redistribute it and/or modify
20  *      it under the terms of the GNU General Public License as published by
21  *    the Free Software Foundation, version 2.
22  */
23 
24 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
25 
26 #ifndef _SS_POLICYDB_H_
27 #define _SS_POLICYDB_H_
28 
29 #include "symtab.h"
30 #include "avtab.h"
31 #include "sidtab.h"
32 #include "context.h"
33 #include "constraint.h"
34 
35 /*
36  * A datum type is defined for each kind of symbol
37  * in the configuration data:  individual permissions,
38  * common prefixes for access vectors, classes,
39  * users, roles, types, sensitivities, categories, etc.
40  */
41 
42 /* Permission attributes */
43 struct perm_datum {
44     u32 value;        /* permission bit + 1 */
45 };
46 
47 /* Attributes of a common prefix for access vectors */
48 struct common_datum {
49     u32 value;            /* internal common value */
50     struct symtab permissions;    /* common permissions */
51 };
52 
53 /* Class attributes */
54 struct class_datum {
55     u32 value;            /* class value */
56     char *comkey;            /* common name */
57     struct common_datum *comdatum;    /* common datum */
58     struct symtab permissions;    /* class-specific permission symbol table */
59     struct constraint_node *constraints;    /* constraints on class permissions */
60     struct constraint_node *validatetrans;    /* special transition rules */
61 };
62 
63 /* Role attributes */
64 struct role_datum {
65     u32 value;            /* internal role value */
66     u32 bounds;			/* boundary of role */
67     struct ebitmap dominates;    /* set of roles dominated by this role */
68     struct ebitmap types;        /* set of authorized types for role */
69 };
70 
71 struct role_trans {
72     u32 role;        /* current role */
73     u32 type;        /* program executable type */
74     u32 new_role;        /* new role */
75     struct role_trans *next;
76 };
77 
78 struct role_allow {
79     u32 role;        /* current role */
80     u32 new_role;        /* new role */
81     struct role_allow *next;
82 };
83 
84 /* Type attributes */
85 struct type_datum {
86     u32 value;        /* internal type value */
87     u32 bounds;		/* boundary of type */
88     unsigned char primary;    /* primary name? */
89     unsigned char attribute;/* attribute ?*/
90 };
91 
92 /*
93  * type_datum properties
94  * available at the kernel policy version >= POLICYDB_VERSION_BOUNDARY
95  */
96 #define TYPEDATUM_PROPERTY_PRIMARY	0x0001
97 #define TYPEDATUM_PROPERTY_ATTRIBUTE	0x0002
98 
99 /* limitation of boundary depth  */
100 #define POLICYDB_BOUNDS_MAXDEPTH	4
101 
102 /* User attributes */
103 struct user_datum {
104     u32 value;            /* internal user value */
105     u32 bounds;			/* bounds of user */
106     struct ebitmap roles;        /* set of authorized roles for user */
107     struct mls_range range;        /* MLS range (min - max) for user */
108     struct mls_level dfltlevel;    /* default login MLS level for user */
109 };
110 
111 
112 /* Sensitivity attributes */
113 struct level_datum {
114     struct mls_level *level;    /* sensitivity and associated categories */
115     unsigned char isalias;    /* is this sensitivity an alias for another? */
116 };
117 
118 /* Category attributes */
119 struct cat_datum {
120     u32 value;        /* internal category bit + 1 */
121     unsigned char isalias;  /* is this category an alias for another? */
122 };
123 
124 struct range_trans {
125     u32 source_type;
126     u32 target_type;
127     u32 target_class;
128     struct mls_range target_range;
129     struct range_trans *next;
130 };
131 
132 /* Boolean data type */
133 struct cond_bool_datum {
134     __u32 value;        /* internal type value */
135     int state;
136 };
137 
138 struct cond_node;
139 
140 /*
141  * The configuration data includes security contexts for
142  * initial SIDs, unlabeled file systems, TCP and UDP port numbers,
143  * network interfaces, and nodes.  This structure stores the
144  * relevant data for one such entry.  Entries of the same kind
145  * (e.g. all initial SIDs) are linked together into a list.
146  */
147 struct ocontext {
148     union {
149         char *name;    /* name of initial SID, fs, netif, fstype, path */
150         u16 pirq;
151         u32 device;
152         struct {
153                 u32 low_ioport;
154                 u32 high_ioport;
155         } ioport;
156         struct {
157                 u64 low_iomem;
158                 u64 high_iomem;
159         } iomem;
160     } u;
161     struct context context;
162     u32 sid;
163     struct ocontext *next;
164 };
165 
166 /* symbol table array indices */
167 #define SYM_COMMONS 0
168 #define SYM_CLASSES 1
169 #define SYM_ROLES   2
170 #define SYM_TYPES   3
171 #define SYM_USERS   4
172 #define SYM_BOOLS   5
173 #define SYM_LEVELS  6
174 #define SYM_CATS    7
175 #define SYM_NUM     8
176 
177 /* object context array indices */
178 #define OCON_ISID    0    /* initial SIDs */
179 #define OCON_PIRQ    1    /* physical irqs */
180 #define OCON_IOPORT  2    /* io ports */
181 #define OCON_IOMEM   3    /* io memory */
182 #define OCON_DEVICE  4    /* pci devices */
183 #define OCON_DTREE   5    /* device tree nodes */
184 #define OCON_NUM     6
185 #define OCON_NUM_OLD 7
186 
187 /* The policy database */
188 struct policydb {
189     /* symbol tables */
190     struct symtab symtab[SYM_NUM];
191 #define p_commons symtab[SYM_COMMONS]
192 #define p_classes symtab[SYM_CLASSES]
193 #define p_roles symtab[SYM_ROLES]
194 #define p_types symtab[SYM_TYPES]
195 #define p_users symtab[SYM_USERS]
196 #define p_bools symtab[SYM_BOOLS]
197 #define p_levels symtab[SYM_LEVELS]
198 #define p_cats symtab[SYM_CATS]
199 
200     /* symbol names indexed by (value - 1) */
201     char **sym_val_to_name[SYM_NUM];
202 #define p_common_val_to_name sym_val_to_name[SYM_COMMONS]
203 #define p_class_val_to_name sym_val_to_name[SYM_CLASSES]
204 #define p_role_val_to_name sym_val_to_name[SYM_ROLES]
205 #define p_type_val_to_name sym_val_to_name[SYM_TYPES]
206 #define p_user_val_to_name sym_val_to_name[SYM_USERS]
207 #define p_bool_val_to_name sym_val_to_name[SYM_BOOLS]
208 #define p_sens_val_to_name sym_val_to_name[SYM_LEVELS]
209 #define p_cat_val_to_name sym_val_to_name[SYM_CATS]
210 
211     /* class, role, and user attributes indexed by (value - 1) */
212     struct class_datum **class_val_to_struct;
213     struct role_datum **role_val_to_struct;
214     struct user_datum **user_val_to_struct;
215     struct type_datum **type_val_to_struct;
216 
217     /* type enforcement access vectors and transitions */
218     struct avtab te_avtab;
219 
220     /* role transitions */
221     struct role_trans *role_tr;
222 
223     /* bools indexed by (value - 1) */
224     struct cond_bool_datum **bool_val_to_struct;
225     /* type enforcement conditional access vectors and transitions */
226     struct avtab te_cond_avtab;
227     /* linked list indexing te_cond_avtab by conditional */
228     struct cond_node* cond_list;
229 
230     /* role allows */
231     struct role_allow *role_allow;
232 
233     /* security contexts of initial SIDs, unlabeled file systems,
234        TCP or UDP port numbers, network interfaces and nodes */
235     struct ocontext *ocontexts[OCON_NUM];
236 
237     /* range transitions */
238     struct range_trans *range_tr;
239 
240     /* type -> attribute reverse mapping */
241     struct ebitmap *type_attr_map;
242 
243     struct ebitmap policycaps;
244 
245     struct ebitmap permissive_map;
246 
247     unsigned int policyvers;
248 
249     unsigned int allow_unknown : 1;
250 
251     u16 target_type;
252 };
253 
254 extern void policydb_destroy(struct policydb *p);
255 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
256 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
257 extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
258 extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
259 extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
260 extern int policydb_read(struct policydb *p, void *fp);
261 
262 #define PERM_SYMTAB_SIZE 32
263 
264 #define POLICYDB_CONFIG_MLS    1
265 
266 /* the config flags related to unknown classes/perms are bits 2 and 3 */
267 #define REJECT_UNKNOWN 0x00000002
268 #define ALLOW_UNKNOWN  0x00000004
269 
270 #define OBJECT_R "object_r"
271 #define OBJECT_R_VAL 1
272 
273 #define POLICYDB_MAGIC FLASK_MAGIC
274 #define POLICYDB_STRING "XenFlask"
275 #define POLICYDB_STRING_OLD "SE Linux"
276 #define TARGET_XEN 1
277 #define TARGET_XEN_OLD 0
278 
279 struct policy_file {
280     const char *data;
281     size_t len;
282 };
283 
next_entry(void * buf,struct policy_file * fp,size_t bytes)284 static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes)
285 {
286     if ( bytes > fp->len )
287         return -EINVAL;
288 
289     memcpy(buf, fp->data, bytes);
290     fp->data += bytes;
291     fp->len -= bytes;
292     return 0;
293 }
294 
295 #endif    /* _SS_POLICYDB_H_ */
296 
297