1 /*
2  * Access vector cache interface for object managers.
3  *
4  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5  */
6 
7 /* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
8 
9 #ifndef _FLASK_AVC_H_
10 #define _FLASK_AVC_H_
11 
12 #include <xen/errno.h>
13 #include <xen/lib.h>
14 #include <xen/spinlock.h>
15 #include <asm/percpu.h>
16 #include "flask.h"
17 #include "av_permissions.h"
18 #include "security.h"
19 
20 extern bool flask_enforcing;
21 
22 /*
23  * An entry in the AVC.
24  */
25 struct avc_entry;
26 
27 struct task_struct;
28 struct vfsmount;
29 struct dentry;
30 struct inode;
31 struct sock;
32 struct sk_buff;
33 
34 /* Auxiliary data to use in generating the audit record. */
35 struct avc_audit_data {
36     char    type;
37 #define AVC_AUDIT_DATA_NONE  0
38 #define AVC_AUDIT_DATA_DEV   1
39 #define AVC_AUDIT_DATA_IRQ   2
40 #define AVC_AUDIT_DATA_RANGE 3
41 #define AVC_AUDIT_DATA_MEMORY 4
42 #define AVC_AUDIT_DATA_DTDEV 5
43     struct domain *sdom;
44     struct domain *tdom;
45     union {
46         unsigned long device;
47         int irq;
48         struct {
49             unsigned long start;
50             unsigned long end;
51         } range;
52         struct {
53             unsigned long pte;
54             unsigned long mfn;
55         } memory;
56         const char *dtdev;
57     };
58 };
59 
60 /* Initialize an AVC audit data structure. */
61 #define AVC_AUDIT_DATA_INIT(_d,_t) \
62         { memset((_d), 0, sizeof(struct avc_audit_data)); \
63          (_d)->type = AVC_AUDIT_DATA_##_t; }
64 
65 /*
66  * AVC statistics
67  */
68 struct avc_cache_stats
69 {
70     unsigned int lookups;
71     unsigned int hits;
72     unsigned int misses;
73     unsigned int allocations;
74     unsigned int reclaims;
75     unsigned int frees;
76 };
77 
78 /*
79  * AVC operations
80  */
81 
82 void avc_init(void);
83 
84 void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
85         struct av_decision *avd, int result, struct avc_audit_data *auditdata);
86 
87 int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
88                                                      struct av_decision *avd);
89 
90 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,
91                                              struct avc_audit_data *auditdata);
92 
93 /* Exported to selinuxfs */
94 struct xen_flask_hash_stats;
95 int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
96 extern unsigned int avc_cache_threshold;
97 
98 #ifdef CONFIG_FLASK_AVC_STATS
99 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
100 #endif
101 
102 #endif /* _FLASK_AVC_H_ */
103 
104