• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/linux/linux-2.6/security/selinux/include/
1/*
2 * Access vector cache interface for object managers.
3 *
4 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
5 */
6#ifndef _SELINUX_AVC_H_
7#define _SELINUX_AVC_H_
8
9#include <linux/stddef.h>
10#include <linux/errno.h>
11#include <linux/kernel.h>
12#include <linux/kdev_t.h>
13#include <linux/spinlock.h>
14#include <linux/init.h>
15#include <linux/audit.h>
16#include <linux/lsm_audit.h>
17#include <linux/in6.h>
18#include <linux/path.h>
19#include <asm/system.h>
20#include "flask.h"
21#include "av_permissions.h"
22#include "security.h"
23
24#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
25extern int selinux_enforcing;
26#else
27#define selinux_enforcing 1
28#endif
29
30/*
31 * An entry in the AVC.
32 */
33struct avc_entry;
34
35struct task_struct;
36struct inode;
37struct sock;
38struct sk_buff;
39
40/*
41 * AVC statistics
42 */
43struct avc_cache_stats {
44	unsigned int lookups;
45	unsigned int hits;
46	unsigned int misses;
47	unsigned int allocations;
48	unsigned int reclaims;
49	unsigned int frees;
50};
51
52/*
53 * AVC operations
54 */
55
56void __init avc_init(void);
57
58void avc_audit(u32 ssid, u32 tsid,
59	       u16 tclass, u32 requested,
60	       struct av_decision *avd,
61	       int result,
62	       struct common_audit_data *a);
63
64#define AVC_STRICT 1 /* Ignore permissive mode. */
65int avc_has_perm_noaudit(u32 ssid, u32 tsid,
66			 u16 tclass, u32 requested,
67			 unsigned flags,
68			 struct av_decision *avd);
69
70int avc_has_perm(u32 ssid, u32 tsid,
71		 u16 tclass, u32 requested,
72		 struct common_audit_data *auditdata);
73
74u32 avc_policy_seqno(void);
75
76#define AVC_CALLBACK_GRANT		1
77#define AVC_CALLBACK_TRY_REVOKE		2
78#define AVC_CALLBACK_REVOKE		4
79#define AVC_CALLBACK_RESET		8
80#define AVC_CALLBACK_AUDITALLOW_ENABLE	16
81#define AVC_CALLBACK_AUDITALLOW_DISABLE	32
82#define AVC_CALLBACK_AUDITDENY_ENABLE	64
83#define AVC_CALLBACK_AUDITDENY_DISABLE	128
84
85int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
86				     u16 tclass, u32 perms,
87				     u32 *out_retained),
88		     u32 events, u32 ssid, u32 tsid,
89		     u16 tclass, u32 perms);
90
91/* Exported to selinuxfs */
92int avc_get_hash_stats(char *page);
93extern unsigned int avc_cache_threshold;
94
95/* Attempt to free avc node cache */
96void avc_disable(void);
97
98#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
99DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
100#endif
101
102#endif /* _SELINUX_AVC_H_ */
103