RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libsepol/include/sepol/policydb/avtab.h

128 lines
4.0 KiB
C
Raw Blame History

/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/*
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
* Tuned number of hash slots for avtab to reduce memory usage
*/
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
*
* Added conditional policy language extensions
*
* Copyright (C) 2003 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* FLASK */
/*
* An access vector table (avtab) is a hash table
* of access vectors and transition types indexed
* by a type pair and a class. An access vector
* table is used to represent the type enforcement
* tables.
*/
#ifndef _SEPOL_POLICYDB_AVTAB_H_
#define _SEPOL_POLICYDB_AVTAB_H_
#include <sys/types.h>
#include <stdint.h>
typedef struct avtab_key {
uint16_t source_type;
uint16_t target_type;
uint16_t target_class;
#define AVTAB_ALLOWED 1
#define AVTAB_AUDITALLOW 2
#define AVTAB_AUDITDENY 4
#define AVTAB_NEVERALLOW 128
#define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
#define AVTAB_TRANSITION 16
#define AVTAB_MEMBER 32
#define AVTAB_CHANGE 64
#define AVTAB_TYPE (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
#define AVTAB_ENABLED_OLD 0x80000000
#define AVTAB_ENABLED 0x8000 /* reserved for used in cond_avtab */
uint16_t specified; /* what fields are specified */
} avtab_key_t;
typedef struct avtab_datum {
uint32_t data; /* access vector or type */
} avtab_datum_t;
typedef struct avtab_node *avtab_ptr_t;
struct avtab_node {
avtab_key_t key;
avtab_datum_t datum;
avtab_ptr_t next;
void *parse_context; /* generic context pointer used by parser;
* not saved in binary policy */
unsigned merged; /* flag for avtab_write only;
not saved in binary policy */
};
typedef struct avtab {
avtab_ptr_t *htable;
uint32_t nel; /* number of elements */
uint32_t nslot; /* number of hash slots */
uint16_t mask; /* mask to compute hash func */
} avtab_t;
extern int avtab_init(avtab_t *);
extern int avtab_alloc(avtab_t *, uint32_t);
extern int avtab_insert(avtab_t * h, avtab_key_t * k, avtab_datum_t * d);
extern avtab_datum_t *avtab_search(avtab_t * h, avtab_key_t * k);
extern void avtab_destroy(avtab_t * h);
extern int avtab_map(avtab_t * h,
int (*apply) (avtab_key_t * k,
avtab_datum_t * d, void *args), void *args);
extern void avtab_hash_eval(avtab_t * h, char *tag);
struct policy_file;
extern int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
int (*insert) (avtab_t * a, avtab_key_t * k,
avtab_datum_t * d, void *p), void *p);
extern int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers);
extern avtab_ptr_t avtab_insert_nonunique(avtab_t * h, avtab_key_t * key,
avtab_datum_t * datum);
extern avtab_ptr_t avtab_insert_with_parse_context(avtab_t * h,
avtab_key_t * key,
avtab_datum_t * datum,
void *parse_context);
extern avtab_ptr_t avtab_search_node(avtab_t * h, avtab_key_t * key);
extern avtab_ptr_t avtab_search_node_next(avtab_ptr_t node, int specified);
#define MAX_AVTAB_HASH_BITS 13
#define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
#define MAX_AVTAB_HASH_MASK (MAX_AVTAB_HASH_BUCKETS-1)
#define MAX_AVTAB_SIZE MAX_AVTAB_HASH_BUCKETS
#endif /* _AVTAB_H_ */
/* FLASK */
Reference in New Issue View Git Blame Copy Permalink