2
* Access vector cache interface for object managers.
4
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
7
/* Ported to Xen 3.0, George Coker, <gscoker@alpha.ncsc.mil> */
12
#include <xen/errno.h>
14
#include <xen/spinlock.h>
15
#include <asm/percpu.h>
17
#include "av_permissions.h"
21
extern int flask_enforcing;
23
#define flask_enforcing 1
27
* An entry in the AVC.
38
/* Auxiliary data to use in generating the audit record. */
39
struct avc_audit_data {
41
#define AVC_AUDIT_DATA_DEV 1
49
/* Initialize an AVC audit data structure. */
50
#define AVC_AUDIT_DATA_INIT(_d,_t) \
51
{ memset((_d), 0, sizeof(struct avc_audit_data)); \
52
(_d)->type = AVC_AUDIT_DATA_##_t; }
57
struct avc_cache_stats
62
unsigned int allocations;
63
unsigned int reclaims;
73
void avc_audit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
74
struct av_decision *avd, int result, struct avc_audit_data *auditdata);
76
int avc_has_perm_noaudit(u32 ssid, u32 tsid, u16 tclass, u32 requested,
77
struct av_decision *avd);
79
int avc_has_perm(u32 ssid, u32 tsid, u16 tclass, u32 requested,
80
struct avc_audit_data *auditdata);
82
#define AVC_CALLBACK_GRANT 1
83
#define AVC_CALLBACK_TRY_REVOKE 2
84
#define AVC_CALLBACK_REVOKE 4
85
#define AVC_CALLBACK_RESET 8
86
#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
87
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
88
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
89
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
91
int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
92
u16 tclass, u32 perms, u32 *out_retained), u32 events,
93
u32 ssid, u32 tsid, u16 tclass, u32 perms);
95
/* Exported to selinuxfs */
96
int avc_get_hash_stats(char *buf, uint32_t size);
97
extern unsigned int avc_cache_threshold;
99
#ifdef FLASK_AVC_STATS
100
DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
103
#endif /* _FLASK_AVC_H_ */