1 /* SPDX-License-Identifier: GPL-2.0 */
3 * Access vector cache interface for object managers.
5 * Author : Stephen Smalley, <sds@tycho.nsa.gov>
7 #ifndef _SELINUX_AVC_H_
8 #define _SELINUX_AVC_H_
10 #include <linux/stddef.h>
11 #include <linux/errno.h>
12 #include <linux/kernel.h>
13 #include <linux/kdev_t.h>
14 #include <linux/spinlock.h>
15 #include <linux/init.h>
16 #include <linux/audit.h>
17 #include <linux/lsm_audit.h>
18 #include <linux/in6.h>
20 #include "av_permissions.h"
23 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
24 extern int selinux_enforcing;
26 #define selinux_enforcing 1
30 * An entry in the AVC.
42 struct avc_cache_stats {
45 unsigned int allocations;
46 unsigned int reclaims;
51 * We only need this data after we have decided to send an audit message.
53 struct selinux_audit_data {
67 void __init avc_init(void);
69 static inline u32 avc_audit_required(u32 requested,
70 struct av_decision *avd,
76 denied = requested & ~avd->allowed;
77 if (unlikely(denied)) {
78 audited = denied & avd->auditdeny;
80 * auditdeny is TRICKY! Setting a bit in
81 * this field means that ANY denials should NOT be audited if
82 * the policy contains an explicit dontaudit rule for that
83 * permission. Take notice that this is unrelated to the
84 * actual permissions that were denied. As an example lets
88 * avd.auditdeny & ACCESS == 0 (not set means explicit rule)
89 * auditdeny & ACCESS == 1
91 * We will NOT audit the denial even though the denied
92 * permission was READ and the auditdeny checks were for
95 if (auditdeny && !(auditdeny & avd->auditdeny))
98 audited = denied = requested;
100 audited = requested & avd->auditallow;
105 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass,
106 u32 requested, u32 audited, u32 denied, int result,
107 struct common_audit_data *a,
111 * avc_audit - Audit the granting or denial of permissions.
112 * @ssid: source security identifier
113 * @tsid: target security identifier
114 * @tclass: target security class
115 * @requested: requested permissions
116 * @avd: access vector decisions
117 * @result: result from avc_has_perm_noaudit
118 * @a: auxiliary audit data
119 * @flags: VFS walk flags
121 * Audit the granting or denial of permissions in accordance
122 * with the policy. This function is typically called by
123 * avc_has_perm() after a permission check, but can also be
124 * called directly by callers who use avc_has_perm_noaudit()
125 * in order to separate the permission check from the auditing.
126 * For example, this separation is useful when the permission check must
127 * be performed under a lock, to allow the lock to be released
128 * before calling the auditing code.
130 static inline int avc_audit(u32 ssid, u32 tsid,
131 u16 tclass, u32 requested,
132 struct av_decision *avd,
134 struct common_audit_data *a,
138 audited = avc_audit_required(requested, avd, result, 0, &denied);
139 if (likely(!audited))
141 return slow_avc_audit(ssid, tsid, tclass,
142 requested, audited, denied, result,
146 #define AVC_STRICT 1 /* Ignore permissive mode. */
147 #define AVC_EXTENDED_PERMS 2 /* update extended permissions */
148 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
149 u16 tclass, u32 requested,
151 struct av_decision *avd);
153 int avc_has_perm(u32 ssid, u32 tsid,
154 u16 tclass, u32 requested,
155 struct common_audit_data *auditdata);
156 int avc_has_perm_flags(u32 ssid, u32 tsid,
157 u16 tclass, u32 requested,
158 struct common_audit_data *auditdata,
161 int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested,
162 u8 driver, u8 perm, struct common_audit_data *ad);
165 u32 avc_policy_seqno(void);
167 #define AVC_CALLBACK_GRANT 1
168 #define AVC_CALLBACK_TRY_REVOKE 2
169 #define AVC_CALLBACK_REVOKE 4
170 #define AVC_CALLBACK_RESET 8
171 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16
172 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32
173 #define AVC_CALLBACK_AUDITDENY_ENABLE 64
174 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
175 #define AVC_CALLBACK_ADD_XPERMS 256
177 int avc_add_callback(int (*callback)(u32 event), u32 events);
179 /* Exported to selinuxfs */
180 int avc_get_hash_stats(char *page);
181 extern unsigned int avc_cache_threshold;
183 /* Attempt to free avc node cache */
184 void avc_disable(void);
186 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
187 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
190 #endif /* _SELINUX_AVC_H_ */