avc.h (5065B)
1/* SPDX-License-Identifier: GPL-2.0 */ 2/* 3 * Access vector cache interface for object managers. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7#ifndef _SELINUX_AVC_H_ 8#define _SELINUX_AVC_H_ 9 10#include <linux/stddef.h> 11#include <linux/errno.h> 12#include <linux/kernel.h> 13#include <linux/kdev_t.h> 14#include <linux/spinlock.h> 15#include <linux/init.h> 16#include <linux/audit.h> 17#include <linux/lsm_audit.h> 18#include <linux/in6.h> 19#include "flask.h" 20#include "av_permissions.h" 21#include "security.h" 22 23/* 24 * An entry in the AVC. 25 */ 26struct avc_entry; 27 28struct task_struct; 29struct inode; 30struct sock; 31struct sk_buff; 32 33/* 34 * AVC statistics 35 */ 36struct avc_cache_stats { 37 unsigned int lookups; 38 unsigned int misses; 39 unsigned int allocations; 40 unsigned int reclaims; 41 unsigned int frees; 42}; 43 44/* 45 * We only need this data after we have decided to send an audit message. 46 */ 47struct selinux_audit_data { 48 u32 ssid; 49 u32 tsid; 50 u16 tclass; 51 u32 requested; 52 u32 audited; 53 u32 denied; 54 int result; 55 struct selinux_state *state; 56}; 57 58/* 59 * AVC operations 60 */ 61 62void __init avc_init(void); 63 64static inline u32 avc_audit_required(u32 requested, 65 struct av_decision *avd, 66 int result, 67 u32 auditdeny, 68 u32 *deniedp) 69{ 70 u32 denied, audited; 71 denied = requested & ~avd->allowed; 72 if (unlikely(denied)) { 73 audited = denied & avd->auditdeny; 74 /* 75 * auditdeny is TRICKY! Setting a bit in 76 * this field means that ANY denials should NOT be audited if 77 * the policy contains an explicit dontaudit rule for that 78 * permission. Take notice that this is unrelated to the 79 * actual permissions that were denied. As an example lets 80 * assume: 81 * 82 * denied == READ 83 * avd.auditdeny & ACCESS == 0 (not set means explicit rule) 84 * auditdeny & ACCESS == 1 85 * 86 * We will NOT audit the denial even though the denied 87 * permission was READ and the auditdeny checks were for 88 * ACCESS 89 */ 90 if (auditdeny && !(auditdeny & avd->auditdeny)) 91 audited = 0; 92 } else if (result) 93 audited = denied = requested; 94 else 95 audited = requested & avd->auditallow; 96 *deniedp = denied; 97 return audited; 98} 99 100int slow_avc_audit(struct selinux_state *state, 101 u32 ssid, u32 tsid, u16 tclass, 102 u32 requested, u32 audited, u32 denied, int result, 103 struct common_audit_data *a); 104 105/** 106 * avc_audit - Audit the granting or denial of permissions. 107 * @state: SELinux state 108 * @ssid: source security identifier 109 * @tsid: target security identifier 110 * @tclass: target security class 111 * @requested: requested permissions 112 * @avd: access vector decisions 113 * @result: result from avc_has_perm_noaudit 114 * @a: auxiliary audit data 115 * 116 * Audit the granting or denial of permissions in accordance 117 * with the policy. This function is typically called by 118 * avc_has_perm() after a permission check, but can also be 119 * called directly by callers who use avc_has_perm_noaudit() 120 * in order to separate the permission check from the auditing. 121 * For example, this separation is useful when the permission check must 122 * be performed under a lock, to allow the lock to be released 123 * before calling the auditing code. 124 */ 125static inline int avc_audit(struct selinux_state *state, 126 u32 ssid, u32 tsid, 127 u16 tclass, u32 requested, 128 struct av_decision *avd, 129 int result, 130 struct common_audit_data *a) 131{ 132 u32 audited, denied; 133 audited = avc_audit_required(requested, avd, result, 0, &denied); 134 if (likely(!audited)) 135 return 0; 136 return slow_avc_audit(state, ssid, tsid, tclass, 137 requested, audited, denied, result, 138 a); 139} 140 141#define AVC_STRICT 1 /* Ignore permissive mode. */ 142#define AVC_EXTENDED_PERMS 2 /* update extended permissions */ 143int avc_has_perm_noaudit(struct selinux_state *state, 144 u32 ssid, u32 tsid, 145 u16 tclass, u32 requested, 146 unsigned flags, 147 struct av_decision *avd); 148 149int avc_has_perm(struct selinux_state *state, 150 u32 ssid, u32 tsid, 151 u16 tclass, u32 requested, 152 struct common_audit_data *auditdata); 153 154int avc_has_extended_perms(struct selinux_state *state, 155 u32 ssid, u32 tsid, u16 tclass, u32 requested, 156 u8 driver, u8 perm, struct common_audit_data *ad); 157 158 159u32 avc_policy_seqno(struct selinux_state *state); 160 161#define AVC_CALLBACK_GRANT 1 162#define AVC_CALLBACK_TRY_REVOKE 2 163#define AVC_CALLBACK_REVOKE 4 164#define AVC_CALLBACK_RESET 8 165#define AVC_CALLBACK_AUDITALLOW_ENABLE 16 166#define AVC_CALLBACK_AUDITALLOW_DISABLE 32 167#define AVC_CALLBACK_AUDITDENY_ENABLE 64 168#define AVC_CALLBACK_AUDITDENY_DISABLE 128 169#define AVC_CALLBACK_ADD_XPERMS 256 170 171int avc_add_callback(int (*callback)(u32 event), u32 events); 172 173/* Exported to selinuxfs */ 174struct selinux_avc; 175int avc_get_hash_stats(struct selinux_avc *avc, char *page); 176unsigned int avc_get_cache_threshold(struct selinux_avc *avc); 177void avc_set_cache_threshold(struct selinux_avc *avc, 178 unsigned int cache_threshold); 179 180/* Attempt to free avc node cache */ 181void avc_disable(void); 182 183#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 184DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); 185#endif 186 187#endif /* _SELINUX_AVC_H_ */ 188