cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

conditional.h (2465B)

      1/* SPDX-License-Identifier: GPL-2.0-only */
      2/* Authors: Karl MacMillan <kmacmillan@tresys.com>
      3 *          Frank Mayer <mayerf@tresys.com>
      4 *
      5 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
      6 */
      7
      8#ifndef _CONDITIONAL_H_
      9#define _CONDITIONAL_H_
     10
     11#include "avtab.h"
     12#include "symtab.h"
     13#include "policydb.h"
     14#include "../include/conditional.h"
     15
     16#define COND_EXPR_MAXDEPTH 10
     17
     18/*
     19 * A conditional expression is a list of operators and operands
     20 * in reverse polish notation.
     21 */
     22struct cond_expr_node {
     23#define COND_BOOL	1 /* plain bool */
     24#define COND_NOT	2 /* !bool */
     25#define COND_OR		3 /* bool || bool */
     26#define COND_AND	4 /* bool && bool */
     27#define COND_XOR	5 /* bool ^ bool */
     28#define COND_EQ		6 /* bool == bool */
     29#define COND_NEQ	7 /* bool != bool */
     30#define COND_LAST	COND_NEQ
     31	u32 expr_type;
     32	u32 bool;
     33};
     34
     35struct cond_expr {
     36	struct cond_expr_node *nodes;
     37	u32 len;
     38};
     39
     40/*
     41 * Each cond_node contains a list of rules to be enabled/disabled
     42 * depending on the current value of the conditional expression. This
     43 * struct is for that list.
     44 */
     45struct cond_av_list {
     46	struct avtab_node **nodes;
     47	u32 len;
     48};
     49
     50/*
     51 * A cond node represents a conditional block in a policy. It
     52 * contains a conditional expression, the current state of the expression,
     53 * two lists of rules to enable/disable depending on the value of the
     54 * expression (the true list corresponds to if and the false list corresponds
     55 * to else)..
     56 */
     57struct cond_node {
     58	int cur_state;
     59	struct cond_expr expr;
     60	struct cond_av_list true_list;
     61	struct cond_av_list false_list;
     62};
     63
     64void cond_policydb_init(struct policydb *p);
     65void cond_policydb_destroy(struct policydb *p);
     66
     67int cond_init_bool_indexes(struct policydb *p);
     68int cond_destroy_bool(void *key, void *datum, void *p);
     69
     70int cond_index_bool(void *key, void *datum, void *datap);
     71
     72int cond_read_bool(struct policydb *p, struct symtab *s, void *fp);
     73int cond_read_list(struct policydb *p, void *fp);
     74int cond_write_bool(void *key, void *datum, void *ptr);
     75int cond_write_list(struct policydb *p, void *fp);
     76
     77void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
     78		struct av_decision *avd, struct extended_perms *xperms);
     79void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
     80		struct extended_perms_decision *xpermd);
     81void evaluate_cond_nodes(struct policydb *p);
     82void cond_policydb_destroy_dup(struct policydb *p);
     83int cond_policydb_dup(struct policydb *new, struct policydb *orig);
     84
     85#endif /* _CONDITIONAL_H_ */