xref: /openbmc/linux/security/selinux/ss/services.h (revision c900529f3d9161bfde5cca0754f83b4d3c3e0220) 
1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */
21da177e4SLinus Torvalds /*
31da177e4SLinus Torvalds  * Implementation of the security services.
41da177e4SLinus Torvalds  *
50fe53224SStephen Smalley  * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
61da177e4SLinus Torvalds  */
71da177e4SLinus Torvalds #ifndef _SS_SERVICES_H_
81da177e4SLinus Torvalds #define _SS_SERVICES_H_
91da177e4SLinus Torvalds 
101da177e4SLinus Torvalds #include "policydb.h"
111da177e4SLinus Torvalds 
12aa8e712cSStephen Smalley /* Mapping for a single class */
13aa8e712cSStephen Smalley struct selinux_mapping {
14aa8e712cSStephen Smalley 	u16 value; /* policy value for class */
15*002903e1SChristian Göttsche 	u16 num_perms; /* number of permissions in class */
16aa8e712cSStephen Smalley 	u32 perms[sizeof(u32) * 8]; /* policy values for permissions */
17aa8e712cSStephen Smalley };
18aa8e712cSStephen Smalley 
19aa8e712cSStephen Smalley /* Map for all of the classes, with array size */
20aa8e712cSStephen Smalley struct selinux_map {
21aa8e712cSStephen Smalley 	struct selinux_mapping *mapping; /* indexed by class */
22aa8e712cSStephen Smalley 	u16 size; /* array size of mapping */
23aa8e712cSStephen Smalley };
24aa8e712cSStephen Smalley 
2546169802SStephen Smalley struct selinux_policy {
26c7c556f1SStephen Smalley 	struct sidtab *sidtab;
27aa8e712cSStephen Smalley 	struct policydb policydb;
2846169802SStephen Smalley 	struct selinux_map map;
29aa8e712cSStephen Smalley 	u32 latest_granting;
305c108d4eSStephen Smalley } __randomize_layout;
311da177e4SLinus Torvalds 
32048be156SPaul Moore struct convert_context_args {
33048be156SPaul Moore 	struct policydb *oldp;
34048be156SPaul Moore 	struct policydb *newp;
35048be156SPaul Moore };
36048be156SPaul Moore 
37fa1aa143SJeff Vander Stoep void services_compute_xperms_drivers(struct extended_perms *xperms,
38fa1aa143SJeff Vander Stoep 				     struct avtab_node *node);
39fa1aa143SJeff Vander Stoep void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
40fa1aa143SJeff Vander Stoep 				      struct avtab_node *node);
41fa1aa143SJeff Vander Stoep 
42048be156SPaul Moore int services_convert_context(struct convert_context_args *args,
4357888f7bSLinus Torvalds 			     struct context *oldc, struct context *newc,
4457888f7bSLinus Torvalds 			     gfp_t gfp_flags);
45048be156SPaul Moore 
461da177e4SLinus Torvalds #endif	/* _SS_SERVICES_H_ */
47