1 /* SPDX-License-Identifier: GPL-2.0 */ 2 /* 3 * Access vector cache interface for object managers. 4 * 5 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 6 */ 7 #ifndef _SELINUX_AVC_H_ 8 #define _SELINUX_AVC_H_ 9 10 #include <linux/stddef.h> 11 #include <linux/errno.h> 12 #include <linux/kernel.h> 13 #include <linux/kdev_t.h> 14 #include <linux/spinlock.h> 15 #include <linux/init.h> 16 #include <linux/audit.h> 17 #include <linux/lsm_audit.h> 18 #include <linux/in6.h> 19 #include "flask.h" 20 #include "av_permissions.h" 21 #include "security.h" 22 23 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP 24 extern int selinux_enforcing; 25 #else 26 #define selinux_enforcing 1 27 #endif 28 29 /* 30 * An entry in the AVC. 31 */ 32 struct avc_entry; 33 34 struct task_struct; 35 struct inode; 36 struct sock; 37 struct sk_buff; 38 39 /* 40 * AVC statistics 41 */ 42 struct avc_cache_stats { 43 unsigned int lookups; 44 unsigned int misses; 45 unsigned int allocations; 46 unsigned int reclaims; 47 unsigned int frees; 48 }; 49 50 /* 51 * We only need this data after we have decided to send an audit message. 52 */ 53 struct selinux_audit_data { 54 u32 ssid; 55 u32 tsid; 56 u16 tclass; 57 u32 requested; 58 u32 audited; 59 u32 denied; 60 int result; 61 }; 62 63 /* 64 * AVC operations 65 */ 66 67 void __init avc_init(void); 68 69 static inline u32 avc_audit_required(u32 requested, 70 struct av_decision *avd, 71 int result, 72 u32 auditdeny, 73 u32 *deniedp) 74 { 75 u32 denied, audited; 76 denied = requested & ~avd->allowed; 77 if (unlikely(denied)) { 78 audited = denied & avd->auditdeny; 79 /* 80 * auditdeny is TRICKY! Setting a bit in 81 * this field means that ANY denials should NOT be audited if 82 * the policy contains an explicit dontaudit rule for that 83 * permission. Take notice that this is unrelated to the 84 * actual permissions that were denied. As an example lets 85 * assume: 86 * 87 * denied == READ 88 * avd.auditdeny & ACCESS == 0 (not set means explicit rule) 89 * auditdeny & ACCESS == 1 90 * 91 * We will NOT audit the denial even though the denied 92 * permission was READ and the auditdeny checks were for 93 * ACCESS 94 */ 95 if (auditdeny && !(auditdeny & avd->auditdeny)) 96 audited = 0; 97 } else if (result) 98 audited = denied = requested; 99 else 100 audited = requested & avd->auditallow; 101 *deniedp = denied; 102 return audited; 103 } 104 105 int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, 106 u32 requested, u32 audited, u32 denied, int result, 107 struct common_audit_data *a, 108 unsigned flags); 109 110 /** 111 * avc_audit - Audit the granting or denial of permissions. 112 * @ssid: source security identifier 113 * @tsid: target security identifier 114 * @tclass: target security class 115 * @requested: requested permissions 116 * @avd: access vector decisions 117 * @result: result from avc_has_perm_noaudit 118 * @a: auxiliary audit data 119 * @flags: VFS walk flags 120 * 121 * Audit the granting or denial of permissions in accordance 122 * with the policy. This function is typically called by 123 * avc_has_perm() after a permission check, but can also be 124 * called directly by callers who use avc_has_perm_noaudit() 125 * in order to separate the permission check from the auditing. 126 * For example, this separation is useful when the permission check must 127 * be performed under a lock, to allow the lock to be released 128 * before calling the auditing code. 129 */ 130 static inline int avc_audit(u32 ssid, u32 tsid, 131 u16 tclass, u32 requested, 132 struct av_decision *avd, 133 int result, 134 struct common_audit_data *a, 135 int flags) 136 { 137 u32 audited, denied; 138 audited = avc_audit_required(requested, avd, result, 0, &denied); 139 if (likely(!audited)) 140 return 0; 141 return slow_avc_audit(ssid, tsid, tclass, 142 requested, audited, denied, result, 143 a, flags); 144 } 145 146 #define AVC_STRICT 1 /* Ignore permissive mode. */ 147 #define AVC_EXTENDED_PERMS 2 /* update extended permissions */ 148 int avc_has_perm_noaudit(u32 ssid, u32 tsid, 149 u16 tclass, u32 requested, 150 unsigned flags, 151 struct av_decision *avd); 152 153 int avc_has_perm(u32 ssid, u32 tsid, 154 u16 tclass, u32 requested, 155 struct common_audit_data *auditdata); 156 int avc_has_perm_flags(u32 ssid, u32 tsid, 157 u16 tclass, u32 requested, 158 struct common_audit_data *auditdata, 159 int flags); 160 161 int avc_has_extended_perms(u32 ssid, u32 tsid, u16 tclass, u32 requested, 162 u8 driver, u8 perm, struct common_audit_data *ad); 163 164 165 u32 avc_policy_seqno(void); 166 167 #define AVC_CALLBACK_GRANT 1 168 #define AVC_CALLBACK_TRY_REVOKE 2 169 #define AVC_CALLBACK_REVOKE 4 170 #define AVC_CALLBACK_RESET 8 171 #define AVC_CALLBACK_AUDITALLOW_ENABLE 16 172 #define AVC_CALLBACK_AUDITALLOW_DISABLE 32 173 #define AVC_CALLBACK_AUDITDENY_ENABLE 64 174 #define AVC_CALLBACK_AUDITDENY_DISABLE 128 175 #define AVC_CALLBACK_ADD_XPERMS 256 176 177 int avc_add_callback(int (*callback)(u32 event), u32 events); 178 179 /* Exported to selinuxfs */ 180 int avc_get_hash_stats(char *page); 181 extern unsigned int avc_cache_threshold; 182 183 /* Attempt to free avc node cache */ 184 void avc_disable(void); 185 186 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS 187 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats); 188 #endif 189 190 #endif /* _SELINUX_AVC_H_ */ 191 192