security/selinux/include/avc.h - arm/linux - Git at Google

 /*
  * Access vector cache interface for object managers.
  *
  * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
  */
 #ifndef _SELINUX_AVC_H_
 #define _SELINUX_AVC_H_

 #include <linux/stddef.h>
 #include <linux/errno.h>
 #include <linux/kernel.h>
 #include <linux/kdev_t.h>
 #include <linux/spinlock.h>
 #include <linux/init.h>
 #include <linux/audit.h>
 #include <linux/lsm_audit.h>
 #include <linux/in6.h>
 #include <linux/path.h>
 #include <asm/system.h>
 #include "flask.h"
 #include "av_permissions.h"
 #include "security.h"

 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 extern int selinux_enforcing;
 #else
 #define selinux_enforcing 1
 #endif

 /*
  * An entry in the AVC.
  */
 struct avc_entry;

 struct task_struct;
 struct inode;
 struct sock;
 struct sk_buff;

 /*
  * AVC statistics
  */
 struct avc_cache_stats {
 	unsigned int lookups;
 	unsigned int hits;
 	unsigned int misses;
 	unsigned int allocations;
 	unsigned int reclaims;
 	unsigned int frees;
 };

 /*
  * AVC operations
  */

 void __init avc_init(void);

 void avc_audit(u32 ssid, u32 tsid,
 	       u16 tclass, u32 requested,
 	       struct av_decision *avd,
 	       int result,
 	       struct common_audit_data *a);

 #define AVC_STRICT 1 /* Ignore permissive mode. */
 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 			 u16 tclass, u32 requested,
 			 unsigned flags,
 			 struct av_decision *avd);

 int avc_has_perm(u32 ssid, u32 tsid,
 		 u16 tclass, u32 requested,
 		 struct common_audit_data *auditdata);

 u32 avc_policy_seqno(void);

 #define AVC_CALLBACK_GRANT		1
 #define AVC_CALLBACK_TRY_REVOKE		2
 #define AVC_CALLBACK_REVOKE		4
 #define AVC_CALLBACK_RESET		8
 #define AVC_CALLBACK_AUDITALLOW_ENABLE	16
 #define AVC_CALLBACK_AUDITALLOW_DISABLE	32
 #define AVC_CALLBACK_AUDITDENY_ENABLE	64
 #define AVC_CALLBACK_AUDITDENY_DISABLE	128

 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
 				     u16 tclass, u32 perms,
 				     u32 *out_retained),
 		     u32 events, u32 ssid, u32 tsid,
 		     u16 tclass, u32 perms);

 /* Exported to selinuxfs */
 int avc_get_hash_stats(char *page);
 extern unsigned int avc_cache_threshold;

 /* Attempt to free avc node cache */
 void avc_disable(void);

 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif

 #endif /* _SELINUX_AVC_H_ */
	/*
	* Access vector cache interface for object managers.
	*
	* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
	*/
	#ifndef _SELINUX_AVC_H_
	#define _SELINUX_AVC_H_

	#include <linux/stddef.h>
	#include <linux/errno.h>
	#include <linux/kernel.h>
	#include <linux/kdev_t.h>
	#include <linux/spinlock.h>
	#include <linux/init.h>
	#include <linux/audit.h>
	#include <linux/lsm_audit.h>
	#include <linux/in6.h>
	#include <linux/path.h>
	#include <asm/system.h>
	#include "flask.h"
	#include "av_permissions.h"
	#include "security.h"

	#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
	extern int selinux_enforcing;
	#else
	#define selinux_enforcing 1
	#endif

	/*
	* An entry in the AVC.
	*/
	struct avc_entry;

	struct task_struct;
	struct inode;
	struct sock;
	struct sk_buff;

	/*
	* AVC statistics
	*/
	struct avc_cache_stats {
	unsigned int lookups;
	unsigned int hits;
	unsigned int misses;
	unsigned int allocations;
	unsigned int reclaims;
	unsigned int frees;
	};

	/*
	* AVC operations
	*/

	void __init avc_init(void);

	void avc_audit(u32 ssid, u32 tsid,
	u16 tclass, u32 requested,
	struct av_decision *avd,
	int result,
	struct common_audit_data *a);

	#define AVC_STRICT 1 /* Ignore permissive mode. */
	int avc_has_perm_noaudit(u32 ssid, u32 tsid,
	u16 tclass, u32 requested,
	unsigned flags,
	struct av_decision *avd);

	int avc_has_perm(u32 ssid, u32 tsid,
	u16 tclass, u32 requested,
	struct common_audit_data *auditdata);

	u32 avc_policy_seqno(void);

	#define AVC_CALLBACK_GRANT 1
	#define AVC_CALLBACK_TRY_REVOKE 2
	#define AVC_CALLBACK_REVOKE 4
	#define AVC_CALLBACK_RESET 8
	#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
	#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
	#define AVC_CALLBACK_AUDITDENY_ENABLE 64
	#define AVC_CALLBACK_AUDITDENY_DISABLE 128

	int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
	u16 tclass, u32 perms,
	u32 *out_retained),
	u32 events, u32 ssid, u32 tsid,
	u16 tclass, u32 perms);

	/* Exported to selinuxfs */
	int avc_get_hash_stats(char *page);
	extern unsigned int avc_cache_threshold;

	/* Attempt to free avc node cache */
	void avc_disable(void);

	#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
	DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
	#endif

	#endif /* _SELINUX_AVC_H_ */