avc.h source code [include/selinux/avc.h]

1	/*
2	* Access vector cache interface for object managers.
3	*
4	* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
5	*/
6	#ifndef _SELINUX_AVC_H_
7	#define _SELINUX_AVC_H_
8
9	#include <stdint.h>
10	#include <errno.h>
11	#include <stdlib.h>
12	#include <selinux/selinux.h>
13
14	#ifdef __cplusplus
15	extern "C" {
16	#endif
17
18	/*
19	* SID format and operations
20	*/
21	struct security_id {
22	char * ctx;
23	unsigned int refcnt;
24	};
25	typedef struct security_id *security_id_t;
26
27	#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
28
29	/**
30	* avc_sid_to_context - get copy of context corresponding to SID.
31	* @sid: input SID
32	* @ctx: pointer to context reference
33	*
34	* Return a copy of the security context corresponding to the input
35	* @sid in the memory referenced by @ctx. The caller is expected to
36	* free the context with freecon(). Return %0 on success, -%1 on
37	* failure, with @errno set to %ENOMEM if insufficient memory was
38	* available to make the copy, or %EINVAL if the input SID is invalid.
39	*/
40	extern int avc_sid_to_context(security_id_t sid, char ** ctx);
41	extern int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
42
43	/**
44	* avc_context_to_sid - get SID for context.
45	* @ctx: input security context
46	* @sid: pointer to SID reference
47	*
48	* Look up security context @ctx in SID table, making
49	* a new entry if @ctx is not found. Increment the
50	* reference counter for the SID. Store a pointer
51	* to the SID structure into the memory referenced by @sid,
52	* returning %0 on success or -%1 on error with @errno set.
53	*/
54	extern int avc_context_to_sid(const char * ctx, security_id_t * sid);
55	extern int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
56
57	/**
58	* sidget - increment SID reference counter.
59	* @sid: SID reference
60	*
61	* Increment the reference counter for @sid, indicating that
62	* @sid is in use by an (additional) object. Return the
63	* new reference count, or zero if @sid is invalid (has zero
64	* reference count). Note that avc_context_to_sid() also
65	* increments reference counts.
66	*/
67	extern int sidget(security_id_t sid)
68	#ifdef __GNUC__
69	__attribute__ ((deprecated))
70	#endif
71	;
72
73	/**
74	* sidput - decrement SID reference counter.
75	* @sid: SID reference
76	*
77	* Decrement the reference counter for @sid, indicating that
78	* a reference to @sid is no longer in use. Return the
79	* new reference count. When the reference count reaches
80	* zero, the SID is invalid, and avc_context_to_sid() must
81	* be called to obtain a new SID for the security context.
82	*/
83	extern int sidput(security_id_t sid)
84	#ifdef __GNUC__
85	__attribute__ ((deprecated))
86	#endif
87	;
88
89	/**
90	* avc_get_initial_sid - get SID for an initial kernel security identifier
91	* @name: input name of initial kernel security identifier
92	* @sid: pointer to a SID reference
93	*
94	* Get the context for an initial kernel security identifier specified by
95	* @name using security_get_initial_context() and then call
96	* avc_context_to_sid() to get the corresponding SID.
97	*/
98	extern int avc_get_initial_sid(const char name, security_id_t sid);
99
100	/*
101	* AVC entry
102	*/
103	struct avc_entry;
104	struct avc_entry_ref {
105	struct avc_entry *ae;
106	};
107
108	/**
109	* avc_entry_ref_init - initialize an AVC entry reference.
110	* @aeref: pointer to avc entry reference structure
111	*
112	* Use this macro to initialize an avc entry reference structure
113	* before first use. These structures are passed to avc_has_perm(),
114	* which stores cache entry references in them. They can increase
115	* performance on repeated queries.
116	*/
117	#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
118
119	/*
120	* User-provided callbacks for memory, auditing, and locking
121	*/
122
123	/ These structures are passed by reference to avc_init(). Passing*
124	* a NULL reference will cause the AVC to use a default. The default
125	* memory callbacks are malloc() and free(). The default logging method
126	* is to print on stderr. If no thread callbacks are passed, a separate
127	* listening thread won't be started for kernel policy change messages.
128	* If no locking callbacks are passed, no locking will take place.
129	*/
130	struct avc_memory_callback {
131	/ malloc() equivalent. /
132	void (func_malloc) (size_t size);
133	/ free() equivalent. /
134	void (func_free) (void* *ptr);
135	/ Note that these functions should set errno on failure.*
136	If not, some avc routines may return -1 without errno set. /*
137	};
138
139	struct avc_log_callback {
140	/ log the printf-style format and arguments. /
141	void
142	#ifdef __GNUC__
143	__attribute__ ((format(printf, `1`, `2`)))
144	#endif
145	(func_log) (const* char *fmt, ...);
146	/ store a string representation of auditdata (corresponding*
147	to the given security class) into msgbuf. /*
148	void (func_audit) (void* *auditdata, security_class_t cls,
149	char *msgbuf, size_t msgbufsize);
150	};
151
152	struct avc_thread_callback {
153	/ create and start a thread, returning an opaque pointer to it;*
154	the thread should run the given function. /*
155	void (func_create_thread) (void (run) (void*));
156	/ cancel a given thread and free its resources. /
157	void (func_stop_thread) (void* *thread);
158	};
159
160	struct avc_lock_callback {
161	/ create a lock and return an opaque pointer to it. /
162	void (func_alloc_lock) (void);
163	/ obtain a given lock, blocking if necessary. /
164	void (func_get_lock) (void* *lock);
165	/ release a given lock. /
166	void (func_release_lock) (void* *lock);
167	/ destroy a given lock (free memory, etc.) /
168	void (func_free_lock) (void* *lock);
169	};
170
171	/*
172	* Available options
173	*/
174
175	/ no-op option, useful for unused slots in an array of options /
176	#define AVC_OPT_UNUSED 0
177	/ override kernel enforcing mode (boolean value) /
178	#define AVC_OPT_SETENFORCE 1
179
180	/*
181	* AVC operations
182	*/
183
184	/**
185	* avc_init - Initialize the AVC.
186	* @msgprefix: prefix for log messages
187	* @mem_callbacks: user-supplied memory callbacks
188	* @log_callbacks: user-supplied logging callbacks
189	* @thread_callbacks: user-supplied threading callbacks
190	* @lock_callbacks: user-supplied locking callbacks
191	*
192	* Initialize the access vector cache. Return %0 on
193	* success or -%1 with @errno set on failure.
194	* If @msgprefix is NULL, use "uavc". If any callback
195	* structure references are NULL, use default methods
196	* for those callbacks (see the definition of the callback
197	* structures above).
198	*/
199	extern int avc_init(const char *msgprefix,
200	const struct avc_memory_callback *mem_callbacks,
201	const struct avc_log_callback *log_callbacks,
202	const struct avc_thread_callback *thread_callbacks,
203	const struct avc_lock_callback *lock_callbacks)
204	#ifdef __GNUC__
205	__attribute__ ((deprecated("Use avc_open and selinux_set_callback")))
206	#endif
207	;
208
209	/**
210	* avc_open - Initialize the AVC.
211	* @opts: array of selabel_opt structures specifying AVC options or NULL.
212	* @nopts: number of elements in opts array or zero for no options.
213	*
214	* This function is identical to avc_init(), except the message prefix
215	* is set to "avc" and any callbacks desired should be specified via
216	* selinux_set_callback(). Available options are listed above.
217	*/
218	extern int avc_open(struct selinux_opt opts, unsigned* nopts);
219
220	/**
221	* avc_cleanup - Remove unused SIDs and AVC entries.
222	*
223	* Search the SID table for SID structures with zero
224	* reference counts, and remove them along with all
225	* AVC entries that reference them. This can be used
226	* to return memory to the system.
227	*/
228	extern void avc_cleanup(void);
229
230	/**
231	* avc_reset - Flush the cache and reset statistics.
232	*
233	* Remove all entries from the cache and reset all access
234	* statistics (as returned by avc_cache_stats()) to zero.
235	* The SID mapping is not affected. Return %0 on success,
236	* -%1 with @errno set on error.
237	*/
238	extern int avc_reset(void);
239
240	/**
241	* avc_destroy - Free all AVC structures.
242	*
243	* Destroy all AVC structures and free all allocated
244	* memory. User-supplied locking, memory, and audit
245	* callbacks will be retained, but security-event
246	* callbacks will not. All SID's will be invalidated.
247	* User must call avc_init() if further use of AVC is desired.
248	*/
249	extern void avc_destroy(void);
250
251	/**
252	* avc_has_perm_noaudit - Check permissions but perform no auditing.
253	* @ssid: source security identifier
254	* @tsid: target security identifier
255	* @tclass: target security class
256	* @requested: requested permissions, interpreted based on @tclass
257	* @aeref: AVC entry reference
258	* @avd: access vector decisions
259	*
260	* Check the AVC to determine whether the @requested permissions are granted
261	* for the SID pair (@ssid, @tsid), interpreting the permissions
262	* based on @tclass, and call the security server on a cache miss to obtain
263	* a new decision and add it to the cache. Update @aeref to refer to an AVC
264	* entry with the resulting decisions, and return a copy of the decisions
265	* in @avd. Return %0 if all @requested permissions are granted, -%1 with
266	* @errno set to %EACCES if any permissions are denied, or to another value
267	* upon other errors. This function is typically called by avc_has_perm(),
268	* but may also be called directly to separate permission checking from
269	* auditing, e.g. in cases where a lock must be held for the check but
270	* should be released for the auditing.
271	*/
272	extern int avc_has_perm_noaudit(security_id_t ssid,
273	security_id_t tsid,
274	security_class_t tclass,
275	access_vector_t requested,
276	struct avc_entry_ref aeref, struct* av_decision *avd);
277
278	/**
279	* avc_has_perm - Check permissions and perform any appropriate auditing.
280	* @ssid: source security identifier
281	* @tsid: target security identifier
282	* @tclass: target security class
283	* @requested: requested permissions, interpreted based on @tclass
284	* @aeref: AVC entry reference
285	* @auditdata: auxiliary audit data
286	*
287	* Check the AVC to determine whether the @requested permissions are granted
288	* for the SID pair (@ssid, @tsid), interpreting the permissions
289	* based on @tclass, and call the security server on a cache miss to obtain
290	* a new decision and add it to the cache. Update @aeref to refer to an AVC
291	* entry with the resulting decisions. Audit the granting or denial of
292	* permissions in accordance with the policy. Return %0 if all @requested
293	* permissions are granted, -%1 with @errno set to %EACCES if any permissions
294	* are denied or to another value upon other errors.
295	*/
296	extern int avc_has_perm(security_id_t ssid, security_id_t tsid,
297	security_class_t tclass, access_vector_t requested,
298	struct avc_entry_ref aeref, void* *auditdata);
299
300	/**
301	* avc_audit - Audit the granting or denial of permissions.
302	* @ssid: source security identifier
303	* @tsid: target security identifier
304	* @tclass: target security class
305	* @requested: requested permissions
306	* @avd: access vector decisions
307	* @result: result from avc_has_perm_noaudit
308	* @auditdata: auxiliary audit data
309	*
310	* Audit the granting or denial of permissions in accordance
311	* with the policy. This function is typically called by
312	* avc_has_perm() after a permission check, but can also be
313	* called directly by callers who use avc_has_perm_noaudit()
314	* in order to separate the permission check from the auditing.
315	* For example, this separation is useful when the permission check must
316	* be performed under a lock, to allow the lock to be released
317	* before calling the auditing code.
318	*/
319	extern void avc_audit(security_id_t ssid, security_id_t tsid,
320	security_class_t tclass, access_vector_t requested,
321	struct av_decision avd, int* result, void *auditdata);
322
323	/**
324	* avc_compute_create - Compute SID for labeling a new object.
325	* @ssid: source security identifier
326	* @tsid: target security identifier
327	* @tclass: target security class
328	* @newsid: pointer to SID reference
329	*
330	* Call the security server to obtain a context for labeling a
331	* new object. Look up the context in the SID table, making
332	* a new entry if not found. Increment the reference counter
333	* for the SID. Store a pointer to the SID structure into the
334	* memory referenced by @newsid, returning %0 on success or -%1 on
335	* error with @errno set.
336	*/
337	extern int avc_compute_create(security_id_t ssid,
338	security_id_t tsid,
339	security_class_t tclass, security_id_t * newsid);
340
341	/**
342	* avc_compute_member - Compute SID for polyinstantation.
343	* @ssid: source security identifier
344	* @tsid: target security identifier
345	* @tclass: target security class
346	* @newsid: pointer to SID reference
347	*
348	* Call the security server to obtain a context for labeling an
349	* object instance. Look up the context in the SID table, making
350	* a new entry if not found. Increment the reference counter
351	* for the SID. Store a pointer to the SID structure into the
352	* memory referenced by @newsid, returning %0 on success or -%1 on
353	* error with @errno set.
354	*/
355	extern int avc_compute_member(security_id_t ssid,
356	security_id_t tsid,
357	security_class_t tclass, security_id_t * newsid);
358
359	/*
360	* security event callback facility
361	*/
362
363	/ security events /
364	#define AVC_CALLBACK_GRANT 1
365	#define AVC_CALLBACK_TRY_REVOKE 2
366	#define AVC_CALLBACK_REVOKE 4
367	#define AVC_CALLBACK_RESET 8
368	#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
369	#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
370	#define AVC_CALLBACK_AUDITDENY_ENABLE 64
371	#define AVC_CALLBACK_AUDITDENY_DISABLE 128
372
373	/**
374	* avc_add_callback - Register a callback for security events.
375	* @callback: callback function
376	* @events: bitwise OR of desired security events
377	* @ssid: source security identifier or %SECSID_WILD
378	* @tsid: target security identifier or %SECSID_WILD
379	* @tclass: target security class
380	* @perms: permissions
381	*
382	* Register a callback function for events in the set @events
383	* related to the SID pair (@ssid, @tsid) and
384	* and the permissions @perms, interpreting
385	* @perms based on @tclass. Returns %0 on success or
386	* -%1 if insufficient memory exists to add the callback.
387	*/
388	extern int avc_add_callback(int (*callback)
389	(uint32_t event, security_id_t ssid,
390	security_id_t tsid, security_class_t tclass,
391	access_vector_t perms,
392	access_vector_t * out_retained),
393	uint32_t events, security_id_t ssid,
394	security_id_t tsid, security_class_t tclass,
395	access_vector_t perms);
396
397	/*
398	* AVC statistics
399	*/
400
401	/ If set, cache statistics are tracked. This may*
402	* become a compile-time option in the future.
403	*/
404	#define AVC_CACHE_STATS 1
405
406	struct avc_cache_stats {
407	unsigned entry_lookups;
408	unsigned entry_hits;
409	unsigned entry_misses;
410	unsigned entry_discards;
411	unsigned cav_lookups;
412	unsigned cav_hits;
413	unsigned cav_probes;
414	unsigned cav_misses;
415	};
416
417	/**
418	* avc_cache_stats - get cache access statistics.
419	* @stats: reference to statistics structure
420	*
421	* Fill the supplied structure with information about AVC
422	* activity since the last call to avc_init() or
423	* avc_reset(). See the structure definition for
424	* details.
425	*/
426	extern void avc_cache_stats(struct avc_cache_stats *stats);
427
428	/**
429	* avc_av_stats - log av table statistics.
430	*
431	* Log a message with information about the size and
432	* distribution of the access vector table. The audit
433	* callback is used to print the message.
434	*/
435	extern void avc_av_stats(void);
436
437	/**
438	* avc_sid_stats - log SID table statistics.
439	*
440	* Log a message with information about the size and
441	* distribution of the SID table. The audit callback
442	* is used to print the message.
443	*/
444	extern void avc_sid_stats(void);
445
446	/**
447	* avc_netlink_open - Create a netlink socket and connect to the kernel.
448	*/
449	extern int avc_netlink_open(int blocking);
450
451	/**
452	* avc_netlink_loop - Wait for netlink messages from the kernel
453	*/
454	extern void avc_netlink_loop(void);
455
456	/**
457	* avc_netlink_close - Close the netlink socket
458	*/
459	extern void avc_netlink_close(void);
460
461	/**
462	* avc_netlink_acquire_fd - Acquire netlink socket fd.
463	*
464	* Allows the application to manage messages from the netlink socket in
465	* its own main loop.
466	*/
467	extern int avc_netlink_acquire_fd(void);
468
469	/**
470	* avc_netlink_release_fd - Release netlink socket fd.
471	*
472	* Returns ownership of the netlink socket to the library.
473	*/
474	extern void avc_netlink_release_fd(void);
475
476	/**
477	* avc_netlink_check_nb - Check netlink socket for new messages.
478	*
479	* Called by the application when using avc_netlink_acquire_fd() to
480	* process kernel netlink events.
481	*/
482	extern int avc_netlink_check_nb(void);
483
484	/**
485	* selinux_status_open - Open and map SELinux kernel status page
486	*
487	*/
488	extern int selinux_status_open(int fallback);
489
490	/**
491	* selinux_status_close - Unmap and close SELinux kernel status page
492	*
493	*/
494	extern void selinux_status_close(void);
495
496	/**
497	* selinux_status_updated - Inform us whether the kernel status has been updated
498	*
499	*/
500	extern int selinux_status_updated(void);
501
502	/**
503	* selinux_status_getenforce - Get the enforce flag value
504	*
505	*/
506	extern int selinux_status_getenforce(void);
507
508	/**
509	* selinux_status_policyload - Get the number of policy reloaded
510	*
511	*/
512	extern int selinux_status_policyload(void);
513
514	/**
515	* selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
516	*
517	*/
518	extern int selinux_status_deny_unknown(void);
519
520	#ifdef __cplusplus
521	}
522	#endif
523	#endif /* _SELINUX_AVC_H_ */
524

source code of include/selinux/avc.h