]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * A policy database (policydb) specifies the | |
3 | * configuration data for the security policy. | |
4 | * | |
5 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> | |
6 | */ | |
7 | ||
8 | /* | |
9 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | |
10 | * | |
11 | * Support for enhanced MLS infrastructure. | |
12 | * | |
13 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | |
14 | * | |
489a5fd7 | 15 | * Added conditional policy language extensions |
1da177e4 LT |
16 | * |
17 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | |
18 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | |
19 | * This program is free software; you can redistribute it and/or modify | |
489a5fd7 | 20 | * it under the terms of the GNU General Public License as published by |
1da177e4 LT |
21 | * the Free Software Foundation, version 2. |
22 | */ | |
23 | ||
24 | #ifndef _SS_POLICYDB_H_ | |
25 | #define _SS_POLICYDB_H_ | |
26 | ||
6371dcd3 EP |
27 | #include <linux/flex_array.h> |
28 | ||
1da177e4 LT |
29 | #include "symtab.h" |
30 | #include "avtab.h" | |
31 | #include "sidtab.h" | |
0719aaf5 GT |
32 | #include "ebitmap.h" |
33 | #include "mls_types.h" | |
1da177e4 LT |
34 | #include "context.h" |
35 | #include "constraint.h" | |
36 | ||
37 | /* | |
38 | * A datum type is defined for each kind of symbol | |
39 | * in the configuration data: individual permissions, | |
40 | * common prefixes for access vectors, classes, | |
41 | * users, roles, types, sensitivities, categories, etc. | |
42 | */ | |
43 | ||
44 | /* Permission attributes */ | |
45 | struct perm_datum { | |
46 | u32 value; /* permission bit + 1 */ | |
47 | }; | |
48 | ||
49 | /* Attributes of a common prefix for access vectors */ | |
50 | struct common_datum { | |
51 | u32 value; /* internal common value */ | |
52 | struct symtab permissions; /* common permissions */ | |
53 | }; | |
54 | ||
55 | /* Class attributes */ | |
56 | struct class_datum { | |
57 | u32 value; /* class value */ | |
58 | char *comkey; /* common name */ | |
59 | struct common_datum *comdatum; /* common datum */ | |
60 | struct symtab permissions; /* class-specific permission symbol table */ | |
61 | struct constraint_node *constraints; /* constraints on class permissions */ | |
62 | struct constraint_node *validatetrans; /* special transition rules */ | |
eed7795d | 63 | /* Options how a new object user, role, and type should be decided */ |
aa893269 EP |
64 | #define DEFAULT_SOURCE 1 |
65 | #define DEFAULT_TARGET 2 | |
66 | char default_user; | |
67 | char default_role; | |
eed7795d | 68 | char default_type; |
aa893269 EP |
69 | /* Options how a new object range should be decided */ |
70 | #define DEFAULT_SOURCE_LOW 1 | |
71 | #define DEFAULT_SOURCE_HIGH 2 | |
72 | #define DEFAULT_SOURCE_LOW_HIGH 3 | |
73 | #define DEFAULT_TARGET_LOW 4 | |
74 | #define DEFAULT_TARGET_HIGH 5 | |
75 | #define DEFAULT_TARGET_LOW_HIGH 6 | |
76 | char default_range; | |
1da177e4 LT |
77 | }; |
78 | ||
79 | /* Role attributes */ | |
80 | struct role_datum { | |
81 | u32 value; /* internal role value */ | |
d9250dea | 82 | u32 bounds; /* boundary of role */ |
1da177e4 LT |
83 | struct ebitmap dominates; /* set of roles dominated by this role */ |
84 | struct ebitmap types; /* set of authorized types for role */ | |
85 | }; | |
86 | ||
87 | struct role_trans { | |
88 | u32 role; /* current role */ | |
8023976c HC |
89 | u32 type; /* program executable type, or new object type */ |
90 | u32 tclass; /* process class, or new object class */ | |
1da177e4 LT |
91 | u32 new_role; /* new role */ |
92 | struct role_trans *next; | |
93 | }; | |
94 | ||
652bb9b0 | 95 | struct filename_trans { |
652bb9b0 EP |
96 | u32 stype; /* current process */ |
97 | u32 ttype; /* parent dir context */ | |
98 | u16 tclass; /* class of new object */ | |
99 | const char *name; /* last path component */ | |
2463c26d EP |
100 | }; |
101 | ||
102 | struct filename_trans_datum { | |
652bb9b0 EP |
103 | u32 otype; /* expected of new object */ |
104 | }; | |
105 | ||
1da177e4 LT |
106 | struct role_allow { |
107 | u32 role; /* current role */ | |
108 | u32 new_role; /* new role */ | |
109 | struct role_allow *next; | |
110 | }; | |
111 | ||
112 | /* Type attributes */ | |
113 | struct type_datum { | |
114 | u32 value; /* internal type value */ | |
d9250dea | 115 | u32 bounds; /* boundary of type */ |
1da177e4 | 116 | unsigned char primary; /* primary name? */ |
d9250dea | 117 | unsigned char attribute;/* attribute ?*/ |
1da177e4 LT |
118 | }; |
119 | ||
120 | /* User attributes */ | |
121 | struct user_datum { | |
122 | u32 value; /* internal user value */ | |
d9250dea | 123 | u32 bounds; /* bounds of user */ |
1da177e4 LT |
124 | struct ebitmap roles; /* set of authorized roles for user */ |
125 | struct mls_range range; /* MLS range (min - max) for user */ | |
126 | struct mls_level dfltlevel; /* default login MLS level for user */ | |
127 | }; | |
128 | ||
129 | ||
130 | /* Sensitivity attributes */ | |
131 | struct level_datum { | |
132 | struct mls_level *level; /* sensitivity and associated categories */ | |
133 | unsigned char isalias; /* is this sensitivity an alias for another? */ | |
134 | }; | |
135 | ||
136 | /* Category attributes */ | |
137 | struct cat_datum { | |
138 | u32 value; /* internal category bit + 1 */ | |
139 | unsigned char isalias; /* is this category an alias for another? */ | |
140 | }; | |
141 | ||
142 | struct range_trans { | |
f3f87714 DG |
143 | u32 source_type; |
144 | u32 target_type; | |
145 | u32 target_class; | |
1da177e4 LT |
146 | }; |
147 | ||
148 | /* Boolean data type */ | |
149 | struct cond_bool_datum { | |
150 | __u32 value; /* internal type value */ | |
151 | int state; | |
152 | }; | |
153 | ||
154 | struct cond_node; | |
155 | ||
a660bec1 RH |
156 | /* |
157 | * type set preserves data needed to determine constraint info from | |
158 | * policy source. This is not used by the kernel policy but allows | |
159 | * utilities such as audit2allow to determine constraint denials. | |
160 | */ | |
161 | struct type_set { | |
162 | struct ebitmap types; | |
163 | struct ebitmap negset; | |
164 | u32 flags; | |
165 | }; | |
166 | ||
1da177e4 LT |
167 | /* |
168 | * The configuration data includes security contexts for | |
169 | * initial SIDs, unlabeled file systems, TCP and UDP port numbers, | |
170 | * network interfaces, and nodes. This structure stores the | |
171 | * relevant data for one such entry. Entries of the same kind | |
172 | * (e.g. all initial SIDs) are linked together into a list. | |
173 | */ | |
174 | struct ocontext { | |
175 | union { | |
176 | char *name; /* name of initial SID, fs, netif, fstype, path */ | |
177 | struct { | |
178 | u8 protocol; | |
179 | u16 low_port; | |
180 | u16 high_port; | |
181 | } port; /* TCP or UDP port information */ | |
182 | struct { | |
183 | u32 addr; | |
184 | u32 mask; | |
185 | } node; /* node information */ | |
186 | struct { | |
187 | u32 addr[4]; | |
188 | u32 mask[4]; | |
189 | } node6; /* IPv6 node information */ | |
190 | } u; | |
191 | union { | |
192 | u32 sclass; /* security class for genfs */ | |
193 | u32 behavior; /* labeling behavior for fs_use */ | |
194 | } v; | |
195 | struct context context[2]; /* security context(s) */ | |
196 | u32 sid[2]; /* SID(s) */ | |
197 | struct ocontext *next; | |
198 | }; | |
199 | ||
200 | struct genfs { | |
201 | char *fstype; | |
202 | struct ocontext *head; | |
203 | struct genfs *next; | |
204 | }; | |
205 | ||
206 | /* symbol table array indices */ | |
207 | #define SYM_COMMONS 0 | |
208 | #define SYM_CLASSES 1 | |
209 | #define SYM_ROLES 2 | |
210 | #define SYM_TYPES 3 | |
211 | #define SYM_USERS 4 | |
212 | #define SYM_BOOLS 5 | |
213 | #define SYM_LEVELS 6 | |
214 | #define SYM_CATS 7 | |
215 | #define SYM_NUM 8 | |
216 | ||
217 | /* object context array indices */ | |
218 | #define OCON_ISID 0 /* initial SIDs */ | |
219 | #define OCON_FS 1 /* unlabeled file systems */ | |
220 | #define OCON_PORT 2 /* TCP and UDP port numbers */ | |
221 | #define OCON_NETIF 3 /* network interfaces */ | |
222 | #define OCON_NODE 4 /* nodes */ | |
223 | #define OCON_FSUSE 5 /* fs_use */ | |
224 | #define OCON_NODE6 6 /* IPv6 nodes */ | |
225 | #define OCON_NUM 7 | |
226 | ||
227 | /* The policy database */ | |
228 | struct policydb { | |
0719aaf5 GT |
229 | int mls_enabled; |
230 | ||
1da177e4 LT |
231 | /* symbol tables */ |
232 | struct symtab symtab[SYM_NUM]; | |
233 | #define p_commons symtab[SYM_COMMONS] | |
234 | #define p_classes symtab[SYM_CLASSES] | |
235 | #define p_roles symtab[SYM_ROLES] | |
236 | #define p_types symtab[SYM_TYPES] | |
237 | #define p_users symtab[SYM_USERS] | |
238 | #define p_bools symtab[SYM_BOOLS] | |
239 | #define p_levels symtab[SYM_LEVELS] | |
240 | #define p_cats symtab[SYM_CATS] | |
241 | ||
242 | /* symbol names indexed by (value - 1) */ | |
ac76c05b | 243 | struct flex_array *sym_val_to_name[SYM_NUM]; |
1da177e4 LT |
244 | |
245 | /* class, role, and user attributes indexed by (value - 1) */ | |
246 | struct class_datum **class_val_to_struct; | |
247 | struct role_datum **role_val_to_struct; | |
248 | struct user_datum **user_val_to_struct; | |
23bdecb0 | 249 | struct flex_array *type_val_to_struct_array; |
1da177e4 LT |
250 | |
251 | /* type enforcement access vectors and transitions */ | |
252 | struct avtab te_avtab; | |
253 | ||
254 | /* role transitions */ | |
255 | struct role_trans *role_tr; | |
256 | ||
2463c26d | 257 | /* file transitions with the last path component */ |
03a4c018 EP |
258 | /* quickly exclude lookups when parent ttype has no rules */ |
259 | struct ebitmap filename_trans_ttypes; | |
2463c26d EP |
260 | /* actual set of filename_trans rules */ |
261 | struct hashtab *filename_trans; | |
652bb9b0 | 262 | |
1da177e4 LT |
263 | /* bools indexed by (value - 1) */ |
264 | struct cond_bool_datum **bool_val_to_struct; | |
265 | /* type enforcement conditional access vectors and transitions */ | |
266 | struct avtab te_cond_avtab; | |
267 | /* linked list indexing te_cond_avtab by conditional */ | |
489a5fd7 | 268 | struct cond_node *cond_list; |
1da177e4 LT |
269 | |
270 | /* role allows */ | |
271 | struct role_allow *role_allow; | |
272 | ||
273 | /* security contexts of initial SIDs, unlabeled file systems, | |
274 | TCP or UDP port numbers, network interfaces and nodes */ | |
275 | struct ocontext *ocontexts[OCON_NUM]; | |
276 | ||
489a5fd7 | 277 | /* security contexts for files in filesystems that cannot support |
1da177e4 LT |
278 | a persistent label mapping or use another |
279 | fixed labeling behavior. */ | |
489a5fd7 | 280 | struct genfs *genfs; |
1da177e4 | 281 | |
2f3e82d6 SS |
282 | /* range transitions table (range_trans_key -> mls_range) */ |
283 | struct hashtab *range_tr; | |
1da177e4 | 284 | |
782ebb99 | 285 | /* type -> attribute reverse mapping */ |
6371dcd3 | 286 | struct flex_array *type_attr_map_array; |
782ebb99 | 287 | |
3bb56b25 PM |
288 | struct ebitmap policycaps; |
289 | ||
64dbf074 EP |
290 | struct ebitmap permissive_map; |
291 | ||
cee74f47 EP |
292 | /* length of this policy when it was loaded */ |
293 | size_t len; | |
294 | ||
1da177e4 | 295 | unsigned int policyvers; |
3f12070e EP |
296 | |
297 | unsigned int reject_unknown : 1; | |
298 | unsigned int allow_unknown : 1; | |
c6d3aaa4 SS |
299 | |
300 | u16 process_class; | |
301 | u32 process_trans_perms; | |
1da177e4 LT |
302 | }; |
303 | ||
304 | extern void policydb_destroy(struct policydb *p); | |
305 | extern int policydb_load_isids(struct policydb *p, struct sidtab *s); | |
306 | extern int policydb_context_isvalid(struct policydb *p, struct context *c); | |
45e5421e SS |
307 | extern int policydb_class_isvalid(struct policydb *p, unsigned int class); |
308 | extern int policydb_type_isvalid(struct policydb *p, unsigned int type); | |
309 | extern int policydb_role_isvalid(struct policydb *p, unsigned int role); | |
1da177e4 | 310 | extern int policydb_read(struct policydb *p, void *fp); |
cee74f47 | 311 | extern int policydb_write(struct policydb *p, void *fp); |
1da177e4 LT |
312 | |
313 | #define PERM_SYMTAB_SIZE 32 | |
314 | ||
315 | #define POLICYDB_CONFIG_MLS 1 | |
316 | ||
3f12070e EP |
317 | /* the config flags related to unknown classes/perms are bits 2 and 3 */ |
318 | #define REJECT_UNKNOWN 0x00000002 | |
319 | #define ALLOW_UNKNOWN 0x00000004 | |
320 | ||
1da177e4 LT |
321 | #define OBJECT_R "object_r" |
322 | #define OBJECT_R_VAL 1 | |
323 | ||
324 | #define POLICYDB_MAGIC SELINUX_MAGIC | |
325 | #define POLICYDB_STRING "SE Linux" | |
326 | ||
327 | struct policy_file { | |
328 | char *data; | |
329 | size_t len; | |
330 | }; | |
331 | ||
cee74f47 EP |
332 | struct policy_data { |
333 | struct policydb *p; | |
334 | void *fp; | |
335 | }; | |
336 | ||
1da177e4 LT |
337 | static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) |
338 | { | |
339 | if (bytes > fp->len) | |
340 | return -EINVAL; | |
341 | ||
342 | memcpy(buf, fp->data, bytes); | |
343 | fp->data += bytes; | |
344 | fp->len -= bytes; | |
345 | return 0; | |
346 | } | |
347 | ||
652bb9b0 | 348 | static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) |
cee74f47 EP |
349 | { |
350 | size_t len = bytes * num; | |
351 | ||
352 | memcpy(fp->data, buf, len); | |
353 | fp->data += len; | |
354 | fp->len -= len; | |
355 | ||
356 | return 0; | |
357 | } | |
358 | ||
ac76c05b EP |
359 | static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr) |
360 | { | |
361 | struct flex_array *fa = p->sym_val_to_name[sym_num]; | |
362 | ||
363 | return flex_array_get_ptr(fa, element_nr); | |
364 | } | |
365 | ||
c6d3aaa4 SS |
366 | extern u16 string_to_security_class(struct policydb *p, const char *name); |
367 | extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); | |
368 | ||
1da177e4 LT |
369 | #endif /* _SS_POLICYDB_H_ */ |
370 |