]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * A policy database (policydb) specifies the | |
3 | * configuration data for the security policy. | |
4 | * | |
7efbb60b | 5 | * Author : Stephen Smalley, <sds@tycho.nsa.gov> |
1da177e4 LT |
6 | */ |
7 | ||
8 | /* | |
9 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | |
10 | * | |
11 | * Support for enhanced MLS infrastructure. | |
12 | * | |
13 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | |
14 | * | |
489a5fd7 | 15 | * Added conditional policy language extensions |
1da177e4 LT |
16 | * |
17 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | |
18 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | |
19 | * This program is free software; you can redistribute it and/or modify | |
489a5fd7 | 20 | * it under the terms of the GNU General Public License as published by |
1da177e4 LT |
21 | * the Free Software Foundation, version 2. |
22 | */ | |
23 | ||
24 | #ifndef _SS_POLICYDB_H_ | |
25 | #define _SS_POLICYDB_H_ | |
26 | ||
27 | #include "symtab.h" | |
28 | #include "avtab.h" | |
29 | #include "sidtab.h" | |
0719aaf5 GT |
30 | #include "ebitmap.h" |
31 | #include "mls_types.h" | |
1da177e4 LT |
32 | #include "context.h" |
33 | #include "constraint.h" | |
34 | ||
35 | /* | |
36 | * A datum type is defined for each kind of symbol | |
37 | * in the configuration data: individual permissions, | |
38 | * common prefixes for access vectors, classes, | |
39 | * users, roles, types, sensitivities, categories, etc. | |
40 | */ | |
41 | ||
42 | /* Permission attributes */ | |
43 | struct perm_datum { | |
44 | u32 value; /* permission bit + 1 */ | |
45 | }; | |
46 | ||
47 | /* Attributes of a common prefix for access vectors */ | |
48 | struct common_datum { | |
49 | u32 value; /* internal common value */ | |
50 | struct symtab permissions; /* common permissions */ | |
51 | }; | |
52 | ||
53 | /* Class attributes */ | |
54 | struct class_datum { | |
55 | u32 value; /* class value */ | |
56 | char *comkey; /* common name */ | |
57 | struct common_datum *comdatum; /* common datum */ | |
58 | struct symtab permissions; /* class-specific permission symbol table */ | |
59 | struct constraint_node *constraints; /* constraints on class permissions */ | |
60 | struct constraint_node *validatetrans; /* special transition rules */ | |
eed7795d | 61 | /* Options how a new object user, role, and type should be decided */ |
aa893269 EP |
62 | #define DEFAULT_SOURCE 1 |
63 | #define DEFAULT_TARGET 2 | |
64 | char default_user; | |
65 | char default_role; | |
eed7795d | 66 | char default_type; |
aa893269 EP |
67 | /* Options how a new object range should be decided */ |
68 | #define DEFAULT_SOURCE_LOW 1 | |
69 | #define DEFAULT_SOURCE_HIGH 2 | |
70 | #define DEFAULT_SOURCE_LOW_HIGH 3 | |
71 | #define DEFAULT_TARGET_LOW 4 | |
72 | #define DEFAULT_TARGET_HIGH 5 | |
73 | #define DEFAULT_TARGET_LOW_HIGH 6 | |
74 | char default_range; | |
1da177e4 LT |
75 | }; |
76 | ||
77 | /* Role attributes */ | |
78 | struct role_datum { | |
79 | u32 value; /* internal role value */ | |
d9250dea | 80 | u32 bounds; /* boundary of role */ |
1da177e4 LT |
81 | struct ebitmap dominates; /* set of roles dominated by this role */ |
82 | struct ebitmap types; /* set of authorized types for role */ | |
83 | }; | |
84 | ||
85 | struct role_trans { | |
86 | u32 role; /* current role */ | |
8023976c HC |
87 | u32 type; /* program executable type, or new object type */ |
88 | u32 tclass; /* process class, or new object class */ | |
1da177e4 LT |
89 | u32 new_role; /* new role */ |
90 | struct role_trans *next; | |
91 | }; | |
92 | ||
652bb9b0 | 93 | struct filename_trans { |
652bb9b0 EP |
94 | u32 stype; /* current process */ |
95 | u32 ttype; /* parent dir context */ | |
96 | u16 tclass; /* class of new object */ | |
97 | const char *name; /* last path component */ | |
2463c26d EP |
98 | }; |
99 | ||
100 | struct filename_trans_datum { | |
652bb9b0 EP |
101 | u32 otype; /* expected of new object */ |
102 | }; | |
103 | ||
1da177e4 LT |
104 | struct role_allow { |
105 | u32 role; /* current role */ | |
106 | u32 new_role; /* new role */ | |
107 | struct role_allow *next; | |
108 | }; | |
109 | ||
110 | /* Type attributes */ | |
111 | struct type_datum { | |
112 | u32 value; /* internal type value */ | |
d9250dea | 113 | u32 bounds; /* boundary of type */ |
1da177e4 | 114 | unsigned char primary; /* primary name? */ |
d9250dea | 115 | unsigned char attribute;/* attribute ?*/ |
1da177e4 LT |
116 | }; |
117 | ||
118 | /* User attributes */ | |
119 | struct user_datum { | |
120 | u32 value; /* internal user value */ | |
d9250dea | 121 | u32 bounds; /* bounds of user */ |
1da177e4 LT |
122 | struct ebitmap roles; /* set of authorized roles for user */ |
123 | struct mls_range range; /* MLS range (min - max) for user */ | |
124 | struct mls_level dfltlevel; /* default login MLS level for user */ | |
125 | }; | |
126 | ||
127 | ||
128 | /* Sensitivity attributes */ | |
129 | struct level_datum { | |
130 | struct mls_level *level; /* sensitivity and associated categories */ | |
131 | unsigned char isalias; /* is this sensitivity an alias for another? */ | |
132 | }; | |
133 | ||
134 | /* Category attributes */ | |
135 | struct cat_datum { | |
136 | u32 value; /* internal category bit + 1 */ | |
137 | unsigned char isalias; /* is this category an alias for another? */ | |
138 | }; | |
139 | ||
140 | struct range_trans { | |
f3f87714 DG |
141 | u32 source_type; |
142 | u32 target_type; | |
143 | u32 target_class; | |
1da177e4 LT |
144 | }; |
145 | ||
146 | /* Boolean data type */ | |
147 | struct cond_bool_datum { | |
148 | __u32 value; /* internal type value */ | |
149 | int state; | |
150 | }; | |
151 | ||
152 | struct cond_node; | |
153 | ||
a660bec1 RH |
154 | /* |
155 | * type set preserves data needed to determine constraint info from | |
156 | * policy source. This is not used by the kernel policy but allows | |
157 | * utilities such as audit2allow to determine constraint denials. | |
158 | */ | |
159 | struct type_set { | |
160 | struct ebitmap types; | |
161 | struct ebitmap negset; | |
162 | u32 flags; | |
163 | }; | |
164 | ||
1da177e4 LT |
165 | /* |
166 | * The configuration data includes security contexts for | |
167 | * initial SIDs, unlabeled file systems, TCP and UDP port numbers, | |
168 | * network interfaces, and nodes. This structure stores the | |
169 | * relevant data for one such entry. Entries of the same kind | |
170 | * (e.g. all initial SIDs) are linked together into a list. | |
171 | */ | |
172 | struct ocontext { | |
173 | union { | |
174 | char *name; /* name of initial SID, fs, netif, fstype, path */ | |
175 | struct { | |
176 | u8 protocol; | |
177 | u16 low_port; | |
178 | u16 high_port; | |
179 | } port; /* TCP or UDP port information */ | |
180 | struct { | |
181 | u32 addr; | |
182 | u32 mask; | |
183 | } node; /* node information */ | |
184 | struct { | |
185 | u32 addr[4]; | |
186 | u32 mask[4]; | |
187 | } node6; /* IPv6 node information */ | |
a806f7a1 DJ |
188 | struct { |
189 | u64 subnet_prefix; | |
190 | u16 low_pkey; | |
191 | u16 high_pkey; | |
192 | } ibpkey; | |
193 | struct { | |
194 | char *dev_name; | |
195 | u8 port; | |
196 | } ibendport; | |
1da177e4 LT |
197 | } u; |
198 | union { | |
199 | u32 sclass; /* security class for genfs */ | |
200 | u32 behavior; /* labeling behavior for fs_use */ | |
201 | } v; | |
202 | struct context context[2]; /* security context(s) */ | |
203 | u32 sid[2]; /* SID(s) */ | |
204 | struct ocontext *next; | |
205 | }; | |
206 | ||
207 | struct genfs { | |
208 | char *fstype; | |
209 | struct ocontext *head; | |
210 | struct genfs *next; | |
211 | }; | |
212 | ||
213 | /* symbol table array indices */ | |
214 | #define SYM_COMMONS 0 | |
215 | #define SYM_CLASSES 1 | |
216 | #define SYM_ROLES 2 | |
217 | #define SYM_TYPES 3 | |
218 | #define SYM_USERS 4 | |
219 | #define SYM_BOOLS 5 | |
220 | #define SYM_LEVELS 6 | |
221 | #define SYM_CATS 7 | |
222 | #define SYM_NUM 8 | |
223 | ||
224 | /* object context array indices */ | |
a806f7a1 DJ |
225 | #define OCON_ISID 0 /* initial SIDs */ |
226 | #define OCON_FS 1 /* unlabeled file systems */ | |
227 | #define OCON_PORT 2 /* TCP and UDP port numbers */ | |
228 | #define OCON_NETIF 3 /* network interfaces */ | |
229 | #define OCON_NODE 4 /* nodes */ | |
230 | #define OCON_FSUSE 5 /* fs_use */ | |
231 | #define OCON_NODE6 6 /* IPv6 nodes */ | |
232 | #define OCON_IBPKEY 7 /* Infiniband PKeys */ | |
233 | #define OCON_IBENDPORT 8 /* Infiniband end ports */ | |
234 | #define OCON_NUM 9 | |
1da177e4 LT |
235 | |
236 | /* The policy database */ | |
237 | struct policydb { | |
0719aaf5 GT |
238 | int mls_enabled; |
239 | ||
1da177e4 LT |
240 | /* symbol tables */ |
241 | struct symtab symtab[SYM_NUM]; | |
242 | #define p_commons symtab[SYM_COMMONS] | |
243 | #define p_classes symtab[SYM_CLASSES] | |
244 | #define p_roles symtab[SYM_ROLES] | |
245 | #define p_types symtab[SYM_TYPES] | |
246 | #define p_users symtab[SYM_USERS] | |
247 | #define p_bools symtab[SYM_BOOLS] | |
248 | #define p_levels symtab[SYM_LEVELS] | |
249 | #define p_cats symtab[SYM_CATS] | |
250 | ||
251 | /* symbol names indexed by (value - 1) */ | |
acdf52d9 | 252 | char **sym_val_to_name[SYM_NUM]; |
1da177e4 LT |
253 | |
254 | /* class, role, and user attributes indexed by (value - 1) */ | |
255 | struct class_datum **class_val_to_struct; | |
256 | struct role_datum **role_val_to_struct; | |
257 | struct user_datum **user_val_to_struct; | |
acdf52d9 | 258 | struct type_datum **type_val_to_struct_array; |
1da177e4 LT |
259 | |
260 | /* type enforcement access vectors and transitions */ | |
261 | struct avtab te_avtab; | |
262 | ||
263 | /* role transitions */ | |
264 | struct role_trans *role_tr; | |
265 | ||
2463c26d | 266 | /* file transitions with the last path component */ |
03a4c018 EP |
267 | /* quickly exclude lookups when parent ttype has no rules */ |
268 | struct ebitmap filename_trans_ttypes; | |
2463c26d EP |
269 | /* actual set of filename_trans rules */ |
270 | struct hashtab *filename_trans; | |
652bb9b0 | 271 | |
1da177e4 LT |
272 | /* bools indexed by (value - 1) */ |
273 | struct cond_bool_datum **bool_val_to_struct; | |
274 | /* type enforcement conditional access vectors and transitions */ | |
275 | struct avtab te_cond_avtab; | |
276 | /* linked list indexing te_cond_avtab by conditional */ | |
489a5fd7 | 277 | struct cond_node *cond_list; |
1da177e4 LT |
278 | |
279 | /* role allows */ | |
280 | struct role_allow *role_allow; | |
281 | ||
282 | /* security contexts of initial SIDs, unlabeled file systems, | |
283 | TCP or UDP port numbers, network interfaces and nodes */ | |
284 | struct ocontext *ocontexts[OCON_NUM]; | |
285 | ||
489a5fd7 | 286 | /* security contexts for files in filesystems that cannot support |
1da177e4 LT |
287 | a persistent label mapping or use another |
288 | fixed labeling behavior. */ | |
489a5fd7 | 289 | struct genfs *genfs; |
1da177e4 | 290 | |
2f3e82d6 SS |
291 | /* range transitions table (range_trans_key -> mls_range) */ |
292 | struct hashtab *range_tr; | |
1da177e4 | 293 | |
782ebb99 | 294 | /* type -> attribute reverse mapping */ |
acdf52d9 | 295 | struct ebitmap *type_attr_map_array; |
782ebb99 | 296 | |
3bb56b25 PM |
297 | struct ebitmap policycaps; |
298 | ||
64dbf074 EP |
299 | struct ebitmap permissive_map; |
300 | ||
cee74f47 EP |
301 | /* length of this policy when it was loaded */ |
302 | size_t len; | |
303 | ||
1da177e4 | 304 | unsigned int policyvers; |
3f12070e EP |
305 | |
306 | unsigned int reject_unknown : 1; | |
307 | unsigned int allow_unknown : 1; | |
c6d3aaa4 SS |
308 | |
309 | u16 process_class; | |
310 | u32 process_trans_perms; | |
1da177e4 LT |
311 | }; |
312 | ||
313 | extern void policydb_destroy(struct policydb *p); | |
314 | extern int policydb_load_isids(struct policydb *p, struct sidtab *s); | |
315 | extern int policydb_context_isvalid(struct policydb *p, struct context *c); | |
45e5421e SS |
316 | extern int policydb_class_isvalid(struct policydb *p, unsigned int class); |
317 | extern int policydb_type_isvalid(struct policydb *p, unsigned int type); | |
318 | extern int policydb_role_isvalid(struct policydb *p, unsigned int role); | |
1da177e4 | 319 | extern int policydb_read(struct policydb *p, void *fp); |
cee74f47 | 320 | extern int policydb_write(struct policydb *p, void *fp); |
1da177e4 LT |
321 | |
322 | #define PERM_SYMTAB_SIZE 32 | |
323 | ||
324 | #define POLICYDB_CONFIG_MLS 1 | |
325 | ||
3f12070e EP |
326 | /* the config flags related to unknown classes/perms are bits 2 and 3 */ |
327 | #define REJECT_UNKNOWN 0x00000002 | |
328 | #define ALLOW_UNKNOWN 0x00000004 | |
329 | ||
1da177e4 LT |
330 | #define OBJECT_R "object_r" |
331 | #define OBJECT_R_VAL 1 | |
332 | ||
333 | #define POLICYDB_MAGIC SELINUX_MAGIC | |
334 | #define POLICYDB_STRING "SE Linux" | |
335 | ||
336 | struct policy_file { | |
337 | char *data; | |
338 | size_t len; | |
339 | }; | |
340 | ||
cee74f47 EP |
341 | struct policy_data { |
342 | struct policydb *p; | |
343 | void *fp; | |
344 | }; | |
345 | ||
1da177e4 LT |
346 | static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) |
347 | { | |
348 | if (bytes > fp->len) | |
349 | return -EINVAL; | |
350 | ||
351 | memcpy(buf, fp->data, bytes); | |
352 | fp->data += bytes; | |
353 | fp->len -= bytes; | |
354 | return 0; | |
355 | } | |
356 | ||
652bb9b0 | 357 | static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) |
cee74f47 EP |
358 | { |
359 | size_t len = bytes * num; | |
360 | ||
361 | memcpy(fp->data, buf, len); | |
362 | fp->data += len; | |
363 | fp->len -= len; | |
364 | ||
365 | return 0; | |
366 | } | |
367 | ||
ac76c05b EP |
368 | static inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr) |
369 | { | |
acdf52d9 | 370 | return p->sym_val_to_name[sym_num][element_nr]; |
ac76c05b EP |
371 | } |
372 | ||
c6d3aaa4 SS |
373 | extern u16 string_to_security_class(struct policydb *p, const char *name); |
374 | extern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); | |
375 | ||
1da177e4 LT |
376 | #endif /* _SS_POLICYDB_H_ */ |
377 |