root/security/selinux/ss/conditional.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM

   1 /* SPDX-License-Identifier: GPL-2.0-only */
   2 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
   3  *          Frank Mayer <mayerf@tresys.com>
   4  *
   5  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
   6  */
   7 
   8 #ifndef _CONDITIONAL_H_
   9 #define _CONDITIONAL_H_
  10 
  11 #include "avtab.h"
  12 #include "symtab.h"
  13 #include "policydb.h"
  14 #include "../include/conditional.h"
  15 
  16 #define COND_EXPR_MAXDEPTH 10
  17 
  18 /*
  19  * A conditional expression is a list of operators and operands
  20  * in reverse polish notation.
  21  */
  22 struct cond_expr {
  23 #define COND_BOOL       1 /* plain bool */
  24 #define COND_NOT        2 /* !bool */
  25 #define COND_OR         3 /* bool || bool */
  26 #define COND_AND        4 /* bool && bool */
  27 #define COND_XOR        5 /* bool ^ bool */
  28 #define COND_EQ         6 /* bool == bool */
  29 #define COND_NEQ        7 /* bool != bool */
  30 #define COND_LAST       COND_NEQ
  31         __u32 expr_type;
  32         __u32 bool;
  33         struct cond_expr *next;
  34 };
  35 
  36 /*
  37  * Each cond_node contains a list of rules to be enabled/disabled
  38  * depending on the current value of the conditional expression. This
  39  * struct is for that list.
  40  */
  41 struct cond_av_list {
  42         struct avtab_node *node;
  43         struct cond_av_list *next;
  44 };
  45 
  46 /*
  47  * A cond node represents a conditional block in a policy. It
  48  * contains a conditional expression, the current state of the expression,
  49  * two lists of rules to enable/disable depending on the value of the
  50  * expression (the true list corresponds to if and the false list corresponds
  51  * to else)..
  52  */
  53 struct cond_node {
  54         int cur_state;
  55         struct cond_expr *expr;
  56         struct cond_av_list *true_list;
  57         struct cond_av_list *false_list;
  58         struct cond_node *next;
  59 };
  60 
  61 int cond_policydb_init(struct policydb *p);
  62 void cond_policydb_destroy(struct policydb *p);
  63 
  64 int cond_init_bool_indexes(struct policydb *p);
  65 int cond_destroy_bool(void *key, void *datum, void *p);
  66 
  67 int cond_index_bool(void *key, void *datum, void *datap);
  68 
  69 int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
  70 int cond_read_list(struct policydb *p, void *fp);
  71 int cond_write_bool(void *key, void *datum, void *ptr);
  72 int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
  73 
  74 void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
  75                 struct av_decision *avd, struct extended_perms *xperms);
  76 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
  77                 struct extended_perms_decision *xpermd);
  78 int evaluate_cond_node(struct policydb *p, struct cond_node *node);
  79 
  80 #endif /* _CONDITIONAL_H_ */
/* [<][>][^][v][top][bottom][index][help] */