18c2ecf20Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */ 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * A policy database (policydb) specifies the 48c2ecf20Sopenharmony_ci * configuration data for the security policy. 58c2ecf20Sopenharmony_ci * 68c2ecf20Sopenharmony_ci * Author : Stephen Smalley, <sds@tycho.nsa.gov> 78c2ecf20Sopenharmony_ci */ 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ci/* 108c2ecf20Sopenharmony_ci * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 118c2ecf20Sopenharmony_ci * 128c2ecf20Sopenharmony_ci * Support for enhanced MLS infrastructure. 138c2ecf20Sopenharmony_ci * 148c2ecf20Sopenharmony_ci * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 158c2ecf20Sopenharmony_ci * 168c2ecf20Sopenharmony_ci * Added conditional policy language extensions 178c2ecf20Sopenharmony_ci * 188c2ecf20Sopenharmony_ci * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 198c2ecf20Sopenharmony_ci * Copyright (C) 2003 - 2004 Tresys Technology, LLC 208c2ecf20Sopenharmony_ci */ 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci#ifndef _SS_POLICYDB_H_ 238c2ecf20Sopenharmony_ci#define _SS_POLICYDB_H_ 248c2ecf20Sopenharmony_ci 258c2ecf20Sopenharmony_ci#include "symtab.h" 268c2ecf20Sopenharmony_ci#include "avtab.h" 278c2ecf20Sopenharmony_ci#include "sidtab.h" 288c2ecf20Sopenharmony_ci#include "ebitmap.h" 298c2ecf20Sopenharmony_ci#include "mls_types.h" 308c2ecf20Sopenharmony_ci#include "context.h" 318c2ecf20Sopenharmony_ci#include "constraint.h" 328c2ecf20Sopenharmony_ci 338c2ecf20Sopenharmony_ci/* 348c2ecf20Sopenharmony_ci * A datum type is defined for each kind of symbol 358c2ecf20Sopenharmony_ci * in the configuration data: individual permissions, 368c2ecf20Sopenharmony_ci * common prefixes for access vectors, classes, 378c2ecf20Sopenharmony_ci * users, roles, types, sensitivities, categories, etc. 388c2ecf20Sopenharmony_ci */ 398c2ecf20Sopenharmony_ci 408c2ecf20Sopenharmony_ci/* Permission attributes */ 418c2ecf20Sopenharmony_cistruct perm_datum { 428c2ecf20Sopenharmony_ci u32 value; /* permission bit + 1 */ 438c2ecf20Sopenharmony_ci}; 448c2ecf20Sopenharmony_ci 458c2ecf20Sopenharmony_ci/* Attributes of a common prefix for access vectors */ 468c2ecf20Sopenharmony_cistruct common_datum { 478c2ecf20Sopenharmony_ci u32 value; /* internal common value */ 488c2ecf20Sopenharmony_ci struct symtab permissions; /* common permissions */ 498c2ecf20Sopenharmony_ci}; 508c2ecf20Sopenharmony_ci 518c2ecf20Sopenharmony_ci/* Class attributes */ 528c2ecf20Sopenharmony_cistruct class_datum { 538c2ecf20Sopenharmony_ci u32 value; /* class value */ 548c2ecf20Sopenharmony_ci char *comkey; /* common name */ 558c2ecf20Sopenharmony_ci struct common_datum *comdatum; /* common datum */ 568c2ecf20Sopenharmony_ci struct symtab permissions; /* class-specific permission symbol table */ 578c2ecf20Sopenharmony_ci struct constraint_node *constraints; /* constraints on class permissions */ 588c2ecf20Sopenharmony_ci struct constraint_node *validatetrans; /* special transition rules */ 598c2ecf20Sopenharmony_ci/* Options how a new object user, role, and type should be decided */ 608c2ecf20Sopenharmony_ci#define DEFAULT_SOURCE 1 618c2ecf20Sopenharmony_ci#define DEFAULT_TARGET 2 628c2ecf20Sopenharmony_ci char default_user; 638c2ecf20Sopenharmony_ci char default_role; 648c2ecf20Sopenharmony_ci char default_type; 658c2ecf20Sopenharmony_ci/* Options how a new object range should be decided */ 668c2ecf20Sopenharmony_ci#define DEFAULT_SOURCE_LOW 1 678c2ecf20Sopenharmony_ci#define DEFAULT_SOURCE_HIGH 2 688c2ecf20Sopenharmony_ci#define DEFAULT_SOURCE_LOW_HIGH 3 698c2ecf20Sopenharmony_ci#define DEFAULT_TARGET_LOW 4 708c2ecf20Sopenharmony_ci#define DEFAULT_TARGET_HIGH 5 718c2ecf20Sopenharmony_ci#define DEFAULT_TARGET_LOW_HIGH 6 728c2ecf20Sopenharmony_ci#define DEFAULT_GLBLUB 7 738c2ecf20Sopenharmony_ci char default_range; 748c2ecf20Sopenharmony_ci}; 758c2ecf20Sopenharmony_ci 768c2ecf20Sopenharmony_ci/* Role attributes */ 778c2ecf20Sopenharmony_cistruct role_datum { 788c2ecf20Sopenharmony_ci u32 value; /* internal role value */ 798c2ecf20Sopenharmony_ci u32 bounds; /* boundary of role */ 808c2ecf20Sopenharmony_ci struct ebitmap dominates; /* set of roles dominated by this role */ 818c2ecf20Sopenharmony_ci struct ebitmap types; /* set of authorized types for role */ 828c2ecf20Sopenharmony_ci}; 838c2ecf20Sopenharmony_ci 848c2ecf20Sopenharmony_cistruct role_trans_key { 858c2ecf20Sopenharmony_ci u32 role; /* current role */ 868c2ecf20Sopenharmony_ci u32 type; /* program executable type, or new object type */ 878c2ecf20Sopenharmony_ci u32 tclass; /* process class, or new object class */ 888c2ecf20Sopenharmony_ci}; 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_cistruct role_trans_datum { 918c2ecf20Sopenharmony_ci u32 new_role; /* new role */ 928c2ecf20Sopenharmony_ci}; 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_cistruct filename_trans_key { 958c2ecf20Sopenharmony_ci u32 ttype; /* parent dir context */ 968c2ecf20Sopenharmony_ci u16 tclass; /* class of new object */ 978c2ecf20Sopenharmony_ci const char *name; /* last path component */ 988c2ecf20Sopenharmony_ci}; 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_cistruct filename_trans_datum { 1018c2ecf20Sopenharmony_ci struct ebitmap stypes; /* bitmap of source types for this otype */ 1028c2ecf20Sopenharmony_ci u32 otype; /* resulting type of new object */ 1038c2ecf20Sopenharmony_ci struct filename_trans_datum *next; /* record for next otype*/ 1048c2ecf20Sopenharmony_ci}; 1058c2ecf20Sopenharmony_ci 1068c2ecf20Sopenharmony_cistruct role_allow { 1078c2ecf20Sopenharmony_ci u32 role; /* current role */ 1088c2ecf20Sopenharmony_ci u32 new_role; /* new role */ 1098c2ecf20Sopenharmony_ci struct role_allow *next; 1108c2ecf20Sopenharmony_ci}; 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_ci/* Type attributes */ 1138c2ecf20Sopenharmony_cistruct type_datum { 1148c2ecf20Sopenharmony_ci u32 value; /* internal type value */ 1158c2ecf20Sopenharmony_ci u32 bounds; /* boundary of type */ 1168c2ecf20Sopenharmony_ci unsigned char primary; /* primary name? */ 1178c2ecf20Sopenharmony_ci unsigned char attribute;/* attribute ?*/ 1188c2ecf20Sopenharmony_ci}; 1198c2ecf20Sopenharmony_ci 1208c2ecf20Sopenharmony_ci/* User attributes */ 1218c2ecf20Sopenharmony_cistruct user_datum { 1228c2ecf20Sopenharmony_ci u32 value; /* internal user value */ 1238c2ecf20Sopenharmony_ci u32 bounds; /* bounds of user */ 1248c2ecf20Sopenharmony_ci struct ebitmap roles; /* set of authorized roles for user */ 1258c2ecf20Sopenharmony_ci struct mls_range range; /* MLS range (min - max) for user */ 1268c2ecf20Sopenharmony_ci struct mls_level dfltlevel; /* default login MLS level for user */ 1278c2ecf20Sopenharmony_ci}; 1288c2ecf20Sopenharmony_ci 1298c2ecf20Sopenharmony_ci 1308c2ecf20Sopenharmony_ci/* Sensitivity attributes */ 1318c2ecf20Sopenharmony_cistruct level_datum { 1328c2ecf20Sopenharmony_ci struct mls_level *level; /* sensitivity and associated categories */ 1338c2ecf20Sopenharmony_ci unsigned char isalias; /* is this sensitivity an alias for another? */ 1348c2ecf20Sopenharmony_ci}; 1358c2ecf20Sopenharmony_ci 1368c2ecf20Sopenharmony_ci/* Category attributes */ 1378c2ecf20Sopenharmony_cistruct cat_datum { 1388c2ecf20Sopenharmony_ci u32 value; /* internal category bit + 1 */ 1398c2ecf20Sopenharmony_ci unsigned char isalias; /* is this category an alias for another? */ 1408c2ecf20Sopenharmony_ci}; 1418c2ecf20Sopenharmony_ci 1428c2ecf20Sopenharmony_cistruct range_trans { 1438c2ecf20Sopenharmony_ci u32 source_type; 1448c2ecf20Sopenharmony_ci u32 target_type; 1458c2ecf20Sopenharmony_ci u32 target_class; 1468c2ecf20Sopenharmony_ci}; 1478c2ecf20Sopenharmony_ci 1488c2ecf20Sopenharmony_ci/* Boolean data type */ 1498c2ecf20Sopenharmony_cistruct cond_bool_datum { 1508c2ecf20Sopenharmony_ci __u32 value; /* internal type value */ 1518c2ecf20Sopenharmony_ci int state; 1528c2ecf20Sopenharmony_ci}; 1538c2ecf20Sopenharmony_ci 1548c2ecf20Sopenharmony_cistruct cond_node; 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ci/* 1578c2ecf20Sopenharmony_ci * type set preserves data needed to determine constraint info from 1588c2ecf20Sopenharmony_ci * policy source. This is not used by the kernel policy but allows 1598c2ecf20Sopenharmony_ci * utilities such as audit2allow to determine constraint denials. 1608c2ecf20Sopenharmony_ci */ 1618c2ecf20Sopenharmony_cistruct type_set { 1628c2ecf20Sopenharmony_ci struct ebitmap types; 1638c2ecf20Sopenharmony_ci struct ebitmap negset; 1648c2ecf20Sopenharmony_ci u32 flags; 1658c2ecf20Sopenharmony_ci}; 1668c2ecf20Sopenharmony_ci 1678c2ecf20Sopenharmony_ci/* 1688c2ecf20Sopenharmony_ci * The configuration data includes security contexts for 1698c2ecf20Sopenharmony_ci * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 1708c2ecf20Sopenharmony_ci * network interfaces, and nodes. This structure stores the 1718c2ecf20Sopenharmony_ci * relevant data for one such entry. Entries of the same kind 1728c2ecf20Sopenharmony_ci * (e.g. all initial SIDs) are linked together into a list. 1738c2ecf20Sopenharmony_ci */ 1748c2ecf20Sopenharmony_cistruct ocontext { 1758c2ecf20Sopenharmony_ci union { 1768c2ecf20Sopenharmony_ci char *name; /* name of initial SID, fs, netif, fstype, path */ 1778c2ecf20Sopenharmony_ci struct { 1788c2ecf20Sopenharmony_ci u8 protocol; 1798c2ecf20Sopenharmony_ci u16 low_port; 1808c2ecf20Sopenharmony_ci u16 high_port; 1818c2ecf20Sopenharmony_ci } port; /* TCP or UDP port information */ 1828c2ecf20Sopenharmony_ci struct { 1838c2ecf20Sopenharmony_ci u32 addr; 1848c2ecf20Sopenharmony_ci u32 mask; 1858c2ecf20Sopenharmony_ci } node; /* node information */ 1868c2ecf20Sopenharmony_ci struct { 1878c2ecf20Sopenharmony_ci u32 addr[4]; 1888c2ecf20Sopenharmony_ci u32 mask[4]; 1898c2ecf20Sopenharmony_ci } node6; /* IPv6 node information */ 1908c2ecf20Sopenharmony_ci struct { 1918c2ecf20Sopenharmony_ci u64 subnet_prefix; 1928c2ecf20Sopenharmony_ci u16 low_pkey; 1938c2ecf20Sopenharmony_ci u16 high_pkey; 1948c2ecf20Sopenharmony_ci } ibpkey; 1958c2ecf20Sopenharmony_ci struct { 1968c2ecf20Sopenharmony_ci char *dev_name; 1978c2ecf20Sopenharmony_ci u8 port; 1988c2ecf20Sopenharmony_ci } ibendport; 1998c2ecf20Sopenharmony_ci } u; 2008c2ecf20Sopenharmony_ci union { 2018c2ecf20Sopenharmony_ci u32 sclass; /* security class for genfs */ 2028c2ecf20Sopenharmony_ci u32 behavior; /* labeling behavior for fs_use */ 2038c2ecf20Sopenharmony_ci } v; 2048c2ecf20Sopenharmony_ci struct context context[2]; /* security context(s) */ 2058c2ecf20Sopenharmony_ci u32 sid[2]; /* SID(s) */ 2068c2ecf20Sopenharmony_ci struct ocontext *next; 2078c2ecf20Sopenharmony_ci}; 2088c2ecf20Sopenharmony_ci 2098c2ecf20Sopenharmony_cistruct genfs { 2108c2ecf20Sopenharmony_ci char *fstype; 2118c2ecf20Sopenharmony_ci struct ocontext *head; 2128c2ecf20Sopenharmony_ci struct genfs *next; 2138c2ecf20Sopenharmony_ci}; 2148c2ecf20Sopenharmony_ci 2158c2ecf20Sopenharmony_ci/* symbol table array indices */ 2168c2ecf20Sopenharmony_ci#define SYM_COMMONS 0 2178c2ecf20Sopenharmony_ci#define SYM_CLASSES 1 2188c2ecf20Sopenharmony_ci#define SYM_ROLES 2 2198c2ecf20Sopenharmony_ci#define SYM_TYPES 3 2208c2ecf20Sopenharmony_ci#define SYM_USERS 4 2218c2ecf20Sopenharmony_ci#define SYM_BOOLS 5 2228c2ecf20Sopenharmony_ci#define SYM_LEVELS 6 2238c2ecf20Sopenharmony_ci#define SYM_CATS 7 2248c2ecf20Sopenharmony_ci#define SYM_NUM 8 2258c2ecf20Sopenharmony_ci 2268c2ecf20Sopenharmony_ci/* object context array indices */ 2278c2ecf20Sopenharmony_ci#define OCON_ISID 0 /* initial SIDs */ 2288c2ecf20Sopenharmony_ci#define OCON_FS 1 /* unlabeled file systems */ 2298c2ecf20Sopenharmony_ci#define OCON_PORT 2 /* TCP and UDP port numbers */ 2308c2ecf20Sopenharmony_ci#define OCON_NETIF 3 /* network interfaces */ 2318c2ecf20Sopenharmony_ci#define OCON_NODE 4 /* nodes */ 2328c2ecf20Sopenharmony_ci#define OCON_FSUSE 5 /* fs_use */ 2338c2ecf20Sopenharmony_ci#define OCON_NODE6 6 /* IPv6 nodes */ 2348c2ecf20Sopenharmony_ci#define OCON_IBPKEY 7 /* Infiniband PKeys */ 2358c2ecf20Sopenharmony_ci#define OCON_IBENDPORT 8 /* Infiniband end ports */ 2368c2ecf20Sopenharmony_ci#define OCON_NUM 9 2378c2ecf20Sopenharmony_ci 2388c2ecf20Sopenharmony_ci/* The policy database */ 2398c2ecf20Sopenharmony_cistruct policydb { 2408c2ecf20Sopenharmony_ci int mls_enabled; 2418c2ecf20Sopenharmony_ci 2428c2ecf20Sopenharmony_ci /* symbol tables */ 2438c2ecf20Sopenharmony_ci struct symtab symtab[SYM_NUM]; 2448c2ecf20Sopenharmony_ci#define p_commons symtab[SYM_COMMONS] 2458c2ecf20Sopenharmony_ci#define p_classes symtab[SYM_CLASSES] 2468c2ecf20Sopenharmony_ci#define p_roles symtab[SYM_ROLES] 2478c2ecf20Sopenharmony_ci#define p_types symtab[SYM_TYPES] 2488c2ecf20Sopenharmony_ci#define p_users symtab[SYM_USERS] 2498c2ecf20Sopenharmony_ci#define p_bools symtab[SYM_BOOLS] 2508c2ecf20Sopenharmony_ci#define p_levels symtab[SYM_LEVELS] 2518c2ecf20Sopenharmony_ci#define p_cats symtab[SYM_CATS] 2528c2ecf20Sopenharmony_ci 2538c2ecf20Sopenharmony_ci /* symbol names indexed by (value - 1) */ 2548c2ecf20Sopenharmony_ci char **sym_val_to_name[SYM_NUM]; 2558c2ecf20Sopenharmony_ci 2568c2ecf20Sopenharmony_ci /* class, role, and user attributes indexed by (value - 1) */ 2578c2ecf20Sopenharmony_ci struct class_datum **class_val_to_struct; 2588c2ecf20Sopenharmony_ci struct role_datum **role_val_to_struct; 2598c2ecf20Sopenharmony_ci struct user_datum **user_val_to_struct; 2608c2ecf20Sopenharmony_ci struct type_datum **type_val_to_struct; 2618c2ecf20Sopenharmony_ci 2628c2ecf20Sopenharmony_ci /* type enforcement access vectors and transitions */ 2638c2ecf20Sopenharmony_ci struct avtab te_avtab; 2648c2ecf20Sopenharmony_ci 2658c2ecf20Sopenharmony_ci /* role transitions */ 2668c2ecf20Sopenharmony_ci struct hashtab role_tr; 2678c2ecf20Sopenharmony_ci 2688c2ecf20Sopenharmony_ci /* file transitions with the last path component */ 2698c2ecf20Sopenharmony_ci /* quickly exclude lookups when parent ttype has no rules */ 2708c2ecf20Sopenharmony_ci struct ebitmap filename_trans_ttypes; 2718c2ecf20Sopenharmony_ci /* actual set of filename_trans rules */ 2728c2ecf20Sopenharmony_ci struct hashtab filename_trans; 2738c2ecf20Sopenharmony_ci /* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */ 2748c2ecf20Sopenharmony_ci u32 compat_filename_trans_count; 2758c2ecf20Sopenharmony_ci 2768c2ecf20Sopenharmony_ci /* bools indexed by (value - 1) */ 2778c2ecf20Sopenharmony_ci struct cond_bool_datum **bool_val_to_struct; 2788c2ecf20Sopenharmony_ci /* type enforcement conditional access vectors and transitions */ 2798c2ecf20Sopenharmony_ci struct avtab te_cond_avtab; 2808c2ecf20Sopenharmony_ci /* array indexing te_cond_avtab by conditional */ 2818c2ecf20Sopenharmony_ci struct cond_node *cond_list; 2828c2ecf20Sopenharmony_ci u32 cond_list_len; 2838c2ecf20Sopenharmony_ci 2848c2ecf20Sopenharmony_ci /* role allows */ 2858c2ecf20Sopenharmony_ci struct role_allow *role_allow; 2868c2ecf20Sopenharmony_ci 2878c2ecf20Sopenharmony_ci /* security contexts of initial SIDs, unlabeled file systems, 2888c2ecf20Sopenharmony_ci TCP or UDP port numbers, network interfaces and nodes */ 2898c2ecf20Sopenharmony_ci struct ocontext *ocontexts[OCON_NUM]; 2908c2ecf20Sopenharmony_ci 2918c2ecf20Sopenharmony_ci /* security contexts for files in filesystems that cannot support 2928c2ecf20Sopenharmony_ci a persistent label mapping or use another 2938c2ecf20Sopenharmony_ci fixed labeling behavior. */ 2948c2ecf20Sopenharmony_ci struct genfs *genfs; 2958c2ecf20Sopenharmony_ci 2968c2ecf20Sopenharmony_ci /* range transitions table (range_trans_key -> mls_range) */ 2978c2ecf20Sopenharmony_ci struct hashtab range_tr; 2988c2ecf20Sopenharmony_ci 2998c2ecf20Sopenharmony_ci /* type -> attribute reverse mapping */ 3008c2ecf20Sopenharmony_ci struct ebitmap *type_attr_map_array; 3018c2ecf20Sopenharmony_ci 3028c2ecf20Sopenharmony_ci struct ebitmap policycaps; 3038c2ecf20Sopenharmony_ci 3048c2ecf20Sopenharmony_ci struct ebitmap permissive_map; 3058c2ecf20Sopenharmony_ci 3068c2ecf20Sopenharmony_ci /* length of this policy when it was loaded */ 3078c2ecf20Sopenharmony_ci size_t len; 3088c2ecf20Sopenharmony_ci 3098c2ecf20Sopenharmony_ci unsigned int policyvers; 3108c2ecf20Sopenharmony_ci 3118c2ecf20Sopenharmony_ci unsigned int reject_unknown : 1; 3128c2ecf20Sopenharmony_ci unsigned int allow_unknown : 1; 3138c2ecf20Sopenharmony_ci 3148c2ecf20Sopenharmony_ci u16 process_class; 3158c2ecf20Sopenharmony_ci u32 process_trans_perms; 3168c2ecf20Sopenharmony_ci} __randomize_layout; 3178c2ecf20Sopenharmony_ci 3188c2ecf20Sopenharmony_ciextern void policydb_destroy(struct policydb *p); 3198c2ecf20Sopenharmony_ciextern int policydb_load_isids(struct policydb *p, struct sidtab *s); 3208c2ecf20Sopenharmony_ciextern int policydb_context_isvalid(struct policydb *p, struct context *c); 3218c2ecf20Sopenharmony_ciextern int policydb_class_isvalid(struct policydb *p, unsigned int class); 3228c2ecf20Sopenharmony_ciextern int policydb_type_isvalid(struct policydb *p, unsigned int type); 3238c2ecf20Sopenharmony_ciextern int policydb_role_isvalid(struct policydb *p, unsigned int role); 3248c2ecf20Sopenharmony_ciextern int policydb_read(struct policydb *p, void *fp); 3258c2ecf20Sopenharmony_ciextern int policydb_write(struct policydb *p, void *fp); 3268c2ecf20Sopenharmony_ci 3278c2ecf20Sopenharmony_ciextern struct filename_trans_datum *policydb_filenametr_search( 3288c2ecf20Sopenharmony_ci struct policydb *p, struct filename_trans_key *key); 3298c2ecf20Sopenharmony_ci 3308c2ecf20Sopenharmony_ciextern struct mls_range *policydb_rangetr_search( 3318c2ecf20Sopenharmony_ci struct policydb *p, struct range_trans *key); 3328c2ecf20Sopenharmony_ci 3338c2ecf20Sopenharmony_ciextern struct role_trans_datum *policydb_roletr_search( 3348c2ecf20Sopenharmony_ci struct policydb *p, struct role_trans_key *key); 3358c2ecf20Sopenharmony_ci 3368c2ecf20Sopenharmony_ci#define POLICYDB_CONFIG_MLS 1 3378c2ecf20Sopenharmony_ci 3388c2ecf20Sopenharmony_ci/* the config flags related to unknown classes/perms are bits 2 and 3 */ 3398c2ecf20Sopenharmony_ci#define REJECT_UNKNOWN 0x00000002 3408c2ecf20Sopenharmony_ci#define ALLOW_UNKNOWN 0x00000004 3418c2ecf20Sopenharmony_ci 3428c2ecf20Sopenharmony_ci#define OBJECT_R "object_r" 3438c2ecf20Sopenharmony_ci#define OBJECT_R_VAL 1 3448c2ecf20Sopenharmony_ci 3458c2ecf20Sopenharmony_ci#define POLICYDB_MAGIC SELINUX_MAGIC 3468c2ecf20Sopenharmony_ci#define POLICYDB_STRING "SE Linux" 3478c2ecf20Sopenharmony_ci 3488c2ecf20Sopenharmony_cistruct policy_file { 3498c2ecf20Sopenharmony_ci char *data; 3508c2ecf20Sopenharmony_ci size_t len; 3518c2ecf20Sopenharmony_ci}; 3528c2ecf20Sopenharmony_ci 3538c2ecf20Sopenharmony_cistruct policy_data { 3548c2ecf20Sopenharmony_ci struct policydb *p; 3558c2ecf20Sopenharmony_ci void *fp; 3568c2ecf20Sopenharmony_ci}; 3578c2ecf20Sopenharmony_ci 3588c2ecf20Sopenharmony_cistatic inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) 3598c2ecf20Sopenharmony_ci{ 3608c2ecf20Sopenharmony_ci if (bytes > fp->len) 3618c2ecf20Sopenharmony_ci return -EINVAL; 3628c2ecf20Sopenharmony_ci 3638c2ecf20Sopenharmony_ci memcpy(buf, fp->data, bytes); 3648c2ecf20Sopenharmony_ci fp->data += bytes; 3658c2ecf20Sopenharmony_ci fp->len -= bytes; 3668c2ecf20Sopenharmony_ci return 0; 3678c2ecf20Sopenharmony_ci} 3688c2ecf20Sopenharmony_ci 3698c2ecf20Sopenharmony_cistatic inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) 3708c2ecf20Sopenharmony_ci{ 3718c2ecf20Sopenharmony_ci size_t len = bytes * num; 3728c2ecf20Sopenharmony_ci 3738c2ecf20Sopenharmony_ci if (len > fp->len) 3748c2ecf20Sopenharmony_ci return -EINVAL; 3758c2ecf20Sopenharmony_ci memcpy(fp->data, buf, len); 3768c2ecf20Sopenharmony_ci fp->data += len; 3778c2ecf20Sopenharmony_ci fp->len -= len; 3788c2ecf20Sopenharmony_ci 3798c2ecf20Sopenharmony_ci return 0; 3808c2ecf20Sopenharmony_ci} 3818c2ecf20Sopenharmony_ci 3828c2ecf20Sopenharmony_cistatic inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr) 3838c2ecf20Sopenharmony_ci{ 3848c2ecf20Sopenharmony_ci return p->sym_val_to_name[sym_num][element_nr]; 3858c2ecf20Sopenharmony_ci} 3868c2ecf20Sopenharmony_ci 3878c2ecf20Sopenharmony_ciextern u16 string_to_security_class(struct policydb *p, const char *name); 3888c2ecf20Sopenharmony_ciextern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_ci#endif /* _SS_POLICYDB_H_ */ 3918c2ecf20Sopenharmony_ci 392