162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */ 262306a36Sopenharmony_ci/* Authors: Karl MacMillan <kmacmillan@tresys.com> 362306a36Sopenharmony_ci * Frank Mayer <mayerf@tresys.com> 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2003 - 2004 Tresys Technology, LLC 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#ifndef _CONDITIONAL_H_ 962306a36Sopenharmony_ci#define _CONDITIONAL_H_ 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci#include "avtab.h" 1262306a36Sopenharmony_ci#include "symtab.h" 1362306a36Sopenharmony_ci#include "policydb.h" 1462306a36Sopenharmony_ci#include "../include/conditional.h" 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#define COND_EXPR_MAXDEPTH 10 1762306a36Sopenharmony_ci 1862306a36Sopenharmony_ci/* 1962306a36Sopenharmony_ci * A conditional expression is a list of operators and operands 2062306a36Sopenharmony_ci * in reverse polish notation. 2162306a36Sopenharmony_ci */ 2262306a36Sopenharmony_cistruct cond_expr_node { 2362306a36Sopenharmony_ci#define COND_BOOL 1 /* plain bool */ 2462306a36Sopenharmony_ci#define COND_NOT 2 /* !bool */ 2562306a36Sopenharmony_ci#define COND_OR 3 /* bool || bool */ 2662306a36Sopenharmony_ci#define COND_AND 4 /* bool && bool */ 2762306a36Sopenharmony_ci#define COND_XOR 5 /* bool ^ bool */ 2862306a36Sopenharmony_ci#define COND_EQ 6 /* bool == bool */ 2962306a36Sopenharmony_ci#define COND_NEQ 7 /* bool != bool */ 3062306a36Sopenharmony_ci#define COND_LAST COND_NEQ 3162306a36Sopenharmony_ci u32 expr_type; 3262306a36Sopenharmony_ci u32 boolean; 3362306a36Sopenharmony_ci}; 3462306a36Sopenharmony_ci 3562306a36Sopenharmony_cistruct cond_expr { 3662306a36Sopenharmony_ci struct cond_expr_node *nodes; 3762306a36Sopenharmony_ci u32 len; 3862306a36Sopenharmony_ci}; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci/* 4162306a36Sopenharmony_ci * Each cond_node contains a list of rules to be enabled/disabled 4262306a36Sopenharmony_ci * depending on the current value of the conditional expression. This 4362306a36Sopenharmony_ci * struct is for that list. 4462306a36Sopenharmony_ci */ 4562306a36Sopenharmony_cistruct cond_av_list { 4662306a36Sopenharmony_ci struct avtab_node **nodes; 4762306a36Sopenharmony_ci u32 len; 4862306a36Sopenharmony_ci}; 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci/* 5162306a36Sopenharmony_ci * A cond node represents a conditional block in a policy. It 5262306a36Sopenharmony_ci * contains a conditional expression, the current state of the expression, 5362306a36Sopenharmony_ci * two lists of rules to enable/disable depending on the value of the 5462306a36Sopenharmony_ci * expression (the true list corresponds to if and the false list corresponds 5562306a36Sopenharmony_ci * to else).. 5662306a36Sopenharmony_ci */ 5762306a36Sopenharmony_cistruct cond_node { 5862306a36Sopenharmony_ci int cur_state; 5962306a36Sopenharmony_ci struct cond_expr expr; 6062306a36Sopenharmony_ci struct cond_av_list true_list; 6162306a36Sopenharmony_ci struct cond_av_list false_list; 6262306a36Sopenharmony_ci}; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_civoid cond_policydb_init(struct policydb *p); 6562306a36Sopenharmony_civoid cond_policydb_destroy(struct policydb *p); 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ciint cond_init_bool_indexes(struct policydb *p); 6862306a36Sopenharmony_ciint cond_destroy_bool(void *key, void *datum, void *p); 6962306a36Sopenharmony_ci 7062306a36Sopenharmony_ciint cond_index_bool(void *key, void *datum, void *datap); 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ciint cond_read_bool(struct policydb *p, struct symtab *s, void *fp); 7362306a36Sopenharmony_ciint cond_read_list(struct policydb *p, void *fp); 7462306a36Sopenharmony_ciint cond_write_bool(void *key, void *datum, void *ptr); 7562306a36Sopenharmony_ciint cond_write_list(struct policydb *p, void *fp); 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_civoid cond_compute_av(struct avtab *ctab, struct avtab_key *key, 7862306a36Sopenharmony_ci struct av_decision *avd, struct extended_perms *xperms); 7962306a36Sopenharmony_civoid cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, 8062306a36Sopenharmony_ci struct extended_perms_decision *xpermd); 8162306a36Sopenharmony_civoid evaluate_cond_nodes(struct policydb *p); 8262306a36Sopenharmony_civoid cond_policydb_destroy_dup(struct policydb *p); 8362306a36Sopenharmony_ciint cond_policydb_dup(struct policydb *new, struct policydb *orig); 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ci#endif /* _CONDITIONAL_H_ */ 86