162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-only */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * A policy database (policydb) specifies the 462306a36Sopenharmony_ci * configuration data for the security policy. 562306a36Sopenharmony_ci * 662306a36Sopenharmony_ci * Author : Stephen Smalley, <stephen.smalley.work@gmail.com> 762306a36Sopenharmony_ci */ 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci/* 1062306a36Sopenharmony_ci * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 1162306a36Sopenharmony_ci * 1262306a36Sopenharmony_ci * Support for enhanced MLS infrastructure. 1362306a36Sopenharmony_ci * 1462306a36Sopenharmony_ci * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 1562306a36Sopenharmony_ci * 1662306a36Sopenharmony_ci * Added conditional policy language extensions 1762306a36Sopenharmony_ci * 1862306a36Sopenharmony_ci * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 1962306a36Sopenharmony_ci * Copyright (C) 2003 - 2004 Tresys Technology, LLC 2062306a36Sopenharmony_ci */ 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#ifndef _SS_POLICYDB_H_ 2362306a36Sopenharmony_ci#define _SS_POLICYDB_H_ 2462306a36Sopenharmony_ci 2562306a36Sopenharmony_ci#include "symtab.h" 2662306a36Sopenharmony_ci#include "avtab.h" 2762306a36Sopenharmony_ci#include "sidtab.h" 2862306a36Sopenharmony_ci#include "ebitmap.h" 2962306a36Sopenharmony_ci#include "mls_types.h" 3062306a36Sopenharmony_ci#include "context.h" 3162306a36Sopenharmony_ci#include "constraint.h" 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_ci/* 3462306a36Sopenharmony_ci * A datum type is defined for each kind of symbol 3562306a36Sopenharmony_ci * in the configuration data: individual permissions, 3662306a36Sopenharmony_ci * common prefixes for access vectors, classes, 3762306a36Sopenharmony_ci * users, roles, types, sensitivities, categories, etc. 3862306a36Sopenharmony_ci */ 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci/* Permission attributes */ 4162306a36Sopenharmony_cistruct perm_datum { 4262306a36Sopenharmony_ci u32 value; /* permission bit + 1 */ 4362306a36Sopenharmony_ci}; 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_ci/* Attributes of a common prefix for access vectors */ 4662306a36Sopenharmony_cistruct common_datum { 4762306a36Sopenharmony_ci u32 value; /* internal common value */ 4862306a36Sopenharmony_ci struct symtab permissions; /* common permissions */ 4962306a36Sopenharmony_ci}; 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci/* Class attributes */ 5262306a36Sopenharmony_cistruct class_datum { 5362306a36Sopenharmony_ci u32 value; /* class value */ 5462306a36Sopenharmony_ci char *comkey; /* common name */ 5562306a36Sopenharmony_ci struct common_datum *comdatum; /* common datum */ 5662306a36Sopenharmony_ci struct symtab permissions; /* class-specific permission symbol table */ 5762306a36Sopenharmony_ci struct constraint_node *constraints; /* constraints on class permissions */ 5862306a36Sopenharmony_ci struct constraint_node *validatetrans; /* special transition rules */ 5962306a36Sopenharmony_ci/* Options how a new object user, role, and type should be decided */ 6062306a36Sopenharmony_ci#define DEFAULT_SOURCE 1 6162306a36Sopenharmony_ci#define DEFAULT_TARGET 2 6262306a36Sopenharmony_ci char default_user; 6362306a36Sopenharmony_ci char default_role; 6462306a36Sopenharmony_ci char default_type; 6562306a36Sopenharmony_ci/* Options how a new object range should be decided */ 6662306a36Sopenharmony_ci#define DEFAULT_SOURCE_LOW 1 6762306a36Sopenharmony_ci#define DEFAULT_SOURCE_HIGH 2 6862306a36Sopenharmony_ci#define DEFAULT_SOURCE_LOW_HIGH 3 6962306a36Sopenharmony_ci#define DEFAULT_TARGET_LOW 4 7062306a36Sopenharmony_ci#define DEFAULT_TARGET_HIGH 5 7162306a36Sopenharmony_ci#define DEFAULT_TARGET_LOW_HIGH 6 7262306a36Sopenharmony_ci#define DEFAULT_GLBLUB 7 7362306a36Sopenharmony_ci char default_range; 7462306a36Sopenharmony_ci}; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci/* Role attributes */ 7762306a36Sopenharmony_cistruct role_datum { 7862306a36Sopenharmony_ci u32 value; /* internal role value */ 7962306a36Sopenharmony_ci u32 bounds; /* boundary of role */ 8062306a36Sopenharmony_ci struct ebitmap dominates; /* set of roles dominated by this role */ 8162306a36Sopenharmony_ci struct ebitmap types; /* set of authorized types for role */ 8262306a36Sopenharmony_ci}; 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_cistruct role_trans_key { 8562306a36Sopenharmony_ci u32 role; /* current role */ 8662306a36Sopenharmony_ci u32 type; /* program executable type, or new object type */ 8762306a36Sopenharmony_ci u32 tclass; /* process class, or new object class */ 8862306a36Sopenharmony_ci}; 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_cistruct role_trans_datum { 9162306a36Sopenharmony_ci u32 new_role; /* new role */ 9262306a36Sopenharmony_ci}; 9362306a36Sopenharmony_ci 9462306a36Sopenharmony_cistruct filename_trans_key { 9562306a36Sopenharmony_ci u32 ttype; /* parent dir context */ 9662306a36Sopenharmony_ci u16 tclass; /* class of new object */ 9762306a36Sopenharmony_ci const char *name; /* last path component */ 9862306a36Sopenharmony_ci}; 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_cistruct filename_trans_datum { 10162306a36Sopenharmony_ci struct ebitmap stypes; /* bitmap of source types for this otype */ 10262306a36Sopenharmony_ci u32 otype; /* resulting type of new object */ 10362306a36Sopenharmony_ci struct filename_trans_datum *next; /* record for next otype*/ 10462306a36Sopenharmony_ci}; 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_cistruct role_allow { 10762306a36Sopenharmony_ci u32 role; /* current role */ 10862306a36Sopenharmony_ci u32 new_role; /* new role */ 10962306a36Sopenharmony_ci struct role_allow *next; 11062306a36Sopenharmony_ci}; 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci/* Type attributes */ 11362306a36Sopenharmony_cistruct type_datum { 11462306a36Sopenharmony_ci u32 value; /* internal type value */ 11562306a36Sopenharmony_ci u32 bounds; /* boundary of type */ 11662306a36Sopenharmony_ci unsigned char primary; /* primary name? */ 11762306a36Sopenharmony_ci unsigned char attribute;/* attribute ?*/ 11862306a36Sopenharmony_ci}; 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci/* User attributes */ 12162306a36Sopenharmony_cistruct user_datum { 12262306a36Sopenharmony_ci u32 value; /* internal user value */ 12362306a36Sopenharmony_ci u32 bounds; /* bounds of user */ 12462306a36Sopenharmony_ci struct ebitmap roles; /* set of authorized roles for user */ 12562306a36Sopenharmony_ci struct mls_range range; /* MLS range (min - max) for user */ 12662306a36Sopenharmony_ci struct mls_level dfltlevel; /* default login MLS level for user */ 12762306a36Sopenharmony_ci}; 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci/* Sensitivity attributes */ 13162306a36Sopenharmony_cistruct level_datum { 13262306a36Sopenharmony_ci struct mls_level *level; /* sensitivity and associated categories */ 13362306a36Sopenharmony_ci unsigned char isalias; /* is this sensitivity an alias for another? */ 13462306a36Sopenharmony_ci}; 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_ci/* Category attributes */ 13762306a36Sopenharmony_cistruct cat_datum { 13862306a36Sopenharmony_ci u32 value; /* internal category bit + 1 */ 13962306a36Sopenharmony_ci unsigned char isalias; /* is this category an alias for another? */ 14062306a36Sopenharmony_ci}; 14162306a36Sopenharmony_ci 14262306a36Sopenharmony_cistruct range_trans { 14362306a36Sopenharmony_ci u32 source_type; 14462306a36Sopenharmony_ci u32 target_type; 14562306a36Sopenharmony_ci u32 target_class; 14662306a36Sopenharmony_ci}; 14762306a36Sopenharmony_ci 14862306a36Sopenharmony_ci/* Boolean data type */ 14962306a36Sopenharmony_cistruct cond_bool_datum { 15062306a36Sopenharmony_ci __u32 value; /* internal type value */ 15162306a36Sopenharmony_ci int state; 15262306a36Sopenharmony_ci}; 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_cistruct cond_node; 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci/* 15762306a36Sopenharmony_ci * type set preserves data needed to determine constraint info from 15862306a36Sopenharmony_ci * policy source. This is not used by the kernel policy but allows 15962306a36Sopenharmony_ci * utilities such as audit2allow to determine constraint denials. 16062306a36Sopenharmony_ci */ 16162306a36Sopenharmony_cistruct type_set { 16262306a36Sopenharmony_ci struct ebitmap types; 16362306a36Sopenharmony_ci struct ebitmap negset; 16462306a36Sopenharmony_ci u32 flags; 16562306a36Sopenharmony_ci}; 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_ci/* 16862306a36Sopenharmony_ci * The configuration data includes security contexts for 16962306a36Sopenharmony_ci * initial SIDs, unlabeled file systems, TCP and UDP port numbers, 17062306a36Sopenharmony_ci * network interfaces, and nodes. This structure stores the 17162306a36Sopenharmony_ci * relevant data for one such entry. Entries of the same kind 17262306a36Sopenharmony_ci * (e.g. all initial SIDs) are linked together into a list. 17362306a36Sopenharmony_ci */ 17462306a36Sopenharmony_cistruct ocontext { 17562306a36Sopenharmony_ci union { 17662306a36Sopenharmony_ci char *name; /* name of initial SID, fs, netif, fstype, path */ 17762306a36Sopenharmony_ci struct { 17862306a36Sopenharmony_ci u8 protocol; 17962306a36Sopenharmony_ci u16 low_port; 18062306a36Sopenharmony_ci u16 high_port; 18162306a36Sopenharmony_ci } port; /* TCP or UDP port information */ 18262306a36Sopenharmony_ci struct { 18362306a36Sopenharmony_ci u32 addr; 18462306a36Sopenharmony_ci u32 mask; 18562306a36Sopenharmony_ci } node; /* node information */ 18662306a36Sopenharmony_ci struct { 18762306a36Sopenharmony_ci u32 addr[4]; 18862306a36Sopenharmony_ci u32 mask[4]; 18962306a36Sopenharmony_ci } node6; /* IPv6 node information */ 19062306a36Sopenharmony_ci struct { 19162306a36Sopenharmony_ci u64 subnet_prefix; 19262306a36Sopenharmony_ci u16 low_pkey; 19362306a36Sopenharmony_ci u16 high_pkey; 19462306a36Sopenharmony_ci } ibpkey; 19562306a36Sopenharmony_ci struct { 19662306a36Sopenharmony_ci char *dev_name; 19762306a36Sopenharmony_ci u8 port; 19862306a36Sopenharmony_ci } ibendport; 19962306a36Sopenharmony_ci } u; 20062306a36Sopenharmony_ci union { 20162306a36Sopenharmony_ci u32 sclass; /* security class for genfs */ 20262306a36Sopenharmony_ci u32 behavior; /* labeling behavior for fs_use */ 20362306a36Sopenharmony_ci } v; 20462306a36Sopenharmony_ci struct context context[2]; /* security context(s) */ 20562306a36Sopenharmony_ci u32 sid[2]; /* SID(s) */ 20662306a36Sopenharmony_ci struct ocontext *next; 20762306a36Sopenharmony_ci}; 20862306a36Sopenharmony_ci 20962306a36Sopenharmony_cistruct genfs { 21062306a36Sopenharmony_ci char *fstype; 21162306a36Sopenharmony_ci struct ocontext *head; 21262306a36Sopenharmony_ci struct genfs *next; 21362306a36Sopenharmony_ci}; 21462306a36Sopenharmony_ci 21562306a36Sopenharmony_ci/* symbol table array indices */ 21662306a36Sopenharmony_ci#define SYM_COMMONS 0 21762306a36Sopenharmony_ci#define SYM_CLASSES 1 21862306a36Sopenharmony_ci#define SYM_ROLES 2 21962306a36Sopenharmony_ci#define SYM_TYPES 3 22062306a36Sopenharmony_ci#define SYM_USERS 4 22162306a36Sopenharmony_ci#define SYM_BOOLS 5 22262306a36Sopenharmony_ci#define SYM_LEVELS 6 22362306a36Sopenharmony_ci#define SYM_CATS 7 22462306a36Sopenharmony_ci#define SYM_NUM 8 22562306a36Sopenharmony_ci 22662306a36Sopenharmony_ci/* object context array indices */ 22762306a36Sopenharmony_ci#define OCON_ISID 0 /* initial SIDs */ 22862306a36Sopenharmony_ci#define OCON_FS 1 /* unlabeled file systems (deprecated) */ 22962306a36Sopenharmony_ci#define OCON_PORT 2 /* TCP and UDP port numbers */ 23062306a36Sopenharmony_ci#define OCON_NETIF 3 /* network interfaces */ 23162306a36Sopenharmony_ci#define OCON_NODE 4 /* nodes */ 23262306a36Sopenharmony_ci#define OCON_FSUSE 5 /* fs_use */ 23362306a36Sopenharmony_ci#define OCON_NODE6 6 /* IPv6 nodes */ 23462306a36Sopenharmony_ci#define OCON_IBPKEY 7 /* Infiniband PKeys */ 23562306a36Sopenharmony_ci#define OCON_IBENDPORT 8 /* Infiniband end ports */ 23662306a36Sopenharmony_ci#define OCON_NUM 9 23762306a36Sopenharmony_ci 23862306a36Sopenharmony_ci/* The policy database */ 23962306a36Sopenharmony_cistruct policydb { 24062306a36Sopenharmony_ci int mls_enabled; 24162306a36Sopenharmony_ci 24262306a36Sopenharmony_ci /* symbol tables */ 24362306a36Sopenharmony_ci struct symtab symtab[SYM_NUM]; 24462306a36Sopenharmony_ci#define p_commons symtab[SYM_COMMONS] 24562306a36Sopenharmony_ci#define p_classes symtab[SYM_CLASSES] 24662306a36Sopenharmony_ci#define p_roles symtab[SYM_ROLES] 24762306a36Sopenharmony_ci#define p_types symtab[SYM_TYPES] 24862306a36Sopenharmony_ci#define p_users symtab[SYM_USERS] 24962306a36Sopenharmony_ci#define p_bools symtab[SYM_BOOLS] 25062306a36Sopenharmony_ci#define p_levels symtab[SYM_LEVELS] 25162306a36Sopenharmony_ci#define p_cats symtab[SYM_CATS] 25262306a36Sopenharmony_ci 25362306a36Sopenharmony_ci /* symbol names indexed by (value - 1) */ 25462306a36Sopenharmony_ci char **sym_val_to_name[SYM_NUM]; 25562306a36Sopenharmony_ci 25662306a36Sopenharmony_ci /* class, role, and user attributes indexed by (value - 1) */ 25762306a36Sopenharmony_ci struct class_datum **class_val_to_struct; 25862306a36Sopenharmony_ci struct role_datum **role_val_to_struct; 25962306a36Sopenharmony_ci struct user_datum **user_val_to_struct; 26062306a36Sopenharmony_ci struct type_datum **type_val_to_struct; 26162306a36Sopenharmony_ci 26262306a36Sopenharmony_ci /* type enforcement access vectors and transitions */ 26362306a36Sopenharmony_ci struct avtab te_avtab; 26462306a36Sopenharmony_ci 26562306a36Sopenharmony_ci /* role transitions */ 26662306a36Sopenharmony_ci struct hashtab role_tr; 26762306a36Sopenharmony_ci 26862306a36Sopenharmony_ci /* file transitions with the last path component */ 26962306a36Sopenharmony_ci /* quickly exclude lookups when parent ttype has no rules */ 27062306a36Sopenharmony_ci struct ebitmap filename_trans_ttypes; 27162306a36Sopenharmony_ci /* actual set of filename_trans rules */ 27262306a36Sopenharmony_ci struct hashtab filename_trans; 27362306a36Sopenharmony_ci /* only used if policyvers < POLICYDB_VERSION_COMP_FTRANS */ 27462306a36Sopenharmony_ci u32 compat_filename_trans_count; 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci /* bools indexed by (value - 1) */ 27762306a36Sopenharmony_ci struct cond_bool_datum **bool_val_to_struct; 27862306a36Sopenharmony_ci /* type enforcement conditional access vectors and transitions */ 27962306a36Sopenharmony_ci struct avtab te_cond_avtab; 28062306a36Sopenharmony_ci /* array indexing te_cond_avtab by conditional */ 28162306a36Sopenharmony_ci struct cond_node *cond_list; 28262306a36Sopenharmony_ci u32 cond_list_len; 28362306a36Sopenharmony_ci 28462306a36Sopenharmony_ci /* role allows */ 28562306a36Sopenharmony_ci struct role_allow *role_allow; 28662306a36Sopenharmony_ci 28762306a36Sopenharmony_ci /* security contexts of initial SIDs, unlabeled file systems, 28862306a36Sopenharmony_ci TCP or UDP port numbers, network interfaces and nodes */ 28962306a36Sopenharmony_ci struct ocontext *ocontexts[OCON_NUM]; 29062306a36Sopenharmony_ci 29162306a36Sopenharmony_ci /* security contexts for files in filesystems that cannot support 29262306a36Sopenharmony_ci a persistent label mapping or use another 29362306a36Sopenharmony_ci fixed labeling behavior. */ 29462306a36Sopenharmony_ci struct genfs *genfs; 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci /* range transitions table (range_trans_key -> mls_range) */ 29762306a36Sopenharmony_ci struct hashtab range_tr; 29862306a36Sopenharmony_ci 29962306a36Sopenharmony_ci /* type -> attribute reverse mapping */ 30062306a36Sopenharmony_ci struct ebitmap *type_attr_map_array; 30162306a36Sopenharmony_ci 30262306a36Sopenharmony_ci struct ebitmap policycaps; 30362306a36Sopenharmony_ci 30462306a36Sopenharmony_ci struct ebitmap permissive_map; 30562306a36Sopenharmony_ci 30662306a36Sopenharmony_ci /* length of this policy when it was loaded */ 30762306a36Sopenharmony_ci size_t len; 30862306a36Sopenharmony_ci 30962306a36Sopenharmony_ci unsigned int policyvers; 31062306a36Sopenharmony_ci 31162306a36Sopenharmony_ci unsigned int reject_unknown : 1; 31262306a36Sopenharmony_ci unsigned int allow_unknown : 1; 31362306a36Sopenharmony_ci 31462306a36Sopenharmony_ci u16 process_class; 31562306a36Sopenharmony_ci u32 process_trans_perms; 31662306a36Sopenharmony_ci} __randomize_layout; 31762306a36Sopenharmony_ci 31862306a36Sopenharmony_ciextern void policydb_destroy(struct policydb *p); 31962306a36Sopenharmony_ciextern int policydb_load_isids(struct policydb *p, struct sidtab *s); 32062306a36Sopenharmony_ciextern int policydb_context_isvalid(struct policydb *p, struct context *c); 32162306a36Sopenharmony_ciextern int policydb_class_isvalid(struct policydb *p, unsigned int class); 32262306a36Sopenharmony_ciextern int policydb_type_isvalid(struct policydb *p, unsigned int type); 32362306a36Sopenharmony_ciextern int policydb_role_isvalid(struct policydb *p, unsigned int role); 32462306a36Sopenharmony_ciextern int policydb_read(struct policydb *p, void *fp); 32562306a36Sopenharmony_ciextern int policydb_write(struct policydb *p, void *fp); 32662306a36Sopenharmony_ci 32762306a36Sopenharmony_ciextern struct filename_trans_datum *policydb_filenametr_search( 32862306a36Sopenharmony_ci struct policydb *p, struct filename_trans_key *key); 32962306a36Sopenharmony_ci 33062306a36Sopenharmony_ciextern struct mls_range *policydb_rangetr_search( 33162306a36Sopenharmony_ci struct policydb *p, struct range_trans *key); 33262306a36Sopenharmony_ci 33362306a36Sopenharmony_ciextern struct role_trans_datum *policydb_roletr_search( 33462306a36Sopenharmony_ci struct policydb *p, struct role_trans_key *key); 33562306a36Sopenharmony_ci 33662306a36Sopenharmony_ci#define POLICYDB_CONFIG_MLS 1 33762306a36Sopenharmony_ci 33862306a36Sopenharmony_ci/* the config flags related to unknown classes/perms are bits 2 and 3 */ 33962306a36Sopenharmony_ci#define REJECT_UNKNOWN 0x00000002 34062306a36Sopenharmony_ci#define ALLOW_UNKNOWN 0x00000004 34162306a36Sopenharmony_ci 34262306a36Sopenharmony_ci#define OBJECT_R "object_r" 34362306a36Sopenharmony_ci#define OBJECT_R_VAL 1 34462306a36Sopenharmony_ci 34562306a36Sopenharmony_ci#define POLICYDB_MAGIC SELINUX_MAGIC 34662306a36Sopenharmony_ci#define POLICYDB_STRING "SE Linux" 34762306a36Sopenharmony_ci 34862306a36Sopenharmony_cistruct policy_file { 34962306a36Sopenharmony_ci char *data; 35062306a36Sopenharmony_ci size_t len; 35162306a36Sopenharmony_ci}; 35262306a36Sopenharmony_ci 35362306a36Sopenharmony_cistruct policy_data { 35462306a36Sopenharmony_ci struct policydb *p; 35562306a36Sopenharmony_ci void *fp; 35662306a36Sopenharmony_ci}; 35762306a36Sopenharmony_ci 35862306a36Sopenharmony_cistatic inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) 35962306a36Sopenharmony_ci{ 36062306a36Sopenharmony_ci if (bytes > fp->len) 36162306a36Sopenharmony_ci return -EINVAL; 36262306a36Sopenharmony_ci 36362306a36Sopenharmony_ci memcpy(buf, fp->data, bytes); 36462306a36Sopenharmony_ci fp->data += bytes; 36562306a36Sopenharmony_ci fp->len -= bytes; 36662306a36Sopenharmony_ci return 0; 36762306a36Sopenharmony_ci} 36862306a36Sopenharmony_ci 36962306a36Sopenharmony_cistatic inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp) 37062306a36Sopenharmony_ci{ 37162306a36Sopenharmony_ci size_t len; 37262306a36Sopenharmony_ci 37362306a36Sopenharmony_ci if (unlikely(check_mul_overflow(bytes, num, &len))) 37462306a36Sopenharmony_ci return -EINVAL; 37562306a36Sopenharmony_ci 37662306a36Sopenharmony_ci if (len > fp->len) 37762306a36Sopenharmony_ci return -EINVAL; 37862306a36Sopenharmony_ci memcpy(fp->data, buf, len); 37962306a36Sopenharmony_ci fp->data += len; 38062306a36Sopenharmony_ci fp->len -= len; 38162306a36Sopenharmony_ci 38262306a36Sopenharmony_ci return 0; 38362306a36Sopenharmony_ci} 38462306a36Sopenharmony_ci 38562306a36Sopenharmony_cistatic inline char *sym_name(struct policydb *p, unsigned int sym_num, unsigned int element_nr) 38662306a36Sopenharmony_ci{ 38762306a36Sopenharmony_ci return p->sym_val_to_name[sym_num][element_nr]; 38862306a36Sopenharmony_ci} 38962306a36Sopenharmony_ci 39062306a36Sopenharmony_ciextern u16 string_to_security_class(struct policydb *p, const char *name); 39162306a36Sopenharmony_ciextern u32 string_to_av_perm(struct policydb *p, u16 tclass, const char *name); 39262306a36Sopenharmony_ci 39362306a36Sopenharmony_ci#endif /* _SS_POLICYDB_H_ */ 39462306a36Sopenharmony_ci 395