1 /*
2 * This file describes the internal interface used by the AVC
3 * for calling the user-supplied memory allocation, supplemental
4 * auditing, and locking routine, as well as incrementing the
5 * statistics fields.
6 *
7 * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
8 */
9 #ifndef _SELINUX_AVC_INTERNAL_H_
10 #define _SELINUX_AVC_INTERNAL_H_
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <selinux/avc.h>
16 #include "callbacks.h"
17 #include "dso.h"
18
19 /* callback pointers */
20 extern void *(*avc_func_malloc) (size_t) hidden;
21 extern void (*avc_func_free) (void *)hidden;
22
23 extern void (*avc_func_log) (const char *, ...) __attribute__((__format__(printf,1,2))) hidden;
24 extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
25
26 extern int avc_using_threads hidden;
27 extern int avc_app_main_loop hidden;
28 extern void *(*avc_func_create_thread) (void (*)(void))hidden;
29 extern void (*avc_func_stop_thread) (void *)hidden;
30
31 extern void *(*avc_func_alloc_lock) (void)hidden;
32 extern void (*avc_func_get_lock) (void *)hidden;
33 extern void (*avc_func_release_lock) (void *)hidden;
34 extern void (*avc_func_free_lock) (void *)hidden;
35
set_callbacks(const struct avc_memory_callback * mem_cb,const struct avc_log_callback * log_cb,const struct avc_thread_callback * thread_cb,const struct avc_lock_callback * lock_cb)36 static inline void set_callbacks(const struct avc_memory_callback *mem_cb,
37 const struct avc_log_callback *log_cb,
38 const struct avc_thread_callback *thread_cb,
39 const struct avc_lock_callback *lock_cb)
40 {
41 if (mem_cb) {
42 avc_func_malloc = mem_cb->func_malloc;
43 avc_func_free = mem_cb->func_free;
44 }
45 if (log_cb) {
46 avc_func_log = log_cb->func_log;
47 avc_func_audit = log_cb->func_audit;
48 }
49 if (thread_cb) {
50 avc_using_threads = 1;
51 avc_func_create_thread = thread_cb->func_create_thread;
52 avc_func_stop_thread = thread_cb->func_stop_thread;
53 }
54 if (lock_cb) {
55 avc_func_alloc_lock = lock_cb->func_alloc_lock;
56 avc_func_get_lock = lock_cb->func_get_lock;
57 avc_func_release_lock = lock_cb->func_release_lock;
58 avc_func_free_lock = lock_cb->func_free_lock;
59 }
60 }
61
62 /* message prefix and enforcing mode*/
63 #define AVC_PREFIX_SIZE 16
64 extern char avc_prefix[AVC_PREFIX_SIZE] hidden;
65 extern int avc_running hidden;
66 extern int avc_enforcing hidden;
67 extern int avc_setenforce hidden;
68
69 /* user-supplied callback interface for avc */
avc_malloc(size_t size)70 static inline void *avc_malloc(size_t size)
71 {
72 return avc_func_malloc ? avc_func_malloc(size) : malloc(size);
73 }
74
avc_free(void * ptr)75 static inline void avc_free(void *ptr)
76 {
77 if (avc_func_free)
78 avc_func_free(ptr);
79 else
80 free(ptr);
81 }
82
83 /* this is a macro in order to use the variadic capability. */
84 #define avc_log(type, format...) \
85 if (avc_func_log) \
86 avc_func_log(format); \
87 else \
88 selinux_log(type, format);
89
avc_suppl_audit(void * ptr,security_class_t class,char * buf,size_t len)90 static inline void avc_suppl_audit(void *ptr, security_class_t class,
91 char *buf, size_t len)
92 {
93 if (avc_func_audit)
94 avc_func_audit(ptr, class, buf, len);
95 else
96 selinux_audit(ptr, class, buf, len);
97 }
98
avc_create_thread(void (* run)(void))99 static inline void *avc_create_thread(void (*run) (void))
100 {
101 return avc_func_create_thread ? avc_func_create_thread(run) : NULL;
102 }
103
avc_stop_thread(void * thread)104 static inline void avc_stop_thread(void *thread)
105 {
106 if (avc_func_stop_thread)
107 avc_func_stop_thread(thread);
108 }
109
avc_alloc_lock(void)110 static inline void *avc_alloc_lock(void)
111 {
112 return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL;
113 }
114
avc_get_lock(void * lock)115 static inline void avc_get_lock(void *lock)
116 {
117 if (avc_func_get_lock)
118 avc_func_get_lock(lock);
119 }
120
avc_release_lock(void * lock)121 static inline void avc_release_lock(void *lock)
122 {
123 if (avc_func_release_lock)
124 avc_func_release_lock(lock);
125 }
126
avc_free_lock(void * lock)127 static inline void avc_free_lock(void *lock)
128 {
129 if (avc_func_free_lock)
130 avc_func_free_lock(lock);
131 }
132
133 /* statistics helper routines */
134 #ifdef AVC_CACHE_STATS
135
136 #define avc_cache_stats_incr(field) \
137 cache_stats.field ++;
138 #define avc_cache_stats_add(field, num) \
139 cache_stats.field += num;
140
141 #else
142
143 #define avc_cache_stats_incr(field)
144 #define avc_cache_stats_add(field, num)
145
146 #endif
147
148 /* logging helper routines */
149 #define AVC_AUDIT_BUFSIZE 1024
150
151 /* again, we need the variadic capability here */
152 #define log_append(buf,format...) \
153 snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format)
154
155 /* internal callbacks */
156 int avc_ss_grant(security_id_t ssid, security_id_t tsid,
157 security_class_t tclass, access_vector_t perms,
158 uint32_t seqno) hidden;
159 int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
160 security_class_t tclass,
161 access_vector_t perms, uint32_t seqno,
162 access_vector_t * out_retained) hidden;
163 int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
164 security_class_t tclass, access_vector_t perms,
165 uint32_t seqno) hidden;
166 int avc_ss_reset(uint32_t seqno) hidden;
167 int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
168 security_class_t tclass, access_vector_t perms,
169 uint32_t seqno, uint32_t enable) hidden;
170 int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
171 security_class_t tclass, access_vector_t perms,
172 uint32_t seqno, uint32_t enable) hidden;
173
174 /* netlink kernel message code */
175 extern int avc_netlink_trouble hidden;
176
177 hidden_proto(avc_av_stats)
178 hidden_proto(avc_cleanup)
179 hidden_proto(avc_reset)
180 hidden_proto(avc_audit)
181 hidden_proto(avc_has_perm_noaudit)
182 #endif /* _SELINUX_AVC_INTERNAL_H_ */
183