| 1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
|---|
| 2 | /* Authors: Karl MacMillan <kmacmillan@tresys.com> |
|---|
| 3 | * Frank Mayer <mayerf@tresys.com> |
|---|
| 4 | * |
|---|
| 5 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
|---|
| 6 | */ |
|---|
| 7 | |
|---|
| 8 | #ifndef _CONDITIONAL_H_ |
|---|
| 9 | #define _CONDITIONAL_H_ |
|---|
| 10 | |
|---|
| 11 | #include "avtab.h" |
|---|
| 12 | #include "symtab.h" |
|---|
| 13 | #include "policydb.h" |
|---|
| 14 | #include "../include/conditional.h" |
|---|
| 15 | |
|---|
| 16 | #define COND_EXPR_MAXDEPTH 10 |
|---|
| 17 | |
|---|
| 18 | /* |
|---|
| 19 | * A conditional expression is a list of operators and operands |
|---|
| 20 | * in reverse polish notation. |
|---|
| 21 | */ |
|---|
| 22 | struct cond_expr_node { |
|---|
| 23 | #define COND_BOOL 1 /* plain bool */ |
|---|
| 24 | #define COND_NOT 2 /* !bool */ |
|---|
| 25 | #define COND_OR 3 /* bool || bool */ |
|---|
| 26 | #define COND_AND 4 /* bool && bool */ |
|---|
| 27 | #define COND_XOR 5 /* bool ^ bool */ |
|---|
| 28 | #define COND_EQ 6 /* bool == bool */ |
|---|
| 29 | #define COND_NEQ 7 /* bool != bool */ |
|---|
| 30 | #define COND_LAST COND_NEQ |
|---|
| 31 | u32 expr_type; |
|---|
| 32 | u32 boolean; |
|---|
| 33 | }; |
|---|
| 34 | |
|---|
| 35 | struct cond_expr { |
|---|
| 36 | struct cond_expr_node *nodes; |
|---|
| 37 | u32 len; |
|---|
| 38 | }; |
|---|
| 39 | |
|---|
| 40 | /* |
|---|
| 41 | * Each cond_node contains a list of rules to be enabled/disabled |
|---|
| 42 | * depending on the current value of the conditional expression. This |
|---|
| 43 | * struct is for that list. |
|---|
| 44 | */ |
|---|
| 45 | struct cond_av_list { |
|---|
| 46 | struct avtab_node **nodes; |
|---|
| 47 | u32 len; |
|---|
| 48 | }; |
|---|
| 49 | |
|---|
| 50 | /* |
|---|
| 51 | * A cond node represents a conditional block in a policy. It |
|---|
| 52 | * contains a conditional expression, the current state of the expression, |
|---|
| 53 | * two lists of rules to enable/disable depending on the value of the |
|---|
| 54 | * expression (the true list corresponds to if and the false list corresponds |
|---|
| 55 | * to else).. |
|---|
| 56 | */ |
|---|
| 57 | struct cond_node { |
|---|
| 58 | int cur_state; |
|---|
| 59 | struct cond_expr expr; |
|---|
| 60 | struct cond_av_list true_list; |
|---|
| 61 | struct cond_av_list false_list; |
|---|
| 62 | }; |
|---|
| 63 | |
|---|
| 64 | void cond_policydb_init(struct policydb *p); |
|---|
| 65 | void cond_policydb_destroy(struct policydb *p); |
|---|
| 66 | |
|---|
| 67 | int cond_init_bool_indexes(struct policydb *p); |
|---|
| 68 | int cond_destroy_bool(void *key, void *datum, void *p); |
|---|
| 69 | |
|---|
| 70 | int cond_index_bool(void *key, void *datum, void *datap); |
|---|
| 71 | |
|---|
| 72 | int cond_read_bool(struct policydb *p, struct symtab *s, void *fp); |
|---|
| 73 | int cond_read_list(struct policydb *p, void *fp); |
|---|
| 74 | int cond_write_bool(void *key, void *datum, void *ptr); |
|---|
| 75 | int cond_write_list(struct policydb *p, void *fp); |
|---|
| 76 | |
|---|
| 77 | void cond_compute_av(struct avtab *ctab, struct avtab_key *key, |
|---|
| 78 | struct av_decision *avd, struct extended_perms *xperms); |
|---|
| 79 | void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, |
|---|
| 80 | struct extended_perms_decision *xpermd); |
|---|
| 81 | void evaluate_cond_nodes(struct policydb *p); |
|---|
| 82 | void cond_policydb_destroy_dup(struct policydb *p); |
|---|
| 83 | int cond_policydb_dup(struct policydb *new, struct policydb *orig); |
|---|
| 84 | |
|---|
| 85 | #endif /* _CONDITIONAL_H_ */ |
|---|
| 86 | |
|---|
