1 | /* SPDX-License-Identifier: GPL-2.0-only */ |
2 | /* Authors: Karl MacMillan <kmacmillan@tresys.com> |
3 | * Frank Mayer <mayerf@tresys.com> |
4 | * |
5 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
6 | */ |
7 | |
8 | #ifndef _CONDITIONAL_H_ |
9 | #define _CONDITIONAL_H_ |
10 | |
11 | #include "avtab.h" |
12 | #include "symtab.h" |
13 | #include "policydb.h" |
14 | #include "../include/conditional.h" |
15 | |
16 | #define COND_EXPR_MAXDEPTH 10 |
17 | |
18 | /* |
19 | * A conditional expression is a list of operators and operands |
20 | * in reverse polish notation. |
21 | */ |
22 | struct cond_expr_node { |
23 | #define COND_BOOL 1 /* plain bool */ |
24 | #define COND_NOT 2 /* !bool */ |
25 | #define COND_OR 3 /* bool || bool */ |
26 | #define COND_AND 4 /* bool && bool */ |
27 | #define COND_XOR 5 /* bool ^ bool */ |
28 | #define COND_EQ 6 /* bool == bool */ |
29 | #define COND_NEQ 7 /* bool != bool */ |
30 | #define COND_LAST COND_NEQ |
31 | u32 expr_type; |
32 | u32 boolean; |
33 | }; |
34 | |
35 | struct cond_expr { |
36 | struct cond_expr_node *nodes; |
37 | u32 len; |
38 | }; |
39 | |
40 | /* |
41 | * Each cond_node contains a list of rules to be enabled/disabled |
42 | * depending on the current value of the conditional expression. This |
43 | * struct is for that list. |
44 | */ |
45 | struct cond_av_list { |
46 | struct avtab_node **nodes; |
47 | u32 len; |
48 | }; |
49 | |
50 | /* |
51 | * A cond node represents a conditional block in a policy. It |
52 | * contains a conditional expression, the current state of the expression, |
53 | * two lists of rules to enable/disable depending on the value of the |
54 | * expression (the true list corresponds to if and the false list corresponds |
55 | * to else).. |
56 | */ |
57 | struct cond_node { |
58 | int cur_state; |
59 | struct cond_expr expr; |
60 | struct cond_av_list true_list; |
61 | struct cond_av_list false_list; |
62 | }; |
63 | |
64 | void cond_policydb_init(struct policydb *p); |
65 | void cond_policydb_destroy(struct policydb *p); |
66 | |
67 | int cond_init_bool_indexes(struct policydb *p); |
68 | int cond_destroy_bool(void *key, void *datum, void *p); |
69 | |
70 | int cond_index_bool(void *key, void *datum, void *datap); |
71 | |
72 | int cond_read_bool(struct policydb *p, struct symtab *s, void *fp); |
73 | int cond_read_list(struct policydb *p, void *fp); |
74 | int cond_write_bool(void *key, void *datum, void *ptr); |
75 | int cond_write_list(struct policydb *p, void *fp); |
76 | |
77 | void cond_compute_av(struct avtab *ctab, struct avtab_key *key, |
78 | struct av_decision *avd, struct extended_perms *xperms); |
79 | void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, |
80 | struct extended_perms_decision *xpermd); |
81 | void evaluate_cond_nodes(struct policydb *p); |
82 | void cond_policydb_destroy_dup(struct policydb *p); |
83 | int cond_policydb_dup(struct policydb *new, struct policydb *orig); |
84 | |
85 | #endif /* _CONDITIONAL_H_ */ |
86 | |