fxr.watson.org: sys/contrib/xen/xsm/flask

FreeBSD/Linux Kernel Cross Reference
sys/contrib/xen/xsm/flask_op.h

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /* 2 * This file contains the flask_op hypercall commands and definitions. 3 * 4 * Author: George Coker, <gscoker@alpha.ncsc.mil> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to 8 * deal in the Software without restriction, including without limitation the 9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 * sell copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 * DEALINGS IN THE SOFTWARE. 23 */ 24 25 #ifndef __FLASK_OP_H__ 26 #define __FLASK_OP_H__ 27 28 #include "../event_channel.h" 29 30 #define XEN_FLASK_INTERFACE_VERSION 1 31 32 struct xen_flask_load { 33 XEN_GUEST_HANDLE(char) buffer; 34 uint32_t size; 35 }; 36 typedef struct xen_flask_load xen_flask_load_t; 37 38 struct xen_flask_setenforce { 39 uint32_t enforcing; 40 }; 41 typedef struct xen_flask_setenforce xen_flask_setenforce_t; 42 43 struct xen_flask_sid_context { 44 /* IN/OUT: sid to convert to/from string */ 45 uint32_t sid; 46 /* IN: size of the context buffer 47 * OUT: actual size of the output context string 48 */ 49 uint32_t size; 50 XEN_GUEST_HANDLE(char) context; 51 }; 52 typedef struct xen_flask_sid_context xen_flask_sid_context_t; 53 54 struct xen_flask_access { 55 /* IN: access request */ 56 uint32_t ssid; 57 uint32_t tsid; 58 uint32_t tclass; 59 uint32_t req; 60 /* OUT: AVC data */ 61 uint32_t allowed; 62 uint32_t audit_allow; 63 uint32_t audit_deny; 64 uint32_t seqno; 65 }; 66 typedef struct xen_flask_access xen_flask_access_t; 67 68 struct xen_flask_transition { 69 /* IN: transition SIDs and class */ 70 uint32_t ssid; 71 uint32_t tsid; 72 uint32_t tclass; 73 /* OUT: new SID */ 74 uint32_t newsid; 75 }; 76 typedef struct xen_flask_transition xen_flask_transition_t; 77 78 #if __XEN_INTERFACE_VERSION__ < 0x00040800 79 struct xen_flask_userlist { 80 /* IN: starting SID for list */ 81 uint32_t start_sid; 82 /* IN: size of user string and output buffer 83 * OUT: number of SIDs returned */ 84 uint32_t size; 85 union { 86 /* IN: user to enumerate SIDs */ 87 XEN_GUEST_HANDLE(char) user; 88 /* OUT: SID list */ 89 XEN_GUEST_HANDLE(uint32) sids; 90 } u; 91 }; 92 #endif 93 94 struct xen_flask_boolean { 95 /* IN/OUT: numeric identifier for boolean [GET/SET] 96 * If -1, name will be used and bool_id will be filled in. */ 97 uint32_t bool_id; 98 /* OUT: current enforcing value of boolean [GET/SET] */ 99 uint8_t enforcing; 100 /* OUT: pending value of boolean [GET/SET] */ 101 uint8_t pending; 102 /* IN: new value of boolean [SET] */ 103 uint8_t new_value; 104 /* IN: commit new value instead of only setting pending [SET] */ 105 uint8_t commit; 106 /* IN: size of boolean name buffer [GET/SET] 107 * OUT: actual size of name [GET only] */ 108 uint32_t size; 109 /* IN: if bool_id is -1, used to find boolean [GET/SET] 110 * OUT: textual name of boolean [GET only] 111 */ 112 XEN_GUEST_HANDLE(char) name; 113 }; 114 typedef struct xen_flask_boolean xen_flask_boolean_t; 115 116 struct xen_flask_setavc_threshold { 117 /* IN */ 118 uint32_t threshold; 119 }; 120 typedef struct xen_flask_setavc_threshold xen_flask_setavc_threshold_t; 121 122 struct xen_flask_hash_stats { 123 /* OUT */ 124 uint32_t entries; 125 uint32_t buckets_used; 126 uint32_t buckets_total; 127 uint32_t max_chain_len; 128 }; 129 typedef struct xen_flask_hash_stats xen_flask_hash_stats_t; 130 131 struct xen_flask_cache_stats { 132 /* IN */ 133 uint32_t cpu; 134 /* OUT */ 135 uint32_t lookups; 136 uint32_t hits; 137 uint32_t misses; 138 uint32_t allocations; 139 uint32_t reclaims; 140 uint32_t frees; 141 }; 142 typedef struct xen_flask_cache_stats xen_flask_cache_stats_t; 143 144 struct xen_flask_ocontext { 145 /* IN */ 146 uint32_t ocon; 147 uint32_t sid; 148 uint64_t low, high; 149 }; 150 typedef struct xen_flask_ocontext xen_flask_ocontext_t; 151 152 struct xen_flask_peersid { 153 /* IN */ 154 evtchn_port_t evtchn; 155 /* OUT */ 156 uint32_t sid; 157 }; 158 typedef struct xen_flask_peersid xen_flask_peersid_t; 159 160 struct xen_flask_relabel { 161 /* IN */ 162 uint32_t domid; 163 uint32_t sid; 164 }; 165 typedef struct xen_flask_relabel xen_flask_relabel_t; 166 167 struct xen_flask_devicetree_label { 168 /* IN */ 169 uint32_t sid; 170 uint32_t length; 171 XEN_GUEST_HANDLE(char) path; 172 }; 173 typedef struct xen_flask_devicetree_label xen_flask_devicetree_label_t; 174 175 struct xen_flask_op { 176 uint32_t cmd; 177 #define FLASK_LOAD 1 178 #define FLASK_GETENFORCE 2 179 #define FLASK_SETENFORCE 3 180 #define FLASK_CONTEXT_TO_SID 4 181 #define FLASK_SID_TO_CONTEXT 5 182 #define FLASK_ACCESS 6 183 #define FLASK_CREATE 7 184 #define FLASK_RELABEL 8 185 #define FLASK_USER 9 /* No longer implemented */ 186 #define FLASK_POLICYVERS 10 187 #define FLASK_GETBOOL 11 188 #define FLASK_SETBOOL 12 189 #define FLASK_COMMITBOOLS 13 190 #define FLASK_MLS 14 191 #define FLASK_DISABLE 15 /* No longer implemented */ 192 #define FLASK_GETAVC_THRESHOLD 16 193 #define FLASK_SETAVC_THRESHOLD 17 194 #define FLASK_AVC_HASHSTATS 18 195 #define FLASK_AVC_CACHESTATS 19 196 #define FLASK_MEMBER 20 197 #define FLASK_ADD_OCONTEXT 21 198 #define FLASK_DEL_OCONTEXT 22 199 #define FLASK_GET_PEER_SID 23 200 #define FLASK_RELABEL_DOMAIN 24 201 #define FLASK_DEVICETREE_LABEL 25 202 uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */ 203 union { 204 xen_flask_load_t load; 205 xen_flask_setenforce_t enforce; 206 /* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */ 207 xen_flask_sid_context_t sid_context; 208 xen_flask_access_t access; 209 /* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */ 210 xen_flask_transition_t transition; 211 #if __XEN_INTERFACE_VERSION__ < 0x00040800 212 struct xen_flask_userlist userlist; 213 #endif 214 /* FLASK_GETBOOL, FLASK_SETBOOL */ 215 xen_flask_boolean_t boolean; 216 xen_flask_setavc_threshold_t setavc_threshold; 217 xen_flask_hash_stats_t hash_stats; 218 xen_flask_cache_stats_t cache_stats; 219 /* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */ 220 xen_flask_ocontext_t ocontext; 221 xen_flask_peersid_t peersid; 222 xen_flask_relabel_t relabel; 223 xen_flask_devicetree_label_t devicetree_label; 224 } u; 225 }; 226 typedef struct xen_flask_op xen_flask_op_t; 227 DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t); 228 229 #endif

Cache object: ec6fe0a97ed3161b6931645a011de114

FreeBSD/Linux Kernel Cross Reference sys/contrib/xen/xsm/flask_op.h

FreeBSD/Linux Kernel Cross Reference
sys/contrib/xen/xsm/flask_op.h