fxr.watson.org: FREEBSD-12-0 sys/xen/interface/xsm/flask

FreeBSD/Linux Kernel Cross Reference
sys/xen/interface/xsm/flask_op.h

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /* 2 * This file contains the flask_op hypercall commands and definitions. 3 * 4 * Author: George Coker, <gscoker@alpha.ncsc.mil> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to 8 * deal in the Software without restriction, including without limitation the 9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 * sell copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 * DEALINGS IN THE SOFTWARE. 23 */ 24 25 #ifndef __FLASK_OP_H__ 26 #define __FLASK_OP_H__ 27 28 #include "../event_channel.h" 29 30 #define XEN_FLASK_INTERFACE_VERSION 1 31 32 struct xen_flask_load { 33 XEN_GUEST_HANDLE(char) buffer; 34 uint32_t size; 35 }; 36 37 struct xen_flask_setenforce { 38 uint32_t enforcing; 39 }; 40 41 struct xen_flask_sid_context { 42 /* IN/OUT: sid to convert to/from string */ 43 uint32_t sid; 44 /* IN: size of the context buffer 45 * OUT: actual size of the output context string 46 */ 47 uint32_t size; 48 XEN_GUEST_HANDLE(char) context; 49 }; 50 51 struct xen_flask_access { 52 /* IN: access request */ 53 uint32_t ssid; 54 uint32_t tsid; 55 uint32_t tclass; 56 uint32_t req; 57 /* OUT: AVC data */ 58 uint32_t allowed; 59 uint32_t audit_allow; 60 uint32_t audit_deny; 61 uint32_t seqno; 62 }; 63 64 struct xen_flask_transition { 65 /* IN: transition SIDs and class */ 66 uint32_t ssid; 67 uint32_t tsid; 68 uint32_t tclass; 69 /* OUT: new SID */ 70 uint32_t newsid; 71 }; 72 73 struct xen_flask_userlist { 74 /* IN: starting SID for list */ 75 uint32_t start_sid; 76 /* IN: size of user string and output buffer 77 * OUT: number of SIDs returned */ 78 uint32_t size; 79 union { 80 /* IN: user to enumerate SIDs */ 81 XEN_GUEST_HANDLE(char) user; 82 /* OUT: SID list */ 83 XEN_GUEST_HANDLE(uint32) sids; 84 } u; 85 }; 86 87 struct xen_flask_boolean { 88 /* IN/OUT: numeric identifier for boolean [GET/SET] 89 * If -1, name will be used and bool_id will be filled in. */ 90 uint32_t bool_id; 91 /* OUT: current enforcing value of boolean [GET/SET] */ 92 uint8_t enforcing; 93 /* OUT: pending value of boolean [GET/SET] */ 94 uint8_t pending; 95 /* IN: new value of boolean [SET] */ 96 uint8_t new_value; 97 /* IN: commit new value instead of only setting pending [SET] */ 98 uint8_t commit; 99 /* IN: size of boolean name buffer [GET/SET] 100 * OUT: actual size of name [GET only] */ 101 uint32_t size; 102 /* IN: if bool_id is -1, used to find boolean [GET/SET] 103 * OUT: textual name of boolean [GET only] 104 */ 105 XEN_GUEST_HANDLE(char) name; 106 }; 107 108 struct xen_flask_setavc_threshold { 109 /* IN */ 110 uint32_t threshold; 111 }; 112 113 struct xen_flask_hash_stats { 114 /* OUT */ 115 uint32_t entries; 116 uint32_t buckets_used; 117 uint32_t buckets_total; 118 uint32_t max_chain_len; 119 }; 120 121 struct xen_flask_cache_stats { 122 /* IN */ 123 uint32_t cpu; 124 /* OUT */ 125 uint32_t lookups; 126 uint32_t hits; 127 uint32_t misses; 128 uint32_t allocations; 129 uint32_t reclaims; 130 uint32_t frees; 131 }; 132 133 struct xen_flask_ocontext { 134 /* IN */ 135 uint32_t ocon; 136 uint32_t sid; 137 uint64_t low, high; 138 }; 139 140 struct xen_flask_peersid { 141 /* IN */ 142 evtchn_port_t evtchn; 143 /* OUT */ 144 uint32_t sid; 145 }; 146 147 struct xen_flask_relabel { 148 /* IN */ 149 uint32_t domid; 150 uint32_t sid; 151 }; 152 153 struct xen_flask_devicetree_label { 154 /* IN */ 155 uint32_t sid; 156 uint32_t length; 157 XEN_GUEST_HANDLE(char) path; 158 }; 159 160 struct xen_flask_op { 161 uint32_t cmd; 162 #define FLASK_LOAD 1 163 #define FLASK_GETENFORCE 2 164 #define FLASK_SETENFORCE 3 165 #define FLASK_CONTEXT_TO_SID 4 166 #define FLASK_SID_TO_CONTEXT 5 167 #define FLASK_ACCESS 6 168 #define FLASK_CREATE 7 169 #define FLASK_RELABEL 8 170 #define FLASK_USER 9 171 #define FLASK_POLICYVERS 10 172 #define FLASK_GETBOOL 11 173 #define FLASK_SETBOOL 12 174 #define FLASK_COMMITBOOLS 13 175 #define FLASK_MLS 14 176 #define FLASK_DISABLE 15 177 #define FLASK_GETAVC_THRESHOLD 16 178 #define FLASK_SETAVC_THRESHOLD 17 179 #define FLASK_AVC_HASHSTATS 18 180 #define FLASK_AVC_CACHESTATS 19 181 #define FLASK_MEMBER 20 182 #define FLASK_ADD_OCONTEXT 21 183 #define FLASK_DEL_OCONTEXT 22 184 #define FLASK_GET_PEER_SID 23 185 #define FLASK_RELABEL_DOMAIN 24 186 #define FLASK_DEVICETREE_LABEL 25 187 uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */ 188 union { 189 struct xen_flask_load load; 190 struct xen_flask_setenforce enforce; 191 /* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */ 192 struct xen_flask_sid_context sid_context; 193 struct xen_flask_access access; 194 /* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */ 195 struct xen_flask_transition transition; 196 struct xen_flask_userlist userlist; 197 /* FLASK_GETBOOL, FLASK_SETBOOL */ 198 struct xen_flask_boolean boolean; 199 struct xen_flask_setavc_threshold setavc_threshold; 200 struct xen_flask_hash_stats hash_stats; 201 struct xen_flask_cache_stats cache_stats; 202 /* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */ 203 struct xen_flask_ocontext ocontext; 204 struct xen_flask_peersid peersid; 205 struct xen_flask_relabel relabel; 206 struct xen_flask_devicetree_label devicetree_label; 207 } u; 208 }; 209 typedef struct xen_flask_op xen_flask_op_t; 210 DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t); 211 212 #endif

Cache object: 10bd1eeb03f2015cb4216491619ac1e7

FreeBSD/Linux Kernel Cross Reference sys/xen/interface/xsm/flask_op.h

FreeBSD/Linux Kernel Cross Reference
sys/xen/interface/xsm/flask_op.h