| 1 |
62 |
marcus.erl |
/* Authors: Karl MacMillan <kmacmillan@tresys.com>
|
| 2 |
|
|
* Frank Mayer <mayerf@tresys.com>
|
| 3 |
|
|
*
|
| 4 |
|
|
* Copyright (C) 2003 - 2004 Tresys Technology, LLC
|
| 5 |
|
|
* This program is free software; you can redistribute it and/or modify
|
| 6 |
|
|
* it under the terms of the GNU General Public License as published by
|
| 7 |
|
|
* the Free Software Foundation, version 2.
|
| 8 |
|
|
*/
|
| 9 |
|
|
|
| 10 |
|
|
#ifndef _CONDITIONAL_H_
|
| 11 |
|
|
#define _CONDITIONAL_H_
|
| 12 |
|
|
|
| 13 |
|
|
#include "avtab.h"
|
| 14 |
|
|
#include "symtab.h"
|
| 15 |
|
|
#include "policydb.h"
|
| 16 |
|
|
|
| 17 |
|
|
#define COND_EXPR_MAXDEPTH 10
|
| 18 |
|
|
|
| 19 |
|
|
/*
|
| 20 |
|
|
* A conditional expression is a list of operators and operands
|
| 21 |
|
|
* in reverse polish notation.
|
| 22 |
|
|
*/
|
| 23 |
|
|
struct cond_expr {
|
| 24 |
|
|
#define COND_BOOL 1 /* plain bool */
|
| 25 |
|
|
#define COND_NOT 2 /* !bool */
|
| 26 |
|
|
#define COND_OR 3 /* bool || bool */
|
| 27 |
|
|
#define COND_AND 4 /* bool && bool */
|
| 28 |
|
|
#define COND_XOR 5 /* bool ^ bool */
|
| 29 |
|
|
#define COND_EQ 6 /* bool == bool */
|
| 30 |
|
|
#define COND_NEQ 7 /* bool != bool */
|
| 31 |
|
|
#define COND_LAST 8
|
| 32 |
|
|
__u32 expr_type;
|
| 33 |
|
|
__u32 bool;
|
| 34 |
|
|
struct cond_expr *next;
|
| 35 |
|
|
};
|
| 36 |
|
|
|
| 37 |
|
|
/*
|
| 38 |
|
|
* Each cond_node contains a list of rules to be enabled/disabled
|
| 39 |
|
|
* depending on the current value of the conditional expression. This
|
| 40 |
|
|
* struct is for that list.
|
| 41 |
|
|
*/
|
| 42 |
|
|
struct cond_av_list {
|
| 43 |
|
|
struct avtab_node *node;
|
| 44 |
|
|
struct cond_av_list *next;
|
| 45 |
|
|
};
|
| 46 |
|
|
|
| 47 |
|
|
/*
|
| 48 |
|
|
* A cond node represents a conditional block in a policy. It
|
| 49 |
|
|
* contains a conditional expression, the current state of the expression,
|
| 50 |
|
|
* two lists of rules to enable/disable depending on the value of the
|
| 51 |
|
|
* expression (the true list corresponds to if and the false list corresponds
|
| 52 |
|
|
* to else)..
|
| 53 |
|
|
*/
|
| 54 |
|
|
struct cond_node {
|
| 55 |
|
|
int cur_state;
|
| 56 |
|
|
struct cond_expr *expr;
|
| 57 |
|
|
struct cond_av_list *true_list;
|
| 58 |
|
|
struct cond_av_list *false_list;
|
| 59 |
|
|
struct cond_node *next;
|
| 60 |
|
|
};
|
| 61 |
|
|
|
| 62 |
|
|
int cond_policydb_init(struct policydb* p);
|
| 63 |
|
|
void cond_policydb_destroy(struct policydb* p);
|
| 64 |
|
|
|
| 65 |
|
|
int cond_init_bool_indexes(struct policydb* p);
|
| 66 |
|
|
int cond_destroy_bool(void *key, void *datum, void *p);
|
| 67 |
|
|
|
| 68 |
|
|
int cond_index_bool(void *key, void *datum, void *datap);
|
| 69 |
|
|
|
| 70 |
|
|
int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
|
| 71 |
|
|
int cond_read_list(struct policydb *p, void *fp);
|
| 72 |
|
|
|
| 73 |
|
|
void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd);
|
| 74 |
|
|
|
| 75 |
|
|
int evaluate_cond_node(struct policydb *p, struct cond_node *node);
|
| 76 |
|
|
|
| 77 |
|
|
#endif /* _CONDITIONAL_H_ */
|
