Changeset View
Changeset View
Standalone View
Standalone View
sys/xen/interface/xsm/flask_op.h
Show All 27 Lines | |||||
#include "../event_channel.h" | #include "../event_channel.h" | ||||
#define XEN_FLASK_INTERFACE_VERSION 1 | #define XEN_FLASK_INTERFACE_VERSION 1 | ||||
struct xen_flask_load { | struct xen_flask_load { | ||||
XEN_GUEST_HANDLE(char) buffer; | XEN_GUEST_HANDLE(char) buffer; | ||||
uint32_t size; | uint32_t size; | ||||
}; | }; | ||||
typedef struct xen_flask_load xen_flask_load_t; | |||||
struct xen_flask_setenforce { | struct xen_flask_setenforce { | ||||
uint32_t enforcing; | uint32_t enforcing; | ||||
}; | }; | ||||
typedef struct xen_flask_setenforce xen_flask_setenforce_t; | |||||
struct xen_flask_sid_context { | struct xen_flask_sid_context { | ||||
/* IN/OUT: sid to convert to/from string */ | /* IN/OUT: sid to convert to/from string */ | ||||
uint32_t sid; | uint32_t sid; | ||||
/* IN: size of the context buffer | /* IN: size of the context buffer | ||||
* OUT: actual size of the output context string | * OUT: actual size of the output context string | ||||
*/ | */ | ||||
uint32_t size; | uint32_t size; | ||||
XEN_GUEST_HANDLE(char) context; | XEN_GUEST_HANDLE(char) context; | ||||
}; | }; | ||||
typedef struct xen_flask_sid_context xen_flask_sid_context_t; | |||||
struct xen_flask_access { | struct xen_flask_access { | ||||
/* IN: access request */ | /* IN: access request */ | ||||
uint32_t ssid; | uint32_t ssid; | ||||
uint32_t tsid; | uint32_t tsid; | ||||
uint32_t tclass; | uint32_t tclass; | ||||
uint32_t req; | uint32_t req; | ||||
/* OUT: AVC data */ | /* OUT: AVC data */ | ||||
uint32_t allowed; | uint32_t allowed; | ||||
uint32_t audit_allow; | uint32_t audit_allow; | ||||
uint32_t audit_deny; | uint32_t audit_deny; | ||||
uint32_t seqno; | uint32_t seqno; | ||||
}; | }; | ||||
typedef struct xen_flask_access xen_flask_access_t; | |||||
struct xen_flask_transition { | struct xen_flask_transition { | ||||
/* IN: transition SIDs and class */ | /* IN: transition SIDs and class */ | ||||
uint32_t ssid; | uint32_t ssid; | ||||
uint32_t tsid; | uint32_t tsid; | ||||
uint32_t tclass; | uint32_t tclass; | ||||
/* OUT: new SID */ | /* OUT: new SID */ | ||||
uint32_t newsid; | uint32_t newsid; | ||||
}; | }; | ||||
typedef struct xen_flask_transition xen_flask_transition_t; | |||||
#if __XEN_INTERFACE_VERSION__ < 0x00040800 | #if __XEN_INTERFACE_VERSION__ < 0x00040800 | ||||
struct xen_flask_userlist { | struct xen_flask_userlist { | ||||
/* IN: starting SID for list */ | /* IN: starting SID for list */ | ||||
uint32_t start_sid; | uint32_t start_sid; | ||||
/* IN: size of user string and output buffer | /* IN: size of user string and output buffer | ||||
* OUT: number of SIDs returned */ | * OUT: number of SIDs returned */ | ||||
uint32_t size; | uint32_t size; | ||||
Show All 21 Lines | struct xen_flask_boolean { | ||||
/* IN: size of boolean name buffer [GET/SET] | /* IN: size of boolean name buffer [GET/SET] | ||||
* OUT: actual size of name [GET only] */ | * OUT: actual size of name [GET only] */ | ||||
uint32_t size; | uint32_t size; | ||||
/* IN: if bool_id is -1, used to find boolean [GET/SET] | /* IN: if bool_id is -1, used to find boolean [GET/SET] | ||||
* OUT: textual name of boolean [GET only] | * OUT: textual name of boolean [GET only] | ||||
*/ | */ | ||||
XEN_GUEST_HANDLE(char) name; | XEN_GUEST_HANDLE(char) name; | ||||
}; | }; | ||||
typedef struct xen_flask_boolean xen_flask_boolean_t; | |||||
struct xen_flask_setavc_threshold { | struct xen_flask_setavc_threshold { | ||||
/* IN */ | /* IN */ | ||||
uint32_t threshold; | uint32_t threshold; | ||||
}; | }; | ||||
typedef struct xen_flask_setavc_threshold xen_flask_setavc_threshold_t; | |||||
struct xen_flask_hash_stats { | struct xen_flask_hash_stats { | ||||
/* OUT */ | /* OUT */ | ||||
uint32_t entries; | uint32_t entries; | ||||
uint32_t buckets_used; | uint32_t buckets_used; | ||||
uint32_t buckets_total; | uint32_t buckets_total; | ||||
uint32_t max_chain_len; | uint32_t max_chain_len; | ||||
}; | }; | ||||
typedef struct xen_flask_hash_stats xen_flask_hash_stats_t; | |||||
struct xen_flask_cache_stats { | struct xen_flask_cache_stats { | ||||
/* IN */ | /* IN */ | ||||
uint32_t cpu; | uint32_t cpu; | ||||
/* OUT */ | /* OUT */ | ||||
uint32_t lookups; | uint32_t lookups; | ||||
uint32_t hits; | uint32_t hits; | ||||
uint32_t misses; | uint32_t misses; | ||||
uint32_t allocations; | uint32_t allocations; | ||||
uint32_t reclaims; | uint32_t reclaims; | ||||
uint32_t frees; | uint32_t frees; | ||||
}; | }; | ||||
typedef struct xen_flask_cache_stats xen_flask_cache_stats_t; | |||||
struct xen_flask_ocontext { | struct xen_flask_ocontext { | ||||
/* IN */ | /* IN */ | ||||
uint32_t ocon; | uint32_t ocon; | ||||
uint32_t sid; | uint32_t sid; | ||||
uint64_t low, high; | uint64_t low, high; | ||||
}; | }; | ||||
typedef struct xen_flask_ocontext xen_flask_ocontext_t; | |||||
struct xen_flask_peersid { | struct xen_flask_peersid { | ||||
/* IN */ | /* IN */ | ||||
evtchn_port_t evtchn; | evtchn_port_t evtchn; | ||||
/* OUT */ | /* OUT */ | ||||
uint32_t sid; | uint32_t sid; | ||||
}; | }; | ||||
typedef struct xen_flask_peersid xen_flask_peersid_t; | |||||
struct xen_flask_relabel { | struct xen_flask_relabel { | ||||
/* IN */ | /* IN */ | ||||
uint32_t domid; | uint32_t domid; | ||||
uint32_t sid; | uint32_t sid; | ||||
}; | }; | ||||
typedef struct xen_flask_relabel xen_flask_relabel_t; | |||||
struct xen_flask_devicetree_label { | struct xen_flask_devicetree_label { | ||||
/* IN */ | /* IN */ | ||||
uint32_t sid; | uint32_t sid; | ||||
uint32_t length; | uint32_t length; | ||||
XEN_GUEST_HANDLE(char) path; | XEN_GUEST_HANDLE(char) path; | ||||
}; | }; | ||||
typedef struct xen_flask_devicetree_label xen_flask_devicetree_label_t; | |||||
struct xen_flask_op { | struct xen_flask_op { | ||||
uint32_t cmd; | uint32_t cmd; | ||||
#define FLASK_LOAD 1 | #define FLASK_LOAD 1 | ||||
#define FLASK_GETENFORCE 2 | #define FLASK_GETENFORCE 2 | ||||
#define FLASK_SETENFORCE 3 | #define FLASK_SETENFORCE 3 | ||||
#define FLASK_CONTEXT_TO_SID 4 | #define FLASK_CONTEXT_TO_SID 4 | ||||
#define FLASK_SID_TO_CONTEXT 5 | #define FLASK_SID_TO_CONTEXT 5 | ||||
Show All 14 Lines | |||||
#define FLASK_MEMBER 20 | #define FLASK_MEMBER 20 | ||||
#define FLASK_ADD_OCONTEXT 21 | #define FLASK_ADD_OCONTEXT 21 | ||||
#define FLASK_DEL_OCONTEXT 22 | #define FLASK_DEL_OCONTEXT 22 | ||||
#define FLASK_GET_PEER_SID 23 | #define FLASK_GET_PEER_SID 23 | ||||
#define FLASK_RELABEL_DOMAIN 24 | #define FLASK_RELABEL_DOMAIN 24 | ||||
#define FLASK_DEVICETREE_LABEL 25 | #define FLASK_DEVICETREE_LABEL 25 | ||||
uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */ | uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */ | ||||
union { | union { | ||||
struct xen_flask_load load; | xen_flask_load_t load; | ||||
struct xen_flask_setenforce enforce; | xen_flask_setenforce_t enforce; | ||||
/* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */ | /* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */ | ||||
struct xen_flask_sid_context sid_context; | xen_flask_sid_context_t sid_context; | ||||
struct xen_flask_access access; | xen_flask_access_t access; | ||||
/* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */ | /* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */ | ||||
struct xen_flask_transition transition; | xen_flask_transition_t transition; | ||||
#if __XEN_INTERFACE_VERSION__ < 0x00040800 | #if __XEN_INTERFACE_VERSION__ < 0x00040800 | ||||
struct xen_flask_userlist userlist; | struct xen_flask_userlist userlist; | ||||
#endif | #endif | ||||
/* FLASK_GETBOOL, FLASK_SETBOOL */ | /* FLASK_GETBOOL, FLASK_SETBOOL */ | ||||
struct xen_flask_boolean boolean; | xen_flask_boolean_t boolean; | ||||
struct xen_flask_setavc_threshold setavc_threshold; | xen_flask_setavc_threshold_t setavc_threshold; | ||||
struct xen_flask_hash_stats hash_stats; | xen_flask_hash_stats_t hash_stats; | ||||
struct xen_flask_cache_stats cache_stats; | xen_flask_cache_stats_t cache_stats; | ||||
/* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */ | /* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */ | ||||
struct xen_flask_ocontext ocontext; | xen_flask_ocontext_t ocontext; | ||||
struct xen_flask_peersid peersid; | xen_flask_peersid_t peersid; | ||||
struct xen_flask_relabel relabel; | xen_flask_relabel_t relabel; | ||||
struct xen_flask_devicetree_label devicetree_label; | xen_flask_devicetree_label_t devicetree_label; | ||||
} u; | } u; | ||||
}; | }; | ||||
typedef struct xen_flask_op xen_flask_op_t; | typedef struct xen_flask_op xen_flask_op_t; | ||||
DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t); | DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t); | ||||
#endif | #endif |