| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* Authors: Karl MacMillan <kmacmillan@tresys.com> |
| 2 | * Frank Mayer <mayerf@tresys.com> |
| 3 | * |
| 4 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
| 5 | * This program is free software; you can redistribute it and/or modify |
| 6 | * it under the terms of the GNU General Public License as published by |
| 7 | * the Free Software Foundation, version 2. |
| 8 | */ |
| 9 | |
| 10 | #ifndef _CONDITIONAL_H_ |
| 11 | #define _CONDITIONAL_H_ |
| 12 | |
| 13 | #include "avtab.h" |
| 14 | #include "symtab.h" |
| 15 | #include "policydb.h" |
| 16 | |
| 17 | #define COND_EXPR_MAXDEPTH 10 |
| 18 | |
| 19 | /* |
| 20 | * A conditional expression is a list of operators and operands |
| 21 | * in reverse polish notation. |
| 22 | */ |
| 23 | struct cond_expr { |
| 24 | #define COND_BOOL 1 /* plain bool */ |
| 25 | #define COND_NOT 2 /* !bool */ |
| 26 | #define COND_OR 3 /* bool || bool */ |
| 27 | #define COND_AND 4 /* bool && bool */ |
| 28 | #define COND_XOR 5 /* bool ^ bool */ |
| 29 | #define COND_EQ 6 /* bool == bool */ |
| 30 | #define COND_NEQ 7 /* bool != bool */ |
| Vesa-Matti Kari | 421fae0 | 2008-08-06 18:24:51 +0300 | [diff] [blame] | 31 | #define COND_LAST COND_NEQ |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 32 | __u32 expr_type; |
| 33 | __u32 bool; |
| 34 | struct cond_expr *next; |
| 35 | }; |
| 36 | |
| 37 | /* |
| 38 | * Each cond_node contains a list of rules to be enabled/disabled |
| 39 | * depending on the current value of the conditional expression. This |
| 40 | * struct is for that list. |
| 41 | */ |
| 42 | struct cond_av_list { |
| 43 | struct avtab_node *node; |
| 44 | struct cond_av_list *next; |
| 45 | }; |
| 46 | |
| 47 | /* |
| 48 | * A cond node represents a conditional block in a policy. It |
| 49 | * contains a conditional expression, the current state of the expression, |
| 50 | * two lists of rules to enable/disable depending on the value of the |
| 51 | * expression (the true list corresponds to if and the false list corresponds |
| 52 | * to else).. |
| 53 | */ |
| 54 | struct cond_node { |
| 55 | int cur_state; |
| 56 | struct cond_expr *expr; |
| 57 | struct cond_av_list *true_list; |
| 58 | struct cond_av_list *false_list; |
| 59 | struct cond_node *next; |
| 60 | }; |
| 61 | |
| Eric Paris | ccb3cbe | 2008-04-22 17:46:12 -0400 | [diff] [blame] | 62 | int cond_policydb_init(struct policydb *p); |
| 63 | void cond_policydb_destroy(struct policydb *p); |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 64 | |
| Eric Paris | ccb3cbe | 2008-04-22 17:46:12 -0400 | [diff] [blame] | 65 | int cond_init_bool_indexes(struct policydb *p); |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 66 | int cond_destroy_bool(void *key, void *datum, void *p); |
| 67 | |
| 68 | int cond_index_bool(void *key, void *datum, void *datap); |
| 69 | |
| 70 | int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp); |
| 71 | int cond_read_list(struct policydb *p, void *fp); |
| 72 | |
| 73 | void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd); |
| 74 | |
| 75 | int evaluate_cond_node(struct policydb *p, struct cond_node *node); |
| 76 | |
| 77 | #endif /* _CONDITIONAL_H_ */ |