2 * This file contains the flask_op hypercall commands and definitions.
4 * Author: George Coker, <gscoker@alpha.ncsc.mil>
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
22 * DEALINGS IN THE SOFTWARE.
25 #ifndef __FLASK_OP_H__
26 #define __FLASK_OP_H__
28 #define XEN_FLASK_INTERFACE_VERSION 1
30 struct xen_flask_load {
31 XEN_GUEST_HANDLE(char) buffer;
35 struct xen_flask_setenforce {
39 struct xen_flask_sid_context {
40 /* IN/OUT: sid to convert to/from string */
42 /* IN: size of the context buffer
43 * OUT: actual size of the output context string
46 XEN_GUEST_HANDLE(char) context;
49 struct xen_flask_access {
50 /* IN: access request */
62 struct xen_flask_transition {
63 /* IN: transition SIDs and class */
71 struct xen_flask_userlist {
72 /* IN: starting SID for list */
74 /* IN: size of user string and output buffer
75 * OUT: number of SIDs returned */
78 /* IN: user to enumerate SIDs */
79 XEN_GUEST_HANDLE(char) user;
81 XEN_GUEST_HANDLE(uint32) sids;
85 struct xen_flask_boolean {
86 /* IN/OUT: numeric identifier for boolean [GET/SET]
87 * If -1, name will be used and bool_id will be filled in. */
89 /* OUT: current enforcing value of boolean [GET/SET] */
91 /* OUT: pending value of boolean [GET/SET] */
93 /* IN: new value of boolean [SET] */
95 /* IN: commit new value instead of only setting pending [SET] */
97 /* IN: size of boolean name buffer [GET/SET]
98 * OUT: actual size of name [GET only] */
100 /* IN: if bool_id is -1, used to find boolean [GET/SET]
101 * OUT: textual name of boolean [GET only]
103 XEN_GUEST_HANDLE(char) name;
106 struct xen_flask_setavc_threshold {
111 struct xen_flask_hash_stats {
114 uint32_t buckets_used;
115 uint32_t buckets_total;
116 uint32_t max_chain_len;
119 struct xen_flask_cache_stats {
126 uint32_t allocations;
131 struct xen_flask_ocontext {
138 struct xen_flask_peersid {
140 evtchn_port_t evtchn;
145 struct xen_flask_op {
148 #define FLASK_GETENFORCE 2
149 #define FLASK_SETENFORCE 3
150 #define FLASK_CONTEXT_TO_SID 4
151 #define FLASK_SID_TO_CONTEXT 5
152 #define FLASK_ACCESS 6
153 #define FLASK_CREATE 7
154 #define FLASK_RELABEL 8
156 #define FLASK_POLICYVERS 10
157 #define FLASK_GETBOOL 11
158 #define FLASK_SETBOOL 12
159 #define FLASK_COMMITBOOLS 13
161 #define FLASK_DISABLE 15
162 #define FLASK_GETAVC_THRESHOLD 16
163 #define FLASK_SETAVC_THRESHOLD 17
164 #define FLASK_AVC_HASHSTATS 18
165 #define FLASK_AVC_CACHESTATS 19
166 #define FLASK_MEMBER 20
167 #define FLASK_ADD_OCONTEXT 21
168 #define FLASK_DEL_OCONTEXT 22
169 #define FLASK_GET_PEER_SID 23
170 uint32_t interface_version; /* XEN_FLASK_INTERFACE_VERSION */
172 struct xen_flask_load load;
173 struct xen_flask_setenforce enforce;
174 /* FLASK_CONTEXT_TO_SID and FLASK_SID_TO_CONTEXT */
175 struct xen_flask_sid_context sid_context;
176 struct xen_flask_access access;
177 /* FLASK_CREATE, FLASK_RELABEL, FLASK_MEMBER */
178 struct xen_flask_transition transition;
179 struct xen_flask_userlist userlist;
180 /* FLASK_GETBOOL, FLASK_SETBOOL */
181 struct xen_flask_boolean boolean;
182 struct xen_flask_setavc_threshold setavc_threshold;
183 struct xen_flask_hash_stats hash_stats;
184 struct xen_flask_cache_stats cache_stats;
185 /* FLASK_ADD_OCONTEXT, FLASK_DEL_OCONTEXT */
186 struct xen_flask_ocontext ocontext;
187 struct xen_flask_peersid peersid;
190 typedef struct xen_flask_op xen_flask_op_t;
191 DEFINE_XEN_GUEST_HANDLE(xen_flask_op_t);