1 files changed, 61 insertions, 50 deletions

diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 5fdcb6696bcc..850b3453f259 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -6,45 +6,45 @@
  * table is used to represent the type enforcement
  * tables.
  *
- *  Author : Stephen Smalley, <sds@tycho.nsa.gov>
+ *  Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
  */
 
-/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
- *
- * 	Added conditional policy language extensions
- *
- * Copyright (C) 2003 Tresys Technology, LLC
+/* Updated: Frank Mayer <mayerf@tresys.com> and
+ *          Karl MacMillan <kmacmillan@tresys.com>
+ *          Added conditional policy language extensions
+ *          Copyright (C) 2003 Tresys Technology, LLC
  *
  * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
- * 	Tuned number of hash slots for avtab to reduce memory usage
+ *          Tuned number of hash slots for avtab to reduce memory usage
  */
+
 #ifndef _SS_AVTAB_H_
 #define _SS_AVTAB_H_
 
 #include "security.h"
 
 struct avtab_key {
-	u16 source_type;	/* source type */
-	u16 target_type;	/* target type */
-	u16 target_class;	/* target object class */
-#define AVTAB_ALLOWED		0x0001
-#define AVTAB_AUDITALLOW	0x0002
-#define AVTAB_AUDITDENY		0x0004
-#define AVTAB_AV		(AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
-#define AVTAB_TRANSITION	0x0010
-#define AVTAB_MEMBER		0x0020
-#define AVTAB_CHANGE		0x0040
-#define AVTAB_TYPE		(AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
+	u16 source_type; /* source type */
+	u16 target_type; /* target type */
+	u16 target_class; /* target object class */
+#define AVTAB_ALLOWED	 0x0001
+#define AVTAB_AUDITALLOW 0x0002
+#define AVTAB_AUDITDENY	 0x0004
+#define AVTAB_AV	 (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY)
+#define AVTAB_TRANSITION 0x0010
+#define AVTAB_MEMBER	 0x0020
+#define AVTAB_CHANGE	 0x0040
+#define AVTAB_TYPE	 (AVTAB_TRANSITION | AVTAB_MEMBER | AVTAB_CHANGE)
 /* extended permissions */
 #define AVTAB_XPERMS_ALLOWED	0x0100
-#define AVTAB_XPERMS_AUDITALLOW	0x0200
+#define AVTAB_XPERMS_AUDITALLOW 0x0200
 #define AVTAB_XPERMS_DONTAUDIT	0x0400
-#define AVTAB_XPERMS		(AVTAB_XPERMS_ALLOWED | \
-				AVTAB_XPERMS_AUDITALLOW | \
-				AVTAB_XPERMS_DONTAUDIT)
-#define AVTAB_ENABLED_OLD   0x80000000 /* reserved for used in cond_avtab */
-#define AVTAB_ENABLED		0x8000 /* reserved for used in cond_avtab */
-	u16 specified;	/* what field is specified */
+#define AVTAB_XPERMS                                      \
+	(AVTAB_XPERMS_ALLOWED | AVTAB_XPERMS_AUDITALLOW | \
+	 AVTAB_XPERMS_DONTAUDIT)
+#define AVTAB_ENABLED_OLD 0x80000000 /* reserved for used in cond_avtab */
+#define AVTAB_ENABLED	  0x8000 /* reserved for used in cond_avtab */
+	u16 specified; /* what field is specified */
 };
 
 /*
@@ -55,6 +55,7 @@ struct avtab_extended_perms {
 /* These are not flags. All 256 values may be used */
 #define AVTAB_XPERMS_IOCTLFUNCTION	0x01
 #define AVTAB_XPERMS_IOCTLDRIVER	0x02
+#define AVTAB_XPERMS_NLMSG		0x03
 	/* extension of the avtab_key specified */
 	u8 specified; /* ioctl, netfilter, ... */
 	/*
@@ -82,36 +83,46 @@ struct avtab_node {
 
 struct avtab {
 	struct avtab_node **htable;
-	u32 nel;	/* number of elements */
-	u32 nslot;      /* number of hash slots */
-	u32 mask;       /* mask to compute hash func */
+	u32 nel; /* number of elements */
+	u32 nslot; /* number of hash slots */
+	u32 mask; /* mask to compute hash func */
 };
 
 void avtab_init(struct avtab *h);
-int avtab_alloc(struct avtab *, u32);
-struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k);
+int avtab_alloc(struct avtab *h, u32 nrules);
+int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
 void avtab_destroy(struct avtab *h);
-void avtab_hash_eval(struct avtab *h, char *tag);
-
-struct policydb;
-int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
-		    int (*insert)(struct avtab *a, struct avtab_key *k,
-				  struct avtab_datum *d, void *p),
-		    void *p);
 
-int avtab_read(struct avtab *a, void *fp, struct policydb *pol);
-int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp);
-int avtab_write(struct policydb *p, struct avtab *a, void *fp);
-
-struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_key *key,
-					  struct avtab_datum *datum);
-
-struct avtab_node *avtab_search_node(struct avtab *h, struct avtab_key *key);
-
-struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
-
-#define MAX_AVTAB_HASH_BITS 16
+#define MAX_AVTAB_HASH_BITS    16
 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
 
-#endif	/* _SS_AVTAB_H_ */
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
+void avtab_hash_eval(struct avtab *h, const char *tag);
+#else
+static inline void avtab_hash_eval(struct avtab *h, const char *tag)
+{
+}
+#endif
 
+struct policydb;
+struct policy_file;
+int avtab_read_item(struct avtab *a, struct policy_file *fp, struct policydb *pol,
+		    int (*insert)(struct avtab *a, const struct avtab_key *k,
+				  const struct avtab_datum *d, void *p),
+		    void *p, bool conditional);
+
+int avtab_read(struct avtab *a, struct policy_file *fp, struct policydb *pol);
+int avtab_write_item(struct policydb *p, const struct avtab_node *cur,
+		     struct policy_file *fp);
+int avtab_write(struct policydb *p, struct avtab *a, struct policy_file *fp);
+
+struct avtab_node *avtab_insert_nonunique(struct avtab *h,
+					  const struct avtab_key *key,
+					  const struct avtab_datum *datum);
+
+struct avtab_node *avtab_search_node(struct avtab *h,
+				     const struct avtab_key *key);
+struct avtab_node *avtab_search_node_next(struct avtab_node *node,
+					  u16 specified);
+
+#endif /* _SS_AVTAB_H_ */