1 /* 2 * Copyright (c) 2021 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef BASE_STARTUP_PARAM_SECURITY_H 17 #define BASE_STARTUP_PARAM_SECURITY_H 18 #include <stdint.h> 19 #ifndef __LINUX__ 20 #include <sys/socket.h> 21 #endif 22 #include <sys/types.h> 23 #ifdef PARAM_SUPPORT_SELINUX 24 #include "selinux_parameter.h" 25 #endif 26 27 #include "beget_ext.h" 28 29 #ifdef __cplusplus 30 #if __cplusplus 31 extern "C" { 32 #endif 33 #endif 34 35 #define DAC_GROUP_START 3 36 #define DAC_OTHER_START 6 37 #define DAC_READ 0x0100 // 4 38 #define DAC_WRITE 0x0080 // 2 39 #define DAC_WATCH 0x0040 // 1 40 #define DAC_ALL_PERMISSION 0777 41 42 #define LABEL_ALL_PERMISSION 0x04 43 #define LABEL_CHECK_IN_ALL_PROCESS 0x02 44 #define LABEL_INIT_FOR_INIT 0x01 45 46 #define SELINUX_CONTENT_LEN 64 47 #define SYS_UID_INDEX 1000 48 49 #define DAC_RESULT_PERMISSION 0 50 51 typedef struct UserCred { 52 pid_t pid; 53 uid_t uid; 54 gid_t gid; 55 } UserCred; 56 57 typedef enum { 58 PARAM_SECURITY_DAC = 0, 59 #ifdef PARAM_SUPPORT_SELINUX 60 PARAM_SECURITY_SELINUX, 61 #endif 62 PARAM_SECURITY_MAX 63 } ParamSecurityType; 64 65 typedef struct { 66 int32_t sockFd; 67 UserCred cred; 68 uint32_t flags[PARAM_SECURITY_MAX]; 69 } ParamSecurityLabel; 70 71 typedef struct { 72 pid_t pid; 73 uid_t uid; 74 gid_t gid; 75 uint16_t mode; 76 uint8_t paramType; 77 } ParamDacData; 78 79 typedef struct { 80 ParamDacData dacData; 81 const char *name; 82 #ifdef PARAM_SUPPORT_SELINUX 83 char label[SELINUX_CONTENT_LEN]; 84 #endif 85 } ParamAuditData; 86 87 typedef struct { 88 char name[10]; 89 int (*securityInitLabel)(ParamSecurityLabel *label, int isInit); 90 int (*securityGetLabel)(const char *path); 91 int (*securityCheckFilePermission)(const ParamSecurityLabel *label, const char *fileName, int flags); 92 int (*securityCheckParamPermission)(const ParamSecurityLabel *srcLabel, const char *name, uint32_t mode); 93 int (*securityFreeLabel)(ParamSecurityLabel *srcLabel); 94 } ParamSecurityOps; 95 96 typedef int (*RegisterSecurityOpsPtr)(ParamSecurityOps *ops, int isInit); 97 typedef struct SelinuxSpace_ { 98 void *selinuxHandle; 99 #ifdef PARAM_SUPPORT_SELINUX 100 void (*setSelinuxLogCallback)(void); 101 int (*setParamCheck)(const char *paraName, const char *destContext, const SrcInfo *info); 102 const char *(*getParamLabel)(const char *paraName); 103 int (*initParamSelinux)(void); 104 int (*readParamCheck)(const char *paraName); 105 ParamContextsList *(*getParamList)(void); 106 void (*destroyParamList)(ParamContextsList **list); 107 #endif 108 } SelinuxSpace; 109 #ifdef PARAM_SUPPORT_SELINUX 110 INIT_LOCAL_API int RegisterSecuritySelinuxOps(ParamSecurityOps *ops, int isInit); 111 #endif 112 113 INIT_LOCAL_API ParamSecurityOps *GetParamSecurityOps(int type); 114 INIT_LOCAL_API void LoadGroupUser(void); 115 INIT_LOCAL_API int RegisterSecurityDacOps(ParamSecurityOps *ops, int isInit); 116 INIT_LOCAL_API int RegisterSecurityOps(int onlyRead); 117 118 #ifdef __cplusplus 119 #if __cplusplus 120 } 121 #endif 122 #endif 123 #endif // BASE_STARTUP_PARAM_SECURITY_H 124