1 #include <stdlib.h>
2
3 #include "debug.h"
4 #include <sepol/policydb/policydb.h>
5 #include "policydb_internal.h"
6
7 /* Policy file interfaces. */
8
sepol_policy_file_create(sepol_policy_file_t ** pf)9 int sepol_policy_file_create(sepol_policy_file_t ** pf)
10 {
11 *pf = calloc(1, sizeof(sepol_policy_file_t));
12 if (!(*pf))
13 return -1;
14 return 0;
15 }
16
sepol_policy_file_set_mem(sepol_policy_file_t * spf,char * data,size_t len)17 void sepol_policy_file_set_mem(sepol_policy_file_t * spf,
18 char *data, size_t len)
19 {
20 struct policy_file *pf = &spf->pf;
21 if (!len) {
22 pf->type = PF_LEN;
23 return;
24 }
25 pf->type = PF_USE_MEMORY;
26 pf->data = data;
27 pf->len = len;
28 pf->size = len;
29 return;
30 }
31
sepol_policy_file_set_fp(sepol_policy_file_t * spf,FILE * fp)32 void sepol_policy_file_set_fp(sepol_policy_file_t * spf, FILE * fp)
33 {
34 struct policy_file *pf = &spf->pf;
35 pf->type = PF_USE_STDIO;
36 pf->fp = fp;
37 return;
38 }
39
sepol_policy_file_get_len(sepol_policy_file_t * spf,size_t * len)40 int sepol_policy_file_get_len(sepol_policy_file_t * spf, size_t * len)
41 {
42 struct policy_file *pf = &spf->pf;
43 if (pf->type != PF_LEN)
44 return -1;
45 *len = pf->len;
46 return 0;
47 }
48
sepol_policy_file_set_handle(sepol_policy_file_t * pf,sepol_handle_t * handle)49 void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
50 sepol_handle_t * handle)
51 {
52 pf->pf.handle = handle;
53 }
54
sepol_policy_file_free(sepol_policy_file_t * pf)55 void sepol_policy_file_free(sepol_policy_file_t * pf)
56 {
57 free(pf);
58 }
59
60 /* Policydb interfaces. */
61
sepol_policydb_create(sepol_policydb_t ** sp)62 int sepol_policydb_create(sepol_policydb_t ** sp)
63 {
64 policydb_t *p;
65 *sp = malloc(sizeof(sepol_policydb_t));
66 if (!(*sp))
67 return -1;
68 p = &(*sp)->p;
69 if (policydb_init(p)) {
70 free(*sp);
71 *sp = NULL;
72 return -1;
73 }
74 return 0;
75 }
76
77
sepol_policydb_free(sepol_policydb_t * p)78 void sepol_policydb_free(sepol_policydb_t * p)
79 {
80 if (!p)
81 return;
82 policydb_destroy(&p->p);
83 free(p);
84 }
85
86
sepol_policy_kern_vers_min(void)87 int sepol_policy_kern_vers_min(void)
88 {
89 return POLICYDB_VERSION_MIN;
90 }
91
sepol_policy_kern_vers_max(void)92 int sepol_policy_kern_vers_max(void)
93 {
94 return POLICYDB_VERSION_MAX;
95 }
96
sepol_policydb_set_typevers(sepol_policydb_t * sp,unsigned int type)97 int sepol_policydb_set_typevers(sepol_policydb_t * sp, unsigned int type)
98 {
99 struct policydb *p = &sp->p;
100 switch (type) {
101 case POLICY_KERN:
102 p->policyvers = POLICYDB_VERSION_MAX;
103 break;
104 case POLICY_BASE:
105 case POLICY_MOD:
106 p->policyvers = MOD_POLICYDB_VERSION_MAX;
107 break;
108 default:
109 return -1;
110 }
111 p->policy_type = type;
112 return 0;
113 }
114
sepol_policydb_set_vers(sepol_policydb_t * sp,unsigned int vers)115 int sepol_policydb_set_vers(sepol_policydb_t * sp, unsigned int vers)
116 {
117 struct policydb *p = &sp->p;
118 switch (p->policy_type) {
119 case POLICY_KERN:
120 if (vers < POLICYDB_VERSION_MIN || vers > POLICYDB_VERSION_MAX)
121 return -1;
122 break;
123 case POLICY_BASE:
124 case POLICY_MOD:
125 if (vers < MOD_POLICYDB_VERSION_MIN
126 || vers > MOD_POLICYDB_VERSION_MAX)
127 return -1;
128 break;
129 default:
130 return -1;
131 }
132 p->policyvers = vers;
133 return 0;
134 }
135
sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,unsigned int handle_unknown)136 int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
137 unsigned int handle_unknown)
138 {
139 struct policydb *p = &sp->p;
140
141 switch (handle_unknown) {
142 case SEPOL_DENY_UNKNOWN:
143 case SEPOL_REJECT_UNKNOWN:
144 case SEPOL_ALLOW_UNKNOWN:
145 break;
146 default:
147 return -1;
148 }
149
150 p->handle_unknown = handle_unknown;
151 return 0;
152 }
153
sepol_policydb_set_target_platform(sepol_policydb_t * sp,int target_platform)154 int sepol_policydb_set_target_platform(sepol_policydb_t * sp,
155 int target_platform)
156 {
157 struct policydb *p = &sp->p;
158
159 switch (target_platform) {
160 case SEPOL_TARGET_SELINUX:
161 case SEPOL_TARGET_XEN:
162 break;
163 default:
164 return -1;
165 }
166
167 p->target_platform = target_platform;
168 return 0;
169 }
170
sepol_policydb_optimize(sepol_policydb_t * p)171 int sepol_policydb_optimize(sepol_policydb_t * p)
172 {
173 return policydb_optimize(&p->p);
174 }
175
sepol_policydb_read(sepol_policydb_t * p,sepol_policy_file_t * pf)176 int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
177 {
178 return policydb_read(&p->p, &pf->pf, 0);
179 }
180
sepol_policydb_write(sepol_policydb_t * p,sepol_policy_file_t * pf)181 int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf)
182 {
183 return policydb_write(&p->p, &pf->pf);
184 }
185
sepol_policydb_from_image(sepol_handle_t * handle,void * data,size_t len,sepol_policydb_t * p)186 int sepol_policydb_from_image(sepol_handle_t * handle,
187 void *data, size_t len, sepol_policydb_t * p)
188 {
189 return policydb_from_image(handle, data, len, &p->p);
190 }
191
sepol_policydb_to_image(sepol_handle_t * handle,sepol_policydb_t * p,void ** newdata,size_t * newlen)192 int sepol_policydb_to_image(sepol_handle_t * handle,
193 sepol_policydb_t * p, void **newdata,
194 size_t * newlen)
195 {
196 return policydb_to_image(handle, &p->p, newdata, newlen);
197 }
198
sepol_policydb_mls_enabled(const sepol_policydb_t * p)199 int sepol_policydb_mls_enabled(const sepol_policydb_t * p)
200 {
201
202 return p->p.mls;
203 }
204
205 /*
206 * Enable compatibility mode for SELinux network checks iff
207 * the packet class is not defined in the policy.
208 */
209 #define PACKET_CLASS_NAME "packet"
sepol_policydb_compat_net(const sepol_policydb_t * p)210 int sepol_policydb_compat_net(const sepol_policydb_t * p)
211 {
212 return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) ==
213 NULL);
214 }
215