1 #ifndef _SEPOL_POLICYDB_H_ 2 #define _SEPOL_POLICYDB_H_ 3 4 #include <stddef.h> 5 #include <stdio.h> 6 7 #include <sepol/handle.h> 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 13 struct sepol_policy_file; 14 typedef struct sepol_policy_file sepol_policy_file_t; 15 16 struct sepol_policydb; 17 typedef struct sepol_policydb sepol_policydb_t; 18 19 /* Policy file public interfaces. */ 20 21 /* Create and free memory associated with a policy file. */ 22 extern int sepol_policy_file_create(sepol_policy_file_t ** pf); 23 extern void sepol_policy_file_free(sepol_policy_file_t * pf); 24 25 /* 26 * Set the policy file to represent a binary policy memory image. 27 * Subsequent operations using the policy file will read and write 28 * the image located at the specified address with the specified length. 29 * If 'len' is 0, then merely compute the necessary length upon 30 * subsequent policydb write operations in order to determine the 31 * necessary buffer size to allocate. 32 */ 33 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf, 34 char *data, size_t len); 35 36 /* 37 * Get the size of the buffer needed to store a policydb write 38 * previously done on this policy file. 39 */ 40 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len); 41 42 /* 43 * Set the policy file to represent a FILE. 44 * Subsequent operations using the policy file will read and write 45 * to the FILE. 46 */ 47 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp); 48 49 /* 50 * Associate a handle with a policy file, for use in 51 * error reporting from subsequent calls that take the 52 * policy file as an argument. 53 */ 54 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf, 55 sepol_handle_t * handle); 56 57 /* Policydb public interfaces. */ 58 59 /* Create and free memory associated with a policydb. */ 60 extern int sepol_policydb_create(sepol_policydb_t ** p); 61 extern void sepol_policydb_free(sepol_policydb_t * p); 62 63 /* Legal types of policies that the policydb can represent. */ 64 #define SEPOL_POLICY_KERN 0 65 #define SEPOL_POLICY_BASE 1 66 #define SEPOL_POLICY_MOD 2 67 68 /* 69 * Range of policy versions for the kernel policy type supported 70 * by this library. 71 */ 72 extern int sepol_policy_kern_vers_min(void); 73 extern int sepol_policy_kern_vers_max(void); 74 75 /* 76 * Set the policy type as specified, and automatically initialize the 77 * policy version accordingly to the maximum version supported for the 78 * policy type. 79 * Returns -1 if the policy type is not legal. 80 */ 81 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type); 82 83 /* 84 * Set the policy version to a different value. 85 * Returns -1 if the policy version is not in the supported range for 86 * the (previously set) policy type. 87 */ 88 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers); 89 90 /* Set how to handle unknown class/perms. */ 91 #define SEPOL_DENY_UNKNOWN 0 92 #define SEPOL_REJECT_UNKNOWN 2 93 #define SEPOL_ALLOW_UNKNOWN 4 94 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p, 95 unsigned int handle_unknown); 96 97 /* Set the target platform */ 98 #define SEPOL_TARGET_SELINUX 0 99 #define SEPOL_TARGET_XEN 1 100 extern int sepol_policydb_set_target_platform(sepol_policydb_t * p, 101 int target_platform); 102 103 /* 104 * Optimize the policy by removing redundant rules. 105 */ 106 extern int sepol_policydb_optimize(sepol_policydb_t * p); 107 108 /* 109 * Read a policydb from a policy file. 110 * This automatically sets the type and version based on the 111 * image contents. 112 */ 113 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf); 114 115 /* 116 * Write a policydb to a policy file. 117 * The generated image will be in the binary format corresponding 118 * to the policy version associated with the policydb. 119 */ 120 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf); 121 122 /* 123 * Extract a policydb from a binary policy memory image. 124 * This is equivalent to sepol_policydb_read with a policy file 125 * set to refer to memory. 126 */ 127 extern int sepol_policydb_from_image(sepol_handle_t * handle, 128 void *data, size_t len, 129 sepol_policydb_t * p); 130 131 /* 132 * Generate a binary policy memory image from a policydb. 133 * This is equivalent to sepol_policydb_write with a policy file 134 * set to refer to memory, but internally handles computing the 135 * necessary length and allocating an appropriately sized memory 136 * buffer for the caller. 137 */ 138 extern int sepol_policydb_to_image(sepol_handle_t * handle, 139 sepol_policydb_t * p, 140 void **newdata, size_t * newlen); 141 142 /* 143 * Check whether the policydb has MLS enabled. 144 */ 145 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p); 146 147 /* 148 * Check whether the compatibility mode for SELinux network 149 * checks should be enabled when using this policy. 150 */ 151 extern int sepol_policydb_compat_net(const sepol_policydb_t * p); 152 153 #ifdef __cplusplus 154 } 155 #endif 156 157 #endif 158