• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Author: Joshua Brindle <jbrindle@tresys.com>
2  *         Jason Tang     <jtang@tresys.com>
3  *         Ivan Gyurdiev  <ivg2@cornell.edu>
4  *
5  * Copyright (C) 2005 Tresys Technology, LLC
6  * Copyright (C) 2005 Red Hat Inc.
7  *
8  *  This library is free software; you can redistribute it and/or
9  *  modify it under the terms of the GNU Lesser General Public
10  *  License as published by the Free Software Foundation; either
11  *  version 2.1 of the License, or (at your option) any later version.
12  *
13  *  This library is distributed in the hope that it will be useful,
14  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
15  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  *  Lesser General Public License for more details.
17  *
18  *  You should have received a copy of the GNU Lesser General Public
19  *  License along with this library; if not, write to the Free Software
20  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
21  */
22 
23 #ifndef _SEMANAGE_INTERNAL_HANDLE_H_
24 #define _SEMANAGE_INTERNAL_HANDLE_H_
25 
26 #include <stdint.h>
27 #include <stddef.h>
28 #include "handle_internal.h"
29 #include <sepol/handle.h>
30 #include "modules.h"
31 #include "semanage_conf.h"
32 #include "database.h"
33 #include "direct_api.h"
34 #include "policy.h"
35 
36 struct semanage_handle {
37 	int con_id;		/* Connection ID */
38 
39 	/* Error handling */
40 	int msg_level;
41 	const char *msg_channel;
42 	const char *msg_fname;
43 #ifdef __GNUC__
44 	__attribute__ ((format(printf, 3, 4)))
45 #endif
46 	void (*msg_callback) (void *varg,
47 			      semanage_handle_t * handle, const char *fmt, ...);
48 	void *msg_callback_arg;
49 
50 	/* Direct vs Server specific handle */
51 	union {
52 		struct semanage_direct_handle direct;
53 	} u;
54 
55 	/* Libsepol handle */
56 	sepol_handle_t *sepolh;
57 
58 	semanage_conf_t *conf;
59 
60 	uint16_t priority;
61 	int is_connected;
62 	int is_in_transaction;
63 	int do_reload;		/* whether to reload policy after commit */
64 	int do_rebuild;		/* whether to rebuild policy if there were no changes */
65 	int commit_err;		/* set by semanage_direct_commit() if there are
66 				 * any errors when building or committing the
67 				 * sandbox to kernel policy at /etc/selinux
68 				 */
69 	int modules_modified;
70 	int create_store;	/* whether to create the store if it does not exist
71 				 * this will only have an effect on direct connections */
72 	int do_check_contexts;	/* whether to run setfiles check the file contexts file */
73 
74 	/* This timeout is used for transactions and waiting for lock
75 	   -1 means wait indefinetely
76 	   0 means return immediately
77 	   >0 means wait that many seconds */
78 	int timeout;
79 
80 	/* these function pointers will point to the appropriate
81 	 * routine given the connection type.  think of these as
82 	 * simulating polymorphism for non-OO languages. */
83 	struct semanage_policy_table *funcs;
84 
85 	/* Object databases */
86 #define DBASE_COUNT      24
87 
88 /* Local modifications */
89 #define DBASE_LOCAL_USERS_BASE  0
90 #define DBASE_LOCAL_USERS_EXTRA 1
91 #define DBASE_LOCAL_USERS       2
92 #define DBASE_LOCAL_PORTS       3
93 #define DBASE_LOCAL_INTERFACES  4
94 #define DBASE_LOCAL_BOOLEANS    5
95 #define DBASE_LOCAL_FCONTEXTS	6
96 #define DBASE_LOCAL_SEUSERS     7
97 #define DBASE_LOCAL_NODES       8
98 #define DBASE_LOCAL_IBPKEYS     9
99 #define DBASE_LOCAL_IBENDPORTS  10
100 
101 /* Policy + Local modifications */
102 #define DBASE_POLICY_USERS_BASE  11
103 #define DBASE_POLICY_USERS_EXTRA 12
104 #define DBASE_POLICY_USERS       13
105 #define DBASE_POLICY_PORTS       14
106 #define DBASE_POLICY_INTERFACES  15
107 #define DBASE_POLICY_BOOLEANS    16
108 #define DBASE_POLICY_FCONTEXTS   17
109 #define DBASE_POLICY_FCONTEXTS_H 18
110 #define DBASE_POLICY_SEUSERS     19
111 #define DBASE_POLICY_NODES       20
112 #define DBASE_POLICY_IBPKEYS     21
113 #define DBASE_POLICY_IBENDPORTS  22
114 
115 /* Active kernel policy */
116 #define DBASE_ACTIVE_BOOLEANS    23
117 	dbase_config_t dbase[DBASE_COUNT];
118 };
119 
120 /* === Local modifications === */
121 static inline
semanage_user_base_dbase_local(semanage_handle_t * handle)122     dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle)
123 {
124 	return &handle->dbase[DBASE_LOCAL_USERS_BASE];
125 }
126 
127 static inline
semanage_user_extra_dbase_local(semanage_handle_t * handle)128     dbase_config_t * semanage_user_extra_dbase_local(semanage_handle_t * handle)
129 {
130 	return &handle->dbase[DBASE_LOCAL_USERS_EXTRA];
131 }
132 
133 static inline
semanage_user_dbase_local(semanage_handle_t * handle)134     dbase_config_t * semanage_user_dbase_local(semanage_handle_t * handle)
135 {
136 	return &handle->dbase[DBASE_LOCAL_USERS];
137 }
138 
139 static inline
semanage_port_dbase_local(semanage_handle_t * handle)140     dbase_config_t * semanage_port_dbase_local(semanage_handle_t * handle)
141 {
142 	return &handle->dbase[DBASE_LOCAL_PORTS];
143 }
144 
145 static inline
semanage_ibpkey_dbase_local(semanage_handle_t * handle)146     dbase_config_t * semanage_ibpkey_dbase_local(semanage_handle_t * handle)
147 {
148 	return &handle->dbase[DBASE_LOCAL_IBPKEYS];
149 }
150 
151 static inline
semanage_ibendport_dbase_local(semanage_handle_t * handle)152     dbase_config_t * semanage_ibendport_dbase_local(semanage_handle_t * handle)
153 {
154 	return &handle->dbase[DBASE_LOCAL_IBENDPORTS];
155 }
156 
157 static inline
semanage_iface_dbase_local(semanage_handle_t * handle)158     dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle)
159 {
160 	return &handle->dbase[DBASE_LOCAL_INTERFACES];
161 }
162 
163 static inline
semanage_bool_dbase_local(semanage_handle_t * handle)164     dbase_config_t * semanage_bool_dbase_local(semanage_handle_t * handle)
165 {
166 	return &handle->dbase[DBASE_LOCAL_BOOLEANS];
167 }
168 
169 static inline
semanage_fcontext_dbase_local(semanage_handle_t * handle)170     dbase_config_t * semanage_fcontext_dbase_local(semanage_handle_t * handle)
171 {
172 	return &handle->dbase[DBASE_LOCAL_FCONTEXTS];
173 }
174 
175 static inline
semanage_seuser_dbase_local(semanage_handle_t * handle)176     dbase_config_t * semanage_seuser_dbase_local(semanage_handle_t * handle)
177 {
178 	return &handle->dbase[DBASE_LOCAL_SEUSERS];
179 }
180 
181 static inline
semanage_node_dbase_local(semanage_handle_t * handle)182     dbase_config_t * semanage_node_dbase_local(semanage_handle_t * handle)
183 {
184 	return &handle->dbase[DBASE_LOCAL_NODES];
185 }
186 
187 /* === Policy + Local modifications === */
188 static inline
semanage_user_base_dbase_policy(semanage_handle_t * handle)189     dbase_config_t * semanage_user_base_dbase_policy(semanage_handle_t * handle)
190 {
191 	return &handle->dbase[DBASE_POLICY_USERS_BASE];
192 }
193 
194 static inline
semanage_user_extra_dbase_policy(semanage_handle_t * handle)195     dbase_config_t * semanage_user_extra_dbase_policy(semanage_handle_t *
196 						      handle)
197 {
198 	return &handle->dbase[DBASE_POLICY_USERS_EXTRA];
199 }
200 
201 static inline
semanage_user_dbase_policy(semanage_handle_t * handle)202     dbase_config_t * semanage_user_dbase_policy(semanage_handle_t * handle)
203 {
204 	return &handle->dbase[DBASE_POLICY_USERS];
205 }
206 
207 static inline
semanage_port_dbase_policy(semanage_handle_t * handle)208     dbase_config_t * semanage_port_dbase_policy(semanage_handle_t * handle)
209 {
210 	return &handle->dbase[DBASE_POLICY_PORTS];
211 }
212 
213 static inline
semanage_ibpkey_dbase_policy(semanage_handle_t * handle)214     dbase_config_t * semanage_ibpkey_dbase_policy(semanage_handle_t * handle)
215 {
216 	return &handle->dbase[DBASE_POLICY_IBPKEYS];
217 }
218 
219 static inline
semanage_ibendport_dbase_policy(semanage_handle_t * handle)220     dbase_config_t * semanage_ibendport_dbase_policy(semanage_handle_t * handle)
221 {
222 	return &handle->dbase[DBASE_POLICY_IBENDPORTS];
223 }
224 
225 static inline
semanage_iface_dbase_policy(semanage_handle_t * handle)226     dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle)
227 {
228 	return &handle->dbase[DBASE_POLICY_INTERFACES];
229 }
230 
231 static inline
semanage_bool_dbase_policy(semanage_handle_t * handle)232     dbase_config_t * semanage_bool_dbase_policy(semanage_handle_t * handle)
233 {
234 	return &handle->dbase[DBASE_POLICY_BOOLEANS];
235 }
236 
237 static inline
semanage_fcontext_dbase_policy(semanage_handle_t * handle)238     dbase_config_t * semanage_fcontext_dbase_policy(semanage_handle_t * handle)
239 {
240 	return &handle->dbase[DBASE_POLICY_FCONTEXTS];
241 }
242 
243 static inline
semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)244     dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
245 {
246 	return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
247 }
248 
249 static inline
semanage_seuser_dbase_policy(semanage_handle_t * handle)250     dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
251 {
252 	return &handle->dbase[DBASE_POLICY_SEUSERS];
253 }
254 
255 static inline
semanage_node_dbase_policy(semanage_handle_t * handle)256     dbase_config_t * semanage_node_dbase_policy(semanage_handle_t * handle)
257 {
258 	return &handle->dbase[DBASE_POLICY_NODES];
259 }
260 
261 /* === Active kernel policy === */
262 static inline
semanage_bool_dbase_active(semanage_handle_t * handle)263     dbase_config_t * semanage_bool_dbase_active(semanage_handle_t * handle)
264 {
265 	return &handle->dbase[DBASE_ACTIVE_BOOLEANS];
266 }
267 
268 #endif
269