• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #pragma once
2 
3 #include <stdbool.h>
4 #include <sys/types.h>
5 
6 #include <selinux/context.h>
7 #include <selinux/selinux.h>
8 
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 
13 // Context files (file_contexts, service_contexts, etc) may be spread over
14 // multiple partitions: system, apex, system_ext, product, vendor and/or odm.
15 #define MAX_CONTEXT_PATHS 6
16 // The maximum number of alternatives for a file on one partition.
17 #define MAX_ALT_CONTEXT_PATHS 2
18 typedef struct path_alts {
19 	const char *paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS];
20 } path_alts_t;
21 
22 /* Within each set of files, adds the first file that is accessible to `paths`.
23  * Returns the number of accessible files. */
24 size_t find_existing_files(
25 	const path_alts_t *path_sets,
26 	const char *paths[MAX_CONTEXT_PATHS]);
27 
28 /* Converts an array of file paths into an array of options for selabel_open.
29  * opts must be at least as large as paths. */
30 void paths_to_opts(
31 	const char* paths[MAX_CONTEXT_PATHS],
32 	size_t npaths,
33 	struct selinux_opt* const opts);
34 
35 /* Initialize a backend using the specified options. Ensure that any error is
36  * reported to the android logging facility */
37 struct selabel_handle* initialize_backend(
38 	unsigned int backend,
39 	const char* name,
40 	const struct selinux_opt* opts,
41 	size_t nopts);
42 
43 /* Initialize a backend using a set of context paths */
44 struct selabel_handle* context_handle(
45 		unsigned int backend,
46 		const path_alts_t *context_paths,
47 		const char* name);
48 
49 /* The kind of request when looking up an seapp_context. */
50 enum seapp_kind {
51 	/* Returns the SELinux type for the app data directory */
52 	SEAPP_TYPE,
53 	/* Returns the SELinux type for the app process */
54 	SEAPP_DOMAIN
55 };
56 
57 /* Search an app (or its data) based on its name and information within the list
58  * of known seapp_contexts. If found, sets the type and categories of ctx and
59  * returns 0. Returns -1 in case of error; -2 for out of memory */
60 int seapp_context_lookup(enum seapp_kind kind,
61 				uid_t uid,
62 				bool isSystemServer,
63 				const char *seinfo,
64 				const char *pkgname,
65 				context_t ctx);
66 
67 /* Similar to seapp_context_lookup, but does not implicitly load and use the
68  * default context files. It should only be used for unit tests. */
69 int seapp_context_lookup_internal(enum seapp_kind kind,
70 				uid_t uid,
71 				bool isSystemServer,
72 				const char *seinfo,
73 				const char *pkgname,
74 				context_t ctx);
75 
76 /* Which categories should be associated to the process */
77 enum levelFrom {
78 	/* None */
79 	LEVELFROM_NONE,
80 	/* The categories of the application */
81 	LEVELFROM_APP,
82 	/* The categories of the end-user */
83 	LEVELFROM_USER,
84 	/* Application and end-user */
85 	LEVELFROM_ALL
86 };
87 
88 /* Sets the categories of ctx based on the level request */
89 int set_range_from_level(context_t ctx, enum levelFrom levelFrom, uid_t userid, uid_t appid);
90 
91 /* Similar to seapp_context_reload, but does not implicitly load the default
92  * context files. It should only be used for unit tests. */
93 int seapp_context_reload_internal(const path_alts_t *context_paths);
94 #ifdef __cplusplus
95 }
96 #endif
97