1 /* Authors: Joshua Brindle <jbrindle@tresys.com> 2 * Jason Tang <jtang@tresys.com> 3 * 4 * Copyright (C) 2005 Tresys Technology, LLC 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21 #ifndef _SEMANAGE_HANDLE_H_ 22 #define _SEMANAGE_HANDLE_H_ 23 24 #include <stdint.h> 25 26 /* All accesses with semanage are through a "semanage_handle". The 27 * handle may ultimately reference local config files, 28 * the binary policy file, a module store, or a policy management server. 29 */ 30 struct semanage_handle; 31 typedef struct semanage_handle semanage_handle_t; 32 33 /* Create and return a semanage handle. 34 The handle is initially in the disconnected state. */ 35 extern semanage_handle_t *semanage_handle_create(void); 36 37 /* Deallocate all space associated with a semanage_handle_t, including 38 * the pointer itself. CAUTION: this function does not disconnect 39 * from the backend; be sure that a semanage_disconnect() was 40 * previously called if the handle was connected. */ 41 extern void semanage_handle_destroy(semanage_handle_t *); 42 43 /* This is the type of connection to the store, for now only 44 * direct is supported */ 45 enum semanage_connect_type { 46 SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT, 47 SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE 48 }; 49 50 /* This function allows you to specify the store to connect to. 51 * It must be called after semanage_handle_create but before 52 * semanage_connect. The argument should be the full path to the store. 53 */ 54 extern void semanage_select_store(semanage_handle_t * handle, char *path, 55 enum semanage_connect_type storetype); 56 57 /* Just reload the policy */ 58 extern int semanage_reload_policy(semanage_handle_t * handle); 59 60 /* set whether to reload the policy or not after a commit, 61 * 1 for yes (default), 0 for no */ 62 extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); 63 64 /* set whether to rebuild the policy on commit, even if no 65 * changes were performed. 66 * 1 for yes, 0 for no (default) */ 67 extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); 68 69 /* set whether to rebuild the policy on commit when potential changes 70 * to store files since last rebuild are detected, 71 * 1 for yes (default), 0 for no */ 72 extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); 73 74 /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path 75 * corresponding to lang_ext. 76 * Upon success returns 0, -1 on error. */ 77 extern int semanage_get_hll_compiler_path(semanage_handle_t *sh, char *lang_ext, char **compiler_path); 78 79 /* create the store if it does not exist, this only has an effect on 80 * direct connections and must be called before semanage_connect 81 * 1 for yes, 0 for no (default) */ 82 extern void semanage_set_create_store(semanage_handle_t * handle, int create_store); 83 84 /*Get whether or not dontaudits will be disabled upon commit */ 85 extern int semanage_get_disable_dontaudit(semanage_handle_t * handle); 86 87 /* Set whether or not to disable dontaudits upon commit */ 88 extern void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit); 89 90 /* Set whether or not to execute setfiles to check file contexts upon commit */ 91 extern void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts); 92 93 /* Get the default priority. */ 94 extern uint16_t semanage_get_default_priority(semanage_handle_t *sh); 95 96 /* Set the default priority. */ 97 extern int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority); 98 99 /* Check whether policy is managed via libsemanage on this system. 100 * Must be called prior to trying to connect. 101 * Return 1 if policy is managed via libsemanage on this system, 102 * 0 if policy is not managed, or -1 on error. 103 */ 104 extern int semanage_is_managed(semanage_handle_t *); 105 106 /* "Connect" to a manager based on the configuration and 107 * associate the provided handle with the connection. 108 * If the connect fails then this function returns a negative value, 109 * else it returns zero. 110 */ 111 extern int semanage_connect(semanage_handle_t *); 112 113 /* Disconnect from the manager given by the handle. If already 114 * disconnected then this function does nothing. Return 0 if 115 * disconnected properly or already disconnected, negative value on 116 * error. */ 117 extern int semanage_disconnect(semanage_handle_t *); 118 119 /* Attempt to obtain a transaction lock on the manager. If another 120 * process has the lock then this function may block, depending upon 121 * the timeout value in the handle. 122 * 123 * Note that if the semanage_handle has not yet obtained a transaction 124 * lock whenever a writer function is called, there will be an 125 * implicit call to this function. */ 126 extern int semanage_begin_transaction(semanage_handle_t *); 127 128 /* Attempt to commit all changes since this transaction began. If the 129 * commit is successful then increment the "policy sequence number" 130 * and then release the transaction lock. Return that policy number 131 * afterwards, or -1 on error. 132 */ 133 extern int semanage_commit(semanage_handle_t *); 134 135 #define SEMANAGE_CAN_READ 1 136 #define SEMANAGE_CAN_WRITE 2 137 /* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable 138 * or writable, respectively. <0 if an error occurred */ 139 extern int semanage_access_check(semanage_handle_t * sh); 140 141 /* returns 0 if not connected, 1 if connected */ 142 extern int semanage_is_connected(semanage_handle_t * sh); 143 144 /* returns 1 if policy is MLS, 0 otherwise. */ 145 extern int semanage_mls_enabled(semanage_handle_t *sh); 146 147 /* Change to alternate semanage root path */ 148 extern int semanage_set_root(const char *path); 149 150 /* Get the current semanage root path */ 151 extern const char * semanage_root(void); 152 153 /* Get whether or not needless unused branch of tunables would be preserved */ 154 extern int semanage_get_preserve_tunables(semanage_handle_t * handle); 155 156 /* Set whether or not to preserve the needless unused branch of tunables */ 157 extern void semanage_set_preserve_tunables(semanage_handle_t * handle, int preserve_tunables); 158 159 /* Get the flag value for whether or not caching is ignored for compiled CIL modules from HLL files */ 160 extern int semanage_get_ignore_module_cache(semanage_handle_t *handle); 161 162 /* Set semanage_handle flag for whether or not to ignore caching of compiled CIL modules from HLL files */ 163 extern void semanage_set_ignore_module_cache(semanage_handle_t *handle, int ignore_module_cache); 164 165 /* set the store root path for semanage output files */ 166 extern void semanage_set_store_root(semanage_handle_t *sh, const char *store_root); 167 168 /* META NOTES 169 * 170 * For all functions a non-negative number indicates success. For some 171 * functions a >=0 returned value is the "policy sequence number". This 172 * number keeps tracks of policy revisions and is used to detect if 173 * one semanage client has committed policy changes while another is 174 * still connected. 175 */ 176 177 #endif 178