1 /* Authors: Joshua Brindle <jbrindle@tresys.com> 2 * Jason Tang <jtang@tresys.com> 3 * 4 * Copyright (C) 2005 Tresys Technology, LLC 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21 #ifndef _SEMANAGE_MODULES_H_ 22 #define _SEMANAGE_MODULES_H_ 23 24 #include <stddef.h> 25 #include <stdint.h> 26 #include <semanage/handle.h> 27 #include <sys/types.h> 28 29 typedef struct semanage_module_key semanage_module_key_t; 30 31 /* High level module management functions. These are all part of 32 * a transaction 33 */ 34 35 extern int semanage_module_install(semanage_handle_t *, 36 char *module_data, size_t data_len, const char *name, const char *ext_lang); 37 extern int semanage_module_install_file(semanage_handle_t *, 38 const char *module_name); 39 extern int semanage_module_remove(semanage_handle_t *, char *module_name); 40 41 /* semanage_module_info is for getting information on installed 42 modules, only name at this time */ 43 typedef struct semanage_module_info semanage_module_info_t; 44 45 /* Look up a module using @modkey. The module's raw data is returned as a 46 * @mapped_data blob and size of the mapped_data is returned as @data_len. 47 * @modinfo contains additional information which can be used by the caller such 48 * as the high level language extension of @mapped_data. 49 * 50 * On success, the caller is responsible for unmapping @mapped_data with munmap(), 51 * destroying @modinfo with semanage_module_info_destroy(), and freeing @modinfo. 52 * 53 * Returns 0 on success and -1 on error. 54 */ 55 extern int semanage_module_extract(semanage_handle_t *sh, 56 semanage_module_key_t *modkey, 57 int extract_cil, 58 void **mapped_data, 59 size_t *data_len, 60 semanage_module_info_t **modinfo); 61 extern int semanage_module_list(semanage_handle_t *, 62 semanage_module_info_t **, int *num_modules); 63 extern void semanage_module_info_datum_destroy(semanage_module_info_t *); 64 extern semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list, 65 int n); 66 extern const char *semanage_module_get_name(semanage_module_info_t *); 67 68 /* Module Info */ 69 70 /* Creates a module info struct. 71 * 72 * Returns 0 on success and -1 on failure. 73 * 74 * The @modinfo should be destroyed with semanage_module_info_destroy. 75 * The caller should call free() on the struct. 76 */ 77 extern int semanage_module_info_create(semanage_handle_t *sh, 78 semanage_module_info_t **modinfo); 79 80 /* Frees the members of the module info struct. 81 * 82 * Returns 0 on success and -1 on failure. 83 * 84 * The caller should call free() on the struct. 85 */ 86 extern int semanage_module_info_destroy(semanage_handle_t *handle, 87 semanage_module_info_t *modinfo); 88 89 /* Module Info Getters */ 90 91 /* Get @priority from @modinfo. 92 * 93 * Returns 0 on success and -1 on error. 94 */ 95 extern int semanage_module_info_get_priority(semanage_handle_t *sh, 96 semanage_module_info_t *modinfo, 97 uint16_t *priority); 98 99 /* Get @name from @modinfo. Caller should not free @name. 100 * 101 * Returns 0 on success and -1 on error. 102 */ 103 extern int semanage_module_info_get_name(semanage_handle_t *sh, 104 semanage_module_info_t *modinfo, 105 const char **name); 106 107 /* Get @lang_ext from @modinfo. Caller should not free @lang_ext. 108 * 109 * Returns 0 on success and -1 on error. 110 */ 111 extern int semanage_module_info_get_lang_ext(semanage_handle_t *sh, 112 semanage_module_info_t *modinfo, 113 const char **lang_ext); 114 115 /* Get @enabled from @modinfo. 116 * 117 * Returns 0 on success and -1 on error. 118 */ 119 extern int semanage_module_info_get_enabled(semanage_handle_t *sh, 120 semanage_module_info_t *modinfo, 121 int *enabled); 122 123 /* Module Info Setters */ 124 125 /* Set @priority in @modinfo. 126 * 127 * Returns 0 on success and -1 on error. 128 */ 129 extern int semanage_module_info_set_priority(semanage_handle_t *sh, 130 semanage_module_info_t *modinfo, 131 uint16_t priority); 132 133 /* Set @name in @modinfo. 134 * 135 * Returns 0 on success and -1 on error. 136 */ 137 extern int semanage_module_info_set_name(semanage_handle_t *sh, 138 semanage_module_info_t *modinfo, 139 const char *name); 140 141 /* Set @lang_ext in @modinfo. 142 * 143 * Returns 0 on success and -1 on error. 144 */ 145 extern int semanage_module_info_set_lang_ext(semanage_handle_t *sh, 146 semanage_module_info_t *modinfo, 147 const char *lang_ext); 148 149 /* Set @enabled in @modinfo. 150 * 151 * Returns 0 on success and -1 on error. 152 */ 153 extern int semanage_module_info_set_enabled(semanage_handle_t *sh, 154 semanage_module_info_t *modinfo, 155 int enabled); 156 157 /* Module Key */ 158 159 /* Creates a module key struct. 160 * 161 * Return 0 on success, and -1 on error. 162 * 163 * The @modkey should be destroyed with semanage_module_key_destroy. 164 * The caller should call free() on the struct. 165 */ 166 extern int semanage_module_key_create(semanage_handle_t *sh, 167 semanage_module_key_t **modkey); 168 169 /* Frees members of the @modkey, but not the struct. The caller should 170 * call free() on struct. 171 * 172 * Returns 0 on success, and -1 on error. 173 */ 174 extern int semanage_module_key_destroy(semanage_handle_t *sh, 175 semanage_module_key_t *modkey); 176 177 /* Module Key Getters */ 178 179 /* Get @name from @modkey. Caller should not free @name. 180 * 181 * Returns 0 on success and -1 on error. 182 */ 183 extern int semanage_module_key_get_name(semanage_handle_t *sh, 184 semanage_module_key_t *modkey, 185 const char **name); 186 187 /* Get @name from @modkey. 188 * 189 * Returns 0 on success and -1 on error. 190 */ 191 extern int semanage_module_key_get_priority(semanage_handle_t *sh, 192 semanage_module_key_t *modkey, 193 uint16_t *priority); 194 195 /* Module Key Setters */ 196 197 /* Set @name in @modkey. 198 * 199 * Returns 0 on success and -1 on error. 200 */ 201 extern int semanage_module_key_set_name(semanage_handle_t *sh, 202 semanage_module_key_t *modkey, 203 const char *name); 204 205 /* Set @priority in @modkey. 206 * 207 * Returns 0 on success and -1 on error. 208 */ 209 extern int semanage_module_key_set_priority(semanage_handle_t *sh, 210 semanage_module_key_t *modkey, 211 uint16_t priority); 212 213 /* Set module @enabled status from @modkey. Modules are enabled on a per 214 * module name basis (across all priorities). @modkey only needs to have 215 * name set (priority is ignored). 216 * 217 * Returns 0 on success and -1 on error. 218 */ 219 extern int semanage_module_set_enabled(semanage_handle_t *sh, 220 const semanage_module_key_t *modkey, 221 int enabled); 222 223 /* Lookup @modinfo by @modkey. Caller should use 224 * semanage_module_info_destroy and free on @modinfo. 225 * 226 * Returns 0 on success and -1 on error. 227 */ 228 extern int semanage_module_get_module_info(semanage_handle_t *sh, 229 const semanage_module_key_t *modkey, 230 semanage_module_info_t **modinfo); 231 232 /* Create a list of all modules in @modinfos of length @modinfos_len. 233 * The list will be sorted from high priority to low and alphabetically 234 * by module name within a priority. 235 * 236 * Caller should use semanage_module_info_destroy on each modinfo in 237 * @modinfos and free on @modinfos. 238 * 239 * Returns 0 on success and -1 on error. 240 */ 241 extern int semanage_module_list_all(semanage_handle_t *sh, 242 semanage_module_info_t **modinfos, 243 int *modinfos_len); 244 245 /* Install the module indicated by @modinfo with input data from 246 * @module_data with length @data_len. 247 * 248 * @modinfo must have all values filled in. 249 * @module_data may be bzip compressed. 250 * 251 * Returns: 252 * 0 success 253 * -1 failure, out of memory 254 * -2 failure, invalid @modinfo 255 * -3 failure, error writing file 256 */ 257 extern int semanage_module_install_info(semanage_handle_t *sh, 258 const semanage_module_info_t *modinfo, 259 char *data, 260 size_t data_len); 261 262 /* Remove the module indicated by @modkey. 263 * @modkey must have key values filled in. 264 * 265 * Returns: 266 * 0 success 267 * -1 failure, out of memory 268 * -2 failure, @module not found or couldn't be removed 269 */ 270 extern int semanage_module_remove_key(semanage_handle_t *sh, 271 const semanage_module_key_t *modkey); 272 273 /* Module Enabled */ 274 275 /* Get module @enabled status from @modkey. Modules are enabled on a per 276 * module name basis (across all priorities). @modkey only needs to have 277 * name set (priority is ignored). 278 * 279 * Returns 0 on success and -1 on error. 280 */ 281 extern int semanage_module_get_enabled(semanage_handle_t *sh, 282 const semanage_module_key_t *modkey, 283 int *enabled); 284 285 /* Compute checksum for @modkey module contents. 286 * 287 * If @checksum is NULL, the function will just return the length of the 288 * checksum string in @checksum_len (checksum strings are guaranteed to 289 * have a fixed length for a given libsemanage binary). @modkey and @cil 290 * are ignored in this case and should be set to NULL and 0 (respectively). 291 * 292 * If @checksum is non-NULL, on success, @checksum will point to a buffer 293 * containing the checksum string and @checksum_len will point to the 294 * length of the string (without the null terminator). The semantics of 295 * @cil are the same as for @extract_cil in semanage_module_extract(). 296 * 297 * The caller is responsible to free the buffer returned in @checksum (using 298 * free(3)). 299 * 300 * Callers may assume that if the checksum strings for two modules match, 301 * the module content is the same (collisions are theoretically possible, 302 * yet extremely unlikely). 303 * 304 * Returns 0 on success and -1 on error. 305 */ 306 extern int semanage_module_compute_checksum(semanage_handle_t *sh, 307 semanage_module_key_t *modkey, 308 int cil, char **checksum, 309 size_t *checksum_len); 310 311 #endif 312