1 #ifndef _SELINUX_ANDROID_H_ 2 #define _SELINUX_ANDROID_H_ 3 4 #include <stdbool.h> 5 #include <sys/types.h> 6 #include <unistd.h> 7 8 #include <selinux/label.h> 9 10 #ifdef __cplusplus 11 extern "C" { 12 #endif 13 14 /* Returns the file context handle */ 15 extern struct selabel_handle* selinux_android_file_context_handle(void); 16 17 /* Returns the service context handle */ 18 extern struct selabel_handle* selinux_android_service_context_handle(void); 19 20 /* Returns the hardware service context handle */ 21 extern struct selabel_handle* selinux_android_hw_service_context_handle(void); 22 23 /* Returns the vendor service context handle */ 24 extern struct selabel_handle* selinux_android_vendor_service_context_handle(void); 25 26 /* Returns the keystore2 context handle */ 27 extern struct selabel_handle* selinux_android_keystore2_key_context_handle(void); 28 29 /* Sets the file context handle. Must be called using the output of 30 * selinux_android_file_context_handle. This function can be used to preload 31 * the file_contexts files and speed up later calls to 32 * selinux_android_restorecon and selinux_android_restorecon_pkgdir */ 33 extern void selinux_android_set_sehandle(const struct selabel_handle *hndl); 34 35 /* Sets the context of the current process. This should be used in preference 36 * to setcon() on Android. */ 37 extern int selinux_android_setcon(const char *con); 38 39 /* Sets the context of the current app process based on the information 40 * provided. Returns -1 if no matching context is found or the transition 41 * failed */ 42 extern int selinux_android_setcontext(uid_t uid, 43 bool isSystemServer, 44 const char *seinfo, 45 const char *name); 46 47 /* Builds a new context based on context, adding the categories from userid and 48 * appid. If userid or appid are -1, the corresponding categories are not 49 * modified. */ 50 extern int selinux_android_context_with_level(const char * context, 51 char ** newContext, 52 uid_t userid, 53 uid_t appid); 54 55 /* Provides a log callback that uses the Android logging facility. See selinux_set_callback. */ 56 extern int selinux_log_callback(int type, const char *fmt, ...) 57 __attribute__ ((format(printf, 2, 3))); 58 59 /* Provides a log callback that uses the Android logging facility for vendors. 60 * See selinux_set_callback. */ 61 extern int selinux_vendor_log_callback(int type, const char *fmt, ...) 62 __attribute__ ((format(printf, 2, 3))); 63 64 #define SELINUX_ANDROID_RESTORECON_NOCHANGE 1 65 #define SELINUX_ANDROID_RESTORECON_VERBOSE 2 66 #define SELINUX_ANDROID_RESTORECON_RECURSE 4 67 #define SELINUX_ANDROID_RESTORECON_FORCE 8 68 #define SELINUX_ANDROID_RESTORECON_DATADATA 16 69 #define SELINUX_ANDROID_RESTORECON_SKIPCE 32 70 #define SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS 64 71 #define SELINUX_ANDROID_RESTORECON_SKIP_SEHASH 128 72 /* Restores the security context of a file. */ 73 extern int selinux_android_restorecon(const char *file, unsigned int flags); 74 75 /* Restores the security context of a package's private directory. */ 76 extern int selinux_android_restorecon_pkgdir(const char *pkgdir, 77 const char *seinfo, 78 uid_t uid, 79 unsigned int flags); 80 81 /* Initialize the seapp contexts for future lookups. Loads all the 82 * seapp_contexts files. To force a reload of the files, use 83 * selinux_android_seapp_context_reload. While not required, this function can 84 * be used to speed up the inital calls to selinux_android_setcontext, 85 * selinux_android_restorecon and selinux_android_restorecon_pkgdir. */ 86 extern void selinux_android_seapp_context_init(void); 87 88 /* Forces a reload of the seapp_contexts files. */ 89 extern int selinux_android_seapp_context_reload(void); 90 91 #ifdef __cplusplus 92 } 93 #endif 94 #endif 95