1 #pragma once 2 3 #include <stdbool.h> 4 #include <sys/types.h> 5 6 #include <selinux/context.h> 7 #include <selinux/selinux.h> 8 9 #ifdef __cplusplus 10 extern "C" { 11 #endif 12 13 // Context files (file_contexts, service_contexts, etc) may be spread over 14 // multiple partitions: system, apex, system_ext, product, vendor and/or odm. 15 #define MAX_CONTEXT_PATHS 6 16 // The maximum number of alternatives for a file on one partition. 17 #define MAX_ALT_CONTEXT_PATHS 2 18 typedef struct path_alts { 19 const char *paths[MAX_CONTEXT_PATHS][MAX_ALT_CONTEXT_PATHS]; 20 } path_alts_t; 21 22 /* Within each set of files, adds the first file that is accessible to `paths`. 23 * Returns the number of accessible files. */ 24 size_t find_existing_files( 25 const path_alts_t *path_sets, 26 const char *paths[MAX_CONTEXT_PATHS]); 27 28 /* Converts an array of file paths into an array of options for selabel_open. 29 * opts must be at least as large as paths. */ 30 void paths_to_opts( 31 const char* paths[MAX_CONTEXT_PATHS], 32 size_t npaths, 33 struct selinux_opt* const opts); 34 35 /* Initialize a backend using the specified options. Ensure that any error is 36 * reported to the android logging facility */ 37 struct selabel_handle* initialize_backend( 38 unsigned int backend, 39 const char* name, 40 const struct selinux_opt* opts, 41 size_t nopts); 42 43 /* Initialize a backend using a set of context paths */ 44 struct selabel_handle* context_handle( 45 unsigned int backend, 46 const path_alts_t *context_paths, 47 const char* name); 48 49 /* The kind of request when looking up an seapp_context. */ 50 enum seapp_kind { 51 /* Returns the SELinux type for the app data directory */ 52 SEAPP_TYPE, 53 /* Returns the SELinux type for the app process */ 54 SEAPP_DOMAIN 55 }; 56 57 /* Search an app (or its data) based on its name and information within the list 58 * of known seapp_contexts. If found, sets the type and categories of ctx and 59 * returns 0. Returns -1 in case of error; -2 for out of memory */ 60 int seapp_context_lookup(enum seapp_kind kind, 61 uid_t uid, 62 bool isSystemServer, 63 const char *seinfo, 64 const char *pkgname, 65 context_t ctx); 66 67 /* Similar to seapp_context_lookup, but does not implicitly load and use the 68 * default context files. It should only be used for unit tests. */ 69 int seapp_context_lookup_internal(enum seapp_kind kind, 70 uid_t uid, 71 bool isSystemServer, 72 const char *seinfo, 73 const char *pkgname, 74 context_t ctx); 75 76 /* Which categories should be associated to the process */ 77 enum levelFrom { 78 /* None */ 79 LEVELFROM_NONE, 80 /* The categories of the application */ 81 LEVELFROM_APP, 82 /* The categories of the end-user */ 83 LEVELFROM_USER, 84 /* Application and end-user */ 85 LEVELFROM_ALL 86 }; 87 88 /* Sets the categories of ctx based on the level request */ 89 int set_range_from_level(context_t ctx, enum levelFrom levelFrom, uid_t userid, uid_t appid); 90 91 /* Similar to seapp_context_reload, but does not implicitly load the default 92 * context files. It should only be used for unit tests. */ 93 int seapp_context_reload_internal(const path_alts_t *context_paths); 94 #ifdef __cplusplus 95 } 96 #endif 97