• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file describes the internal interface used by the labeler
3  * for calling the user-supplied memory allocation, validation,
4  * and locking routine.
5  *
6  * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
7  */
8 #ifndef _SELABEL_INTERNAL_H_
9 #define _SELABEL_INTERNAL_H_
10 
11 #include <stdlib.h>
12 #include <stdarg.h>
13 #include <stdio.h>
14 #include <selinux/selinux.h>
15 #include <selinux/label.h>
16 #include "sha1.h"
17 
18 #if defined(ANDROID) || defined(__APPLE__)
19 // Android and Mac do not have fgets_unlocked()
20 #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
21 #endif
22 
23 /*
24  * Installed backends
25  */
26 int selabel_file_init(struct selabel_handle *rec,
27 			    const struct selinux_opt *opts,
28 			    unsigned nopts) ;
29 int selabel_media_init(struct selabel_handle *rec,
30 			    const struct selinux_opt *opts,
31 			    unsigned nopts) ;
32 int selabel_x_init(struct selabel_handle *rec,
33 			    const struct selinux_opt *opts,
34 			    unsigned nopts) ;
35 int selabel_db_init(struct selabel_handle *rec,
36 			    const struct selinux_opt *opts,
37 			    unsigned nopts) ;
38 int selabel_property_init(struct selabel_handle *rec,
39 			    const struct selinux_opt *opts,
40 			    unsigned nopts) ;
41 int selabel_exact_match_init(struct selabel_handle *rec,
42 			    const struct selinux_opt *opts,
43 			    unsigned nopts) ;
44 
45 /*
46  * Labeling internal structures
47  */
48 
49 /*
50  * Calculate an SHA1 hash of all the files used to build the specs.
51  * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To
52  * calculate the hash the hashbuf will hold a concatenation of all the files
53  * used. This is released once the value has been calculated.
54  */
55 #define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE
56 #define DIGEST_FILES_MAX 8
57 struct selabel_digest {
58 	unsigned char *digest;	/* SHA1 digest of specfiles */
59 	unsigned char *hashbuf;	/* buffer to hold specfiles */
60 	size_t hashbuf_size;	/* buffer size */
61 	size_t specfile_cnt;	/* how many specfiles processed */
62 	char **specfile_list;	/* and their names */
63 };
64 
65 extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp,
66 						    char *from_addr,
67 						    size_t buf_len,
68 						    const char *path);
69 extern void digest_gen_hash(struct selabel_digest *digest);
70 
71 struct selabel_lookup_rec {
72 	char * ctx_raw;
73 	char * ctx_trans;
74 	int validated;
75 	unsigned lineno;
76 };
77 
78 struct selabel_handle {
79 	/* arguments that were passed to selabel_open */
80 	unsigned int backend;
81 	int validating;
82 
83 	/* labeling operations */
84 	struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
85 						   const char *key, int type);
86 	void (*func_close) (struct selabel_handle *h);
87 	void (*func_stats) (struct selabel_handle *h);
88 	bool (*func_partial_match) (struct selabel_handle *h, const char *key);
89 	bool (*func_get_digests_all_partial_matches) (struct selabel_handle *h,
90 						      const char *key,
91 						      uint8_t **calculated_digest,
92 						      uint8_t **xattr_digest,
93 						      size_t *digest_len);
94 	bool (*func_hash_all_partial_matches) (struct selabel_handle *h,
95 	                                       const char *key, uint8_t *digest);
96 	struct selabel_lookup_rec *(*func_lookup_best_match)
97 						    (struct selabel_handle *h,
98 						    const char *key,
99 						    const char **aliases,
100 						    int type);
101 	enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
102 					    struct selabel_handle *h2);
103 
104 	/* supports backend-specific state information */
105 	void *data;
106 
107 	/*
108 	 * The main spec file(s) used. Note for file contexts the local and/or
109 	 * homedirs could also have been used to resolve a context.
110 	 */
111 	size_t spec_files_len;
112 	char **spec_files;
113 
114 
115 	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
116 	struct selabel_digest *digest;
117 };
118 
119 /*
120  * Validation function
121  */
122 extern int
123 selabel_validate(struct selabel_handle *rec,
124 		 struct selabel_lookup_rec *contexts) ;
125 
126 /*
127  * Compatibility support
128  */
129 extern int myprintf_compat;
130 extern void __attribute__ ((format(printf, 1, 2)))
131 (*myprintf) (const char *fmt, ...) ;
132 
133 #define COMPAT_LOG(type, fmt...) do {			\
134 	if (myprintf_compat)				\
135 		myprintf(fmt);				\
136 	else						\
137 		selinux_log(type, fmt);			\
138 	} while (0)
139 
140 extern int
141 compat_validate(struct selabel_handle *rec,
142 		struct selabel_lookup_rec *contexts,
143 		const char *path, unsigned lineno) ;
144 
145 /*
146  * The read_spec_entries function may be used to
147  * replace sscanf to read entries from spec files.
148  */
149 extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
150 
151 #endif				/* _SELABEL_INTERNAL_H_ */
152