1 #ifndef _SELINUX_ANDROID_H_ 2 #define _SELINUX_ANDROID_H_ 3 4 #include <stdbool.h> 5 #include <sys/types.h> 6 #include <unistd.h> 7 8 #include <selinux/label.h> 9 10 #ifdef __cplusplus 11 extern "C" { 12 #endif 13 14 /* Returns the file context handle */ 15 extern struct selabel_handle* selinux_android_file_context_handle(void); 16 17 /* Returns the service context handle */ 18 extern struct selabel_handle* selinux_android_service_context_handle(void); 19 20 /* Returns the hardware service context handle */ 21 extern struct selabel_handle* selinux_android_hw_service_context_handle(void); 22 23 /* Returns the vendor service context handle */ 24 extern struct selabel_handle* selinux_android_vendor_service_context_handle(void); 25 26 /* Returns the keystore2 context handle */ 27 extern struct selabel_handle* selinux_android_keystore2_key_context_handle(void); 28 29 /* Returns the tee_service context handle. 30 * These handle can be used as a paramter of selabel_lookup function to resolve 31 * the provided trusted execution environment (tee) service to the corresponding 32 * selinux context. */ 33 extern struct selabel_handle* selinux_android_tee_service_context_handle(void); 34 35 /* Sets the file context handle. Must be called using the output of 36 * selinux_android_file_context_handle. This function can be used to preload 37 * the file_contexts files and speed up later calls to 38 * selinux_android_restorecon and selinux_android_restorecon_pkgdir */ 39 extern void selinux_android_set_sehandle(const struct selabel_handle *hndl); 40 41 /* Sets the context of the current process. This should be used in preference 42 * to setcon() on Android. */ 43 extern int selinux_android_setcon(const char *con); 44 45 /* Sets the context of the current app process based on the information 46 * provided. Returns -1 if no matching context is found or the transition 47 * failed */ 48 extern int selinux_android_setcontext(uid_t uid, 49 bool isSystemServer, 50 const char *seinfo, 51 const char *name); 52 53 /* Builds a new context based on context, adding the categories from userid and 54 * appid. If userid or appid are -1, the corresponding categories are not 55 * modified. */ 56 extern int selinux_android_context_with_level(const char * context, 57 char ** newContext, 58 uid_t userid, 59 uid_t appid); 60 61 /* Provides a log callback that uses the Android logging facility. See selinux_set_callback. */ 62 extern int selinux_log_callback(int type, const char *fmt, ...) 63 __attribute__ ((format(printf, 2, 3))); 64 65 /* Provides a log callback that uses the Android logging facility for vendors. 66 * See selinux_set_callback. */ 67 extern int selinux_vendor_log_callback(int type, const char *fmt, ...) 68 __attribute__ ((format(printf, 2, 3))); 69 70 #define SELINUX_ANDROID_RESTORECON_NOCHANGE 1 71 #define SELINUX_ANDROID_RESTORECON_VERBOSE 2 72 #define SELINUX_ANDROID_RESTORECON_RECURSE 4 73 #define SELINUX_ANDROID_RESTORECON_FORCE 8 74 #define SELINUX_ANDROID_RESTORECON_DATADATA 16 75 #define SELINUX_ANDROID_RESTORECON_SKIPCE 32 76 #define SELINUX_ANDROID_RESTORECON_CROSS_FILESYSTEMS 64 77 #define SELINUX_ANDROID_RESTORECON_SKIP_SEHASH 128 78 /* Restores the security context of a file. */ 79 extern int selinux_android_restorecon(const char *file, unsigned int flags); 80 81 /* Restores the security context of a package's private directory. */ 82 extern int selinux_android_restorecon_pkgdir(const char *pkgdir, 83 const char *seinfo, 84 uid_t uid, 85 unsigned int flags); 86 87 /* Initialize the seapp contexts for future lookups. Loads all the 88 * seapp_contexts files. To force a reload of the files, use 89 * selinux_android_seapp_context_reload. While not required, this function can 90 * be used to speed up the inital calls to selinux_android_setcontext, 91 * selinux_android_restorecon and selinux_android_restorecon_pkgdir. */ 92 extern void selinux_android_seapp_context_init(void); 93 94 /* Forces a reload of the seapp_contexts files. */ 95 extern int selinux_android_seapp_context_reload(void); 96 97 #ifdef __cplusplus 98 } 99 #endif 100 #endif 101