• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef _SEPOL_POLICYDB_H_
2 #define _SEPOL_POLICYDB_H_
3 
4 #include <stddef.h>
5 #include <stdio.h>
6 
7 #include <sepol/handle.h>
8 
9 struct sepol_policy_file;
10 typedef struct sepol_policy_file sepol_policy_file_t;
11 
12 struct sepol_policydb;
13 typedef struct sepol_policydb sepol_policydb_t;
14 
15 /* Policy file public interfaces. */
16 
17 /* Create and free memory associated with a policy file. */
18 extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
19 extern void sepol_policy_file_free(sepol_policy_file_t * pf);
20 
21 /*
22  * Set the policy file to represent a binary policy memory image.
23  * Subsequent operations using the policy file will read and write
24  * the image located at the specified address with the specified length.
25  * If 'len' is 0, then merely compute the necessary length upon
26  * subsequent policydb write operations in order to determine the
27  * necessary buffer size to allocate.
28  */
29 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
30 				      char *data, size_t len);
31 
32 /*
33  * Get the size of the buffer needed to store a policydb write
34  * previously done on this policy file.
35  */
36 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
37 
38 /*
39  * Set the policy file to represent a FILE.
40  * Subsequent operations using the policy file will read and write
41  * to the FILE.
42  */
43 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
44 
45 /*
46  * Associate a handle with a policy file, for use in
47  * error reporting from subsequent calls that take the
48  * policy file as an argument.
49  */
50 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
51 					 sepol_handle_t * handle);
52 
53 /* Policydb public interfaces. */
54 
55 /* Create and free memory associated with a policydb. */
56 extern int sepol_policydb_create(sepol_policydb_t ** p);
57 extern void sepol_policydb_free(sepol_policydb_t * p);
58 
59 /* Legal types of policies that the policydb can represent. */
60 #define SEPOL_POLICY_KERN	0
61 #define SEPOL_POLICY_BASE	1
62 #define SEPOL_POLICY_MOD	2
63 
64 /*
65  * Range of policy versions for the kernel policy type supported
66  * by this library.
67  */
68 extern int sepol_policy_kern_vers_min(void);
69 extern int sepol_policy_kern_vers_max(void);
70 
71 /*
72  * Set the policy type as specified, and automatically initialize the
73  * policy version accordingly to the maximum version supported for the
74  * policy type.
75  * Returns -1 if the policy type is not legal.
76  */
77 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
78 
79 /*
80  * Set the policy version to a different value.
81  * Returns -1 if the policy version is not in the supported range for
82  * the (previously set) policy type.
83  */
84 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
85 
86 /* Set how to handle unknown class/perms. */
87 #define SEPOL_DENY_UNKNOWN	    0
88 #define SEPOL_REJECT_UNKNOWN	    2
89 #define SEPOL_ALLOW_UNKNOWN	    4
90 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
91 					     unsigned int handle_unknown);
92 
93 /*
94  * Read a policydb from a policy file.
95  * This automatically sets the type and version based on the
96  * image contents.
97  */
98 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
99 
100 /*
101  * Write a policydb to a policy file.
102  * The generated image will be in the binary format corresponding
103  * to the policy version associated with the policydb.
104  */
105 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
106 
107 /*
108  * Extract a policydb from a binary policy memory image.
109  * This is equivalent to sepol_policydb_read with a policy file
110  * set to refer to memory.
111  */
112 extern int sepol_policydb_from_image(sepol_handle_t * handle,
113 				     void *data, size_t len,
114 				     sepol_policydb_t * p);
115 
116 /*
117  * Generate a binary policy memory image from a policydb.
118  * This is equivalent to sepol_policydb_write with a policy file
119  * set to refer to memory, but internally handles computing the
120  * necessary length and allocating an appropriately sized memory
121  * buffer for the caller.
122  */
123 extern int sepol_policydb_to_image(sepol_handle_t * handle,
124 				   sepol_policydb_t * p,
125 				   void **newdata, size_t * newlen);
126 
127 /*
128  * Check whether the policydb has MLS enabled.
129  */
130 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
131 
132 /*
133  * Check whether the compatibility mode for SELinux network
134  * checks should be enabled when using this policy.
135  */
136 extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
137 
138 #endif
139