1 /* 2 * This file describes the internal interface used by the labeler 3 * for calling the user-supplied memory allocation, validation, 4 * and locking routine. 5 * 6 * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> 7 */ 8 #ifndef _SELABEL_INTERNAL_H_ 9 #define _SELABEL_INTERNAL_H_ 10 11 #include <stdlib.h> 12 #include <stdarg.h> 13 #include <stdio.h> 14 #include <selinux/selinux.h> 15 #include <selinux/label.h> 16 #include "dso.h" 17 #include "sha1.h" 18 19 /* 20 * Installed backends 21 */ 22 int selabel_file_init(struct selabel_handle *rec, 23 const struct selinux_opt *opts, 24 unsigned nopts) hidden; 25 int selabel_media_init(struct selabel_handle *rec, 26 const struct selinux_opt *opts, 27 unsigned nopts) hidden; 28 int selabel_x_init(struct selabel_handle *rec, 29 const struct selinux_opt *opts, 30 unsigned nopts) hidden; 31 int selabel_db_init(struct selabel_handle *rec, 32 const struct selinux_opt *opts, 33 unsigned nopts) hidden; 34 int selabel_property_init(struct selabel_handle *rec, 35 const struct selinux_opt *opts, 36 unsigned nopts) hidden; 37 38 /* 39 * Labeling internal structures 40 */ 41 struct selabel_sub { 42 char *src; 43 int slen; 44 char *dst; 45 struct selabel_sub *next; 46 }; 47 48 /* 49 * Calculate an SHA1 hash of all the files used to build the specs. 50 * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To 51 * calculate the hash the hashbuf will hold a concatenation of all the files 52 * used. This is released once the value has been calculated. 53 */ 54 #define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE 55 #define DIGEST_FILES_MAX 8 56 struct selabel_digest { 57 unsigned char *digest; /* SHA1 digest of specfiles */ 58 unsigned char *hashbuf; /* buffer to hold specfiles */ 59 size_t hashbuf_size; /* buffer size */ 60 size_t specfile_cnt; /* how many specfiles processed */ 61 char **specfile_list; /* and their names */ 62 }; 63 64 extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp, 65 char *from_addr, 66 size_t buf_len, 67 const char *path); 68 extern void digest_gen_hash(struct selabel_digest *digest); 69 70 extern struct selabel_sub *selabel_subs_init(const char *path, 71 struct selabel_sub *list, 72 struct selabel_digest *digest); 73 74 struct selabel_lookup_rec { 75 char * ctx_raw; 76 char * ctx_trans; 77 int validated; 78 }; 79 80 struct selabel_handle { 81 /* arguments that were passed to selabel_open */ 82 unsigned int backend; 83 int validating; 84 85 /* labeling operations */ 86 struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h, 87 const char *key, int type); 88 void (*func_close) (struct selabel_handle *h); 89 void (*func_stats) (struct selabel_handle *h); 90 bool (*func_partial_match) (struct selabel_handle *h, const char *key); 91 struct selabel_lookup_rec *(*func_lookup_best_match) 92 (struct selabel_handle *h, 93 const char *key, 94 const char **aliases, 95 int type); 96 enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1, 97 struct selabel_handle *h2); 98 99 /* supports backend-specific state information */ 100 void *data; 101 102 /* 103 * The main spec file used. Note for file contexts the local and/or 104 * homedirs could also have been used to resolve a context. 105 */ 106 char *spec_file; 107 108 /* substitution support */ 109 struct selabel_sub *dist_subs; 110 struct selabel_sub *subs; 111 /* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */ 112 struct selabel_digest *digest; 113 }; 114 115 /* 116 * Validation function 117 */ 118 extern int 119 selabel_validate(struct selabel_handle *rec, 120 struct selabel_lookup_rec *contexts) hidden; 121 122 /* 123 * Compatibility support 124 */ 125 extern int myprintf_compat; 126 extern void __attribute__ ((format(printf, 1, 2))) 127 (*myprintf) (const char *fmt, ...); 128 129 #define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ 130 myprintf(fmt); \ 131 else \ 132 selinux_log(type, fmt); 133 134 extern int 135 compat_validate(struct selabel_handle *rec, 136 struct selabel_lookup_rec *contexts, 137 const char *path, unsigned lineno) hidden; 138 139 /* 140 * The read_spec_entries function may be used to 141 * replace sscanf to read entries from spec files. 142 */ 143 extern int read_spec_entries(char *line_buf, int num_args, ...); 144 145 #endif /* _SELABEL_INTERNAL_H_ */ 146