• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file describes the internal interface used by the labeler
3  * for calling the user-supplied memory allocation, validation,
4  * and locking routine.
5  *
6  * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
7  */
8 #ifndef _SELABEL_INTERNAL_H_
9 #define _SELABEL_INTERNAL_H_
10 
11 #include <stdlib.h>
12 #include <stdarg.h>
13 #include <stdio.h>
14 #include <selinux/selinux.h>
15 #include <selinux/label.h>
16 #include "dso.h"
17 #include "sha1.h"
18 
19 #if defined(ANDROID) || defined(__APPLE__)
20 // Android and Mac do not have fgets_unlocked()
21 #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
22 #endif
23 
24 /*
25  * Installed backends
26  */
27 int selabel_file_init(struct selabel_handle *rec,
28 			    const struct selinux_opt *opts,
29 			    unsigned nopts) hidden;
30 int selabel_media_init(struct selabel_handle *rec,
31 			    const struct selinux_opt *opts,
32 			    unsigned nopts) hidden;
33 int selabel_x_init(struct selabel_handle *rec,
34 			    const struct selinux_opt *opts,
35 			    unsigned nopts) hidden;
36 int selabel_db_init(struct selabel_handle *rec,
37 			    const struct selinux_opt *opts,
38 			    unsigned nopts) hidden;
39 int selabel_property_init(struct selabel_handle *rec,
40 			    const struct selinux_opt *opts,
41 			    unsigned nopts) hidden;
42 int selabel_service_init(struct selabel_handle *rec,
43 			    const struct selinux_opt *opts,
44 			    unsigned nopts) hidden;
45 
46 /*
47  * Labeling internal structures
48  */
49 struct selabel_sub {
50 	char *src;
51 	int slen;
52 	char *dst;
53 	struct selabel_sub *next;
54 };
55 
56 /*
57  * Calculate an SHA1 hash of all the files used to build the specs.
58  * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To
59  * calculate the hash the hashbuf will hold a concatenation of all the files
60  * used. This is released once the value has been calculated.
61  */
62 #define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE
63 #define DIGEST_FILES_MAX 8
64 struct selabel_digest {
65 	unsigned char *digest;	/* SHA1 digest of specfiles */
66 	unsigned char *hashbuf;	/* buffer to hold specfiles */
67 	size_t hashbuf_size;	/* buffer size */
68 	size_t specfile_cnt;	/* how many specfiles processed */
69 	char **specfile_list;	/* and their names */
70 };
71 
72 extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp,
73 						    char *from_addr,
74 						    size_t buf_len,
75 						    const char *path);
76 extern void digest_gen_hash(struct selabel_digest *digest);
77 
78 extern struct selabel_sub *selabel_subs_init(const char *path,
79 				    struct selabel_sub *list,
80 				    struct selabel_digest *digest);
81 
82 struct selabel_lookup_rec {
83 	char * ctx_raw;
84 	char * ctx_trans;
85 	int validated;
86 };
87 
88 struct selabel_handle {
89 	/* arguments that were passed to selabel_open */
90 	unsigned int backend;
91 	int validating;
92 
93 	/* labeling operations */
94 	struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
95 						   const char *key, int type);
96 	void (*func_close) (struct selabel_handle *h);
97 	void (*func_stats) (struct selabel_handle *h);
98 	bool (*func_partial_match) (struct selabel_handle *h, const char *key);
99 	struct selabel_lookup_rec *(*func_lookup_best_match)
100 						    (struct selabel_handle *h,
101 						    const char *key,
102 						    const char **aliases,
103 						    int type);
104 	enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
105 					    struct selabel_handle *h2);
106 
107 	/* supports backend-specific state information */
108 	void *data;
109 
110 	/*
111 	 * The main spec file(s) used. Note for file contexts the local and/or
112 	 * homedirs could also have been used to resolve a context.
113 	 */
114 	size_t spec_files_len;
115 	char **spec_files;
116 
117 
118 	/* substitution support */
119 	struct selabel_sub *dist_subs;
120 	struct selabel_sub *subs;
121 	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
122 	struct selabel_digest *digest;
123 };
124 
125 /*
126  * Validation function
127  */
128 extern int
129 selabel_validate(struct selabel_handle *rec,
130 		 struct selabel_lookup_rec *contexts) hidden;
131 
132 /*
133  * Compatibility support
134  */
135 extern int myprintf_compat;
136 extern void __attribute__ ((format(printf, 1, 2)))
137 (*myprintf) (const char *fmt, ...) hidden;
138 
139 #define COMPAT_LOG(type, fmt...) if (myprintf_compat)	  \
140 		myprintf(fmt);				  \
141 	else						  \
142 		selinux_log(type, fmt);
143 
144 extern int
145 compat_validate(struct selabel_handle *rec,
146 		struct selabel_lookup_rec *contexts,
147 		const char *path, unsigned lineno) hidden;
148 
149 /*
150  * The read_spec_entries function may be used to
151  * replace sscanf to read entries from spec files.
152  */
153 extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
154 
155 #endif				/* _SELABEL_INTERNAL_H_ */
156