1 #include <string> 2 3 #include <selinux/android.h> 4 #include <selinux/avc.h> 5 6 namespace android { 7 8 class AccessControl { 9 public: 10 AccessControl(); 11 12 struct CallingContext { 13 bool sidPresent; 14 std::string sid; 15 pid_t pid; 16 }; 17 static CallingContext getCallingContext(pid_t sourcePid); 18 19 bool canAdd(const std::string& fqName, const CallingContext& callingContext); 20 bool canGet(const std::string& fqName, const CallingContext& callingContext); 21 bool canList(const CallingContext& callingContext); 22 23 private: 24 25 bool checkPermission(const CallingContext& source, const char *targetContext, const char *perm, const char *interface); 26 bool checkPermission(const CallingContext& source, const char *perm, const char *interface); 27 28 static int auditCallback(void *data, security_class_t cls, char *buf, size_t len); 29 30 char* mSeContext; 31 struct selabel_handle* mSeHandle; 32 union selinux_callback mSeCallbacks; 33 }; 34 35 } // namespace android 36