1*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
2*2d543d20SAndroid Build Coastguard Worker #include <stdio_ext.h>
3*2d543d20SAndroid Build Coastguard Worker #include <string.h>
4*2d543d20SAndroid Build Coastguard Worker #include <ctype.h>
5*2d543d20SAndroid Build Coastguard Worker #include <stddef.h>
6*2d543d20SAndroid Build Coastguard Worker #include <stdint.h>
7*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
8*2d543d20SAndroid Build Coastguard Worker #include <limits.h>
9*2d543d20SAndroid Build Coastguard Worker #include <unistd.h>
10*2d543d20SAndroid Build Coastguard Worker #include <pthread.h>
11*2d543d20SAndroid Build Coastguard Worker #include <errno.h>
12*2d543d20SAndroid Build Coastguard Worker #include "policy.h"
13*2d543d20SAndroid Build Coastguard Worker #include "selinux_internal.h"
14*2d543d20SAndroid Build Coastguard Worker #include "get_default_type_internal.h"
15*2d543d20SAndroid Build Coastguard Worker
16*2d543d20SAndroid Build Coastguard Worker #define SELINUXDEFAULT "targeted"
17*2d543d20SAndroid Build Coastguard Worker #define SELINUXTYPETAG "SELINUXTYPE="
18*2d543d20SAndroid Build Coastguard Worker #define SELINUXTAG "SELINUX="
19*2d543d20SAndroid Build Coastguard Worker #define REQUIRESEUSERS "REQUIRESEUSERS="
20*2d543d20SAndroid Build Coastguard Worker
21*2d543d20SAndroid Build Coastguard Worker /* Indices for file paths arrays. */
22*2d543d20SAndroid Build Coastguard Worker #define BINPOLICY 0
23*2d543d20SAndroid Build Coastguard Worker #define CONTEXTS_DIR 1
24*2d543d20SAndroid Build Coastguard Worker #define FILE_CONTEXTS 2
25*2d543d20SAndroid Build Coastguard Worker #define HOMEDIR_CONTEXTS 3
26*2d543d20SAndroid Build Coastguard Worker #define DEFAULT_CONTEXTS 4
27*2d543d20SAndroid Build Coastguard Worker #define USER_CONTEXTS 5
28*2d543d20SAndroid Build Coastguard Worker #define FAILSAFE_CONTEXT 6
29*2d543d20SAndroid Build Coastguard Worker #define DEFAULT_TYPE 7
30*2d543d20SAndroid Build Coastguard Worker /* BOOLEANS is deprecated */
31*2d543d20SAndroid Build Coastguard Worker #define BOOLEANS 8
32*2d543d20SAndroid Build Coastguard Worker #define MEDIA_CONTEXTS 9
33*2d543d20SAndroid Build Coastguard Worker #define REMOVABLE_CONTEXT 10
34*2d543d20SAndroid Build Coastguard Worker #define CUSTOMIZABLE_TYPES 11
35*2d543d20SAndroid Build Coastguard Worker /* USERS_DIR is deprecated */
36*2d543d20SAndroid Build Coastguard Worker #define USERS_DIR 12
37*2d543d20SAndroid Build Coastguard Worker #define SEUSERS 13
38*2d543d20SAndroid Build Coastguard Worker #define TRANSLATIONS 14
39*2d543d20SAndroid Build Coastguard Worker #define NETFILTER_CONTEXTS 15
40*2d543d20SAndroid Build Coastguard Worker #define FILE_CONTEXTS_HOMEDIR 16
41*2d543d20SAndroid Build Coastguard Worker #define FILE_CONTEXTS_LOCAL 17
42*2d543d20SAndroid Build Coastguard Worker #define SECURETTY_TYPES 18
43*2d543d20SAndroid Build Coastguard Worker #define X_CONTEXTS 19
44*2d543d20SAndroid Build Coastguard Worker #define COLORS 20
45*2d543d20SAndroid Build Coastguard Worker #define VIRTUAL_DOMAIN 21
46*2d543d20SAndroid Build Coastguard Worker #define VIRTUAL_IMAGE 22
47*2d543d20SAndroid Build Coastguard Worker #define FILE_CONTEXT_SUBS 23
48*2d543d20SAndroid Build Coastguard Worker #define SEPGSQL_CONTEXTS 24
49*2d543d20SAndroid Build Coastguard Worker #define FILE_CONTEXT_SUBS_DIST 25
50*2d543d20SAndroid Build Coastguard Worker #define LXC_CONTEXTS 26
51*2d543d20SAndroid Build Coastguard Worker #define BOOLEAN_SUBS 27
52*2d543d20SAndroid Build Coastguard Worker #define OPENSSH_CONTEXTS 28
53*2d543d20SAndroid Build Coastguard Worker #define SYSTEMD_CONTEXTS 29
54*2d543d20SAndroid Build Coastguard Worker #define SNAPPERD_CONTEXTS 30
55*2d543d20SAndroid Build Coastguard Worker #define OPENRC_CONTEXTS 31
56*2d543d20SAndroid Build Coastguard Worker #define NEL 32
57*2d543d20SAndroid Build Coastguard Worker
58*2d543d20SAndroid Build Coastguard Worker /* Part of one-time lazy init */
59*2d543d20SAndroid Build Coastguard Worker static pthread_once_t once = PTHREAD_ONCE_INIT;
60*2d543d20SAndroid Build Coastguard Worker static void init_selinux_config(void);
61*2d543d20SAndroid Build Coastguard Worker
62*2d543d20SAndroid Build Coastguard Worker /* New layout is relative to SELINUXDIR/policytype. */
63*2d543d20SAndroid Build Coastguard Worker static char *file_paths[NEL];
64*2d543d20SAndroid Build Coastguard Worker #define L1(l) L2(l)
65*2d543d20SAndroid Build Coastguard Worker #define L2(l)str##l
66*2d543d20SAndroid Build Coastguard Worker static const union file_path_suffixes_data {
67*2d543d20SAndroid Build Coastguard Worker struct {
68*2d543d20SAndroid Build Coastguard Worker #define S_(n, s) char L1(__LINE__)[sizeof(s)];
69*2d543d20SAndroid Build Coastguard Worker #include "file_path_suffixes.h"
70*2d543d20SAndroid Build Coastguard Worker #undef S_
71*2d543d20SAndroid Build Coastguard Worker };
72*2d543d20SAndroid Build Coastguard Worker char str[0];
73*2d543d20SAndroid Build Coastguard Worker } file_path_suffixes_data = {
74*2d543d20SAndroid Build Coastguard Worker {
75*2d543d20SAndroid Build Coastguard Worker #define S_(n, s) s,
76*2d543d20SAndroid Build Coastguard Worker #include "file_path_suffixes.h"
77*2d543d20SAndroid Build Coastguard Worker #undef S_
78*2d543d20SAndroid Build Coastguard Worker }
79*2d543d20SAndroid Build Coastguard Worker };
80*2d543d20SAndroid Build Coastguard Worker static const uint16_t file_path_suffixes_idx[NEL] = {
81*2d543d20SAndroid Build Coastguard Worker #define S_(n, s) [n] = offsetof(union file_path_suffixes_data, L1(__LINE__)),
82*2d543d20SAndroid Build Coastguard Worker #include "file_path_suffixes.h"
83*2d543d20SAndroid Build Coastguard Worker #undef S_
84*2d543d20SAndroid Build Coastguard Worker };
85*2d543d20SAndroid Build Coastguard Worker
86*2d543d20SAndroid Build Coastguard Worker #undef L1
87*2d543d20SAndroid Build Coastguard Worker #undef L2
88*2d543d20SAndroid Build Coastguard Worker
selinux_getenforcemode(int * enforce)89*2d543d20SAndroid Build Coastguard Worker int selinux_getenforcemode(int *enforce)
90*2d543d20SAndroid Build Coastguard Worker {
91*2d543d20SAndroid Build Coastguard Worker int ret = -1;
92*2d543d20SAndroid Build Coastguard Worker FILE *cfg = fopen(SELINUXCONFIG, "re");
93*2d543d20SAndroid Build Coastguard Worker if (cfg) {
94*2d543d20SAndroid Build Coastguard Worker char *buf;
95*2d543d20SAndroid Build Coastguard Worker char *tag;
96*2d543d20SAndroid Build Coastguard Worker int len = sizeof(SELINUXTAG) - 1;
97*2d543d20SAndroid Build Coastguard Worker buf = malloc(selinux_page_size);
98*2d543d20SAndroid Build Coastguard Worker if (!buf) {
99*2d543d20SAndroid Build Coastguard Worker fclose(cfg);
100*2d543d20SAndroid Build Coastguard Worker return -1;
101*2d543d20SAndroid Build Coastguard Worker }
102*2d543d20SAndroid Build Coastguard Worker while (fgets_unlocked(buf, selinux_page_size, cfg)) {
103*2d543d20SAndroid Build Coastguard Worker if (strncmp(buf, SELINUXTAG, len))
104*2d543d20SAndroid Build Coastguard Worker continue;
105*2d543d20SAndroid Build Coastguard Worker tag = buf+len;
106*2d543d20SAndroid Build Coastguard Worker while (isspace((unsigned char)*tag))
107*2d543d20SAndroid Build Coastguard Worker tag++;
108*2d543d20SAndroid Build Coastguard Worker if (!strncasecmp
109*2d543d20SAndroid Build Coastguard Worker (tag, "enforcing", sizeof("enforcing") - 1)) {
110*2d543d20SAndroid Build Coastguard Worker *enforce = 1;
111*2d543d20SAndroid Build Coastguard Worker ret = 0;
112*2d543d20SAndroid Build Coastguard Worker break;
113*2d543d20SAndroid Build Coastguard Worker } else
114*2d543d20SAndroid Build Coastguard Worker if (!strncasecmp
115*2d543d20SAndroid Build Coastguard Worker (tag, "permissive",
116*2d543d20SAndroid Build Coastguard Worker sizeof("permissive") - 1)) {
117*2d543d20SAndroid Build Coastguard Worker *enforce = 0;
118*2d543d20SAndroid Build Coastguard Worker ret = 0;
119*2d543d20SAndroid Build Coastguard Worker break;
120*2d543d20SAndroid Build Coastguard Worker } else
121*2d543d20SAndroid Build Coastguard Worker if (!strncasecmp
122*2d543d20SAndroid Build Coastguard Worker (tag, "disabled",
123*2d543d20SAndroid Build Coastguard Worker sizeof("disabled") - 1)) {
124*2d543d20SAndroid Build Coastguard Worker *enforce = -1;
125*2d543d20SAndroid Build Coastguard Worker ret = 0;
126*2d543d20SAndroid Build Coastguard Worker break;
127*2d543d20SAndroid Build Coastguard Worker }
128*2d543d20SAndroid Build Coastguard Worker }
129*2d543d20SAndroid Build Coastguard Worker fclose(cfg);
130*2d543d20SAndroid Build Coastguard Worker free(buf);
131*2d543d20SAndroid Build Coastguard Worker }
132*2d543d20SAndroid Build Coastguard Worker return ret;
133*2d543d20SAndroid Build Coastguard Worker }
134*2d543d20SAndroid Build Coastguard Worker
135*2d543d20SAndroid Build Coastguard Worker
136*2d543d20SAndroid Build Coastguard Worker static char *selinux_policytype;
137*2d543d20SAndroid Build Coastguard Worker
selinux_getpolicytype(char ** type)138*2d543d20SAndroid Build Coastguard Worker int selinux_getpolicytype(char **type)
139*2d543d20SAndroid Build Coastguard Worker {
140*2d543d20SAndroid Build Coastguard Worker __selinux_once(once, init_selinux_config);
141*2d543d20SAndroid Build Coastguard Worker if (!selinux_policytype)
142*2d543d20SAndroid Build Coastguard Worker return -1;
143*2d543d20SAndroid Build Coastguard Worker *type = strdup(selinux_policytype);
144*2d543d20SAndroid Build Coastguard Worker return *type ? 0 : -1;
145*2d543d20SAndroid Build Coastguard Worker }
146*2d543d20SAndroid Build Coastguard Worker
147*2d543d20SAndroid Build Coastguard Worker
setpolicytype(const char * type)148*2d543d20SAndroid Build Coastguard Worker static int setpolicytype(const char *type)
149*2d543d20SAndroid Build Coastguard Worker {
150*2d543d20SAndroid Build Coastguard Worker free(selinux_policytype);
151*2d543d20SAndroid Build Coastguard Worker selinux_policytype = strdup(type);
152*2d543d20SAndroid Build Coastguard Worker return selinux_policytype ? 0 : -1;
153*2d543d20SAndroid Build Coastguard Worker }
154*2d543d20SAndroid Build Coastguard Worker
155*2d543d20SAndroid Build Coastguard Worker static char *selinux_policyroot = NULL;
156*2d543d20SAndroid Build Coastguard Worker static const char *selinux_rootpath = SELINUXDIR;
157*2d543d20SAndroid Build Coastguard Worker
init_selinux_config(void)158*2d543d20SAndroid Build Coastguard Worker static void init_selinux_config(void)
159*2d543d20SAndroid Build Coastguard Worker {
160*2d543d20SAndroid Build Coastguard Worker int i, *intptr;
161*2d543d20SAndroid Build Coastguard Worker size_t line_len;
162*2d543d20SAndroid Build Coastguard Worker ssize_t len;
163*2d543d20SAndroid Build Coastguard Worker char *line_buf = NULL, *buf_p, *value, *type = NULL, *end;
164*2d543d20SAndroid Build Coastguard Worker FILE *fp;
165*2d543d20SAndroid Build Coastguard Worker
166*2d543d20SAndroid Build Coastguard Worker if (selinux_policyroot)
167*2d543d20SAndroid Build Coastguard Worker return;
168*2d543d20SAndroid Build Coastguard Worker
169*2d543d20SAndroid Build Coastguard Worker fp = fopen(SELINUXCONFIG, "re");
170*2d543d20SAndroid Build Coastguard Worker if (fp) {
171*2d543d20SAndroid Build Coastguard Worker __fsetlocking(fp, FSETLOCKING_BYCALLER);
172*2d543d20SAndroid Build Coastguard Worker while ((len = getline(&line_buf, &line_len, fp)) > 0) {
173*2d543d20SAndroid Build Coastguard Worker if (line_buf[len - 1] == '\n')
174*2d543d20SAndroid Build Coastguard Worker line_buf[len - 1] = 0;
175*2d543d20SAndroid Build Coastguard Worker buf_p = line_buf;
176*2d543d20SAndroid Build Coastguard Worker while (isspace((unsigned char)*buf_p))
177*2d543d20SAndroid Build Coastguard Worker buf_p++;
178*2d543d20SAndroid Build Coastguard Worker if (*buf_p == '#' || *buf_p == 0)
179*2d543d20SAndroid Build Coastguard Worker continue;
180*2d543d20SAndroid Build Coastguard Worker
181*2d543d20SAndroid Build Coastguard Worker if (!strncasecmp(buf_p, SELINUXTYPETAG,
182*2d543d20SAndroid Build Coastguard Worker sizeof(SELINUXTYPETAG) - 1)) {
183*2d543d20SAndroid Build Coastguard Worker buf_p += sizeof(SELINUXTYPETAG) - 1;
184*2d543d20SAndroid Build Coastguard Worker while (isspace((unsigned char)*buf_p))
185*2d543d20SAndroid Build Coastguard Worker buf_p++;
186*2d543d20SAndroid Build Coastguard Worker type = strdup(buf_p);
187*2d543d20SAndroid Build Coastguard Worker if (!type) {
188*2d543d20SAndroid Build Coastguard Worker free(line_buf);
189*2d543d20SAndroid Build Coastguard Worker fclose(fp);
190*2d543d20SAndroid Build Coastguard Worker return;
191*2d543d20SAndroid Build Coastguard Worker }
192*2d543d20SAndroid Build Coastguard Worker end = type + strlen(type) - 1;
193*2d543d20SAndroid Build Coastguard Worker while ((end > type) &&
194*2d543d20SAndroid Build Coastguard Worker (isspace((unsigned char)*end) || iscntrl((unsigned char)*end))) {
195*2d543d20SAndroid Build Coastguard Worker *end = 0;
196*2d543d20SAndroid Build Coastguard Worker end--;
197*2d543d20SAndroid Build Coastguard Worker }
198*2d543d20SAndroid Build Coastguard Worker if (setpolicytype(type) != 0) {
199*2d543d20SAndroid Build Coastguard Worker free(type);
200*2d543d20SAndroid Build Coastguard Worker free(line_buf);
201*2d543d20SAndroid Build Coastguard Worker fclose(fp);
202*2d543d20SAndroid Build Coastguard Worker return;
203*2d543d20SAndroid Build Coastguard Worker }
204*2d543d20SAndroid Build Coastguard Worker free(type);
205*2d543d20SAndroid Build Coastguard Worker continue;
206*2d543d20SAndroid Build Coastguard Worker } else if (!strncmp(buf_p, REQUIRESEUSERS,
207*2d543d20SAndroid Build Coastguard Worker sizeof(REQUIRESEUSERS) - 1)) {
208*2d543d20SAndroid Build Coastguard Worker value = buf_p + sizeof(REQUIRESEUSERS) - 1;
209*2d543d20SAndroid Build Coastguard Worker while (isspace((unsigned char)*value))
210*2d543d20SAndroid Build Coastguard Worker value++;
211*2d543d20SAndroid Build Coastguard Worker intptr = &require_seusers;
212*2d543d20SAndroid Build Coastguard Worker } else {
213*2d543d20SAndroid Build Coastguard Worker continue;
214*2d543d20SAndroid Build Coastguard Worker }
215*2d543d20SAndroid Build Coastguard Worker
216*2d543d20SAndroid Build Coastguard Worker if (isdigit((unsigned char)*value))
217*2d543d20SAndroid Build Coastguard Worker *intptr = atoi(value);
218*2d543d20SAndroid Build Coastguard Worker else if (strncasecmp(value, "true", sizeof("true") - 1))
219*2d543d20SAndroid Build Coastguard Worker *intptr = 1;
220*2d543d20SAndroid Build Coastguard Worker else if (strncasecmp
221*2d543d20SAndroid Build Coastguard Worker (value, "false", sizeof("false") - 1))
222*2d543d20SAndroid Build Coastguard Worker *intptr = 0;
223*2d543d20SAndroid Build Coastguard Worker }
224*2d543d20SAndroid Build Coastguard Worker free(line_buf);
225*2d543d20SAndroid Build Coastguard Worker fclose(fp);
226*2d543d20SAndroid Build Coastguard Worker }
227*2d543d20SAndroid Build Coastguard Worker
228*2d543d20SAndroid Build Coastguard Worker if (!selinux_policytype && setpolicytype(SELINUXDEFAULT) != 0)
229*2d543d20SAndroid Build Coastguard Worker return;
230*2d543d20SAndroid Build Coastguard Worker
231*2d543d20SAndroid Build Coastguard Worker if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, selinux_policytype) == -1)
232*2d543d20SAndroid Build Coastguard Worker return;
233*2d543d20SAndroid Build Coastguard Worker
234*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < NEL; i++)
235*2d543d20SAndroid Build Coastguard Worker if (asprintf(&file_paths[i], "%s%s",
236*2d543d20SAndroid Build Coastguard Worker selinux_policyroot,
237*2d543d20SAndroid Build Coastguard Worker file_path_suffixes_data.str +
238*2d543d20SAndroid Build Coastguard Worker file_path_suffixes_idx[i])
239*2d543d20SAndroid Build Coastguard Worker == -1)
240*2d543d20SAndroid Build Coastguard Worker return;
241*2d543d20SAndroid Build Coastguard Worker }
242*2d543d20SAndroid Build Coastguard Worker
243*2d543d20SAndroid Build Coastguard Worker static void fini_selinux_policyroot(void) __attribute__ ((destructor));
244*2d543d20SAndroid Build Coastguard Worker
fini_selinux_policyroot(void)245*2d543d20SAndroid Build Coastguard Worker static void fini_selinux_policyroot(void)
246*2d543d20SAndroid Build Coastguard Worker {
247*2d543d20SAndroid Build Coastguard Worker int i;
248*2d543d20SAndroid Build Coastguard Worker free(selinux_policyroot);
249*2d543d20SAndroid Build Coastguard Worker selinux_policyroot = NULL;
250*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < NEL; i++) {
251*2d543d20SAndroid Build Coastguard Worker free(file_paths[i]);
252*2d543d20SAndroid Build Coastguard Worker file_paths[i] = NULL;
253*2d543d20SAndroid Build Coastguard Worker }
254*2d543d20SAndroid Build Coastguard Worker free(selinux_policytype);
255*2d543d20SAndroid Build Coastguard Worker selinux_policytype = NULL;
256*2d543d20SAndroid Build Coastguard Worker }
257*2d543d20SAndroid Build Coastguard Worker
selinux_reset_config(void)258*2d543d20SAndroid Build Coastguard Worker void selinux_reset_config(void)
259*2d543d20SAndroid Build Coastguard Worker {
260*2d543d20SAndroid Build Coastguard Worker fini_selinux_policyroot();
261*2d543d20SAndroid Build Coastguard Worker init_selinux_config();
262*2d543d20SAndroid Build Coastguard Worker }
263*2d543d20SAndroid Build Coastguard Worker
264*2d543d20SAndroid Build Coastguard Worker
get_path(int idx)265*2d543d20SAndroid Build Coastguard Worker static const char *get_path(int idx)
266*2d543d20SAndroid Build Coastguard Worker {
267*2d543d20SAndroid Build Coastguard Worker __selinux_once(once, init_selinux_config);
268*2d543d20SAndroid Build Coastguard Worker return file_paths[idx];
269*2d543d20SAndroid Build Coastguard Worker }
270*2d543d20SAndroid Build Coastguard Worker
selinux_default_type_path(void)271*2d543d20SAndroid Build Coastguard Worker const char *selinux_default_type_path(void)
272*2d543d20SAndroid Build Coastguard Worker {
273*2d543d20SAndroid Build Coastguard Worker return get_path(DEFAULT_TYPE);
274*2d543d20SAndroid Build Coastguard Worker }
275*2d543d20SAndroid Build Coastguard Worker
276*2d543d20SAndroid Build Coastguard Worker
selinux_policy_root(void)277*2d543d20SAndroid Build Coastguard Worker const char *selinux_policy_root(void)
278*2d543d20SAndroid Build Coastguard Worker {
279*2d543d20SAndroid Build Coastguard Worker __selinux_once(once, init_selinux_config);
280*2d543d20SAndroid Build Coastguard Worker return selinux_policyroot;
281*2d543d20SAndroid Build Coastguard Worker }
282*2d543d20SAndroid Build Coastguard Worker
selinux_set_policy_root(const char * path)283*2d543d20SAndroid Build Coastguard Worker int selinux_set_policy_root(const char *path)
284*2d543d20SAndroid Build Coastguard Worker {
285*2d543d20SAndroid Build Coastguard Worker int i;
286*2d543d20SAndroid Build Coastguard Worker char *policy_type = strrchr(path, '/');
287*2d543d20SAndroid Build Coastguard Worker if (!policy_type) {
288*2d543d20SAndroid Build Coastguard Worker errno = EINVAL;
289*2d543d20SAndroid Build Coastguard Worker return -1;
290*2d543d20SAndroid Build Coastguard Worker }
291*2d543d20SAndroid Build Coastguard Worker policy_type++;
292*2d543d20SAndroid Build Coastguard Worker
293*2d543d20SAndroid Build Coastguard Worker fini_selinux_policyroot();
294*2d543d20SAndroid Build Coastguard Worker
295*2d543d20SAndroid Build Coastguard Worker selinux_policyroot = strdup(path);
296*2d543d20SAndroid Build Coastguard Worker if (! selinux_policyroot)
297*2d543d20SAndroid Build Coastguard Worker return -1;
298*2d543d20SAndroid Build Coastguard Worker
299*2d543d20SAndroid Build Coastguard Worker if (setpolicytype(policy_type) != 0)
300*2d543d20SAndroid Build Coastguard Worker return -1;
301*2d543d20SAndroid Build Coastguard Worker
302*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < NEL; i++)
303*2d543d20SAndroid Build Coastguard Worker if (asprintf(&file_paths[i], "%s%s",
304*2d543d20SAndroid Build Coastguard Worker selinux_policyroot,
305*2d543d20SAndroid Build Coastguard Worker file_path_suffixes_data.str +
306*2d543d20SAndroid Build Coastguard Worker file_path_suffixes_idx[i])
307*2d543d20SAndroid Build Coastguard Worker == -1)
308*2d543d20SAndroid Build Coastguard Worker return -1;
309*2d543d20SAndroid Build Coastguard Worker
310*2d543d20SAndroid Build Coastguard Worker return 0;
311*2d543d20SAndroid Build Coastguard Worker }
312*2d543d20SAndroid Build Coastguard Worker
selinux_path(void)313*2d543d20SAndroid Build Coastguard Worker const char *selinux_path(void)
314*2d543d20SAndroid Build Coastguard Worker {
315*2d543d20SAndroid Build Coastguard Worker return selinux_rootpath;
316*2d543d20SAndroid Build Coastguard Worker }
317*2d543d20SAndroid Build Coastguard Worker
318*2d543d20SAndroid Build Coastguard Worker
selinux_default_context_path(void)319*2d543d20SAndroid Build Coastguard Worker const char *selinux_default_context_path(void)
320*2d543d20SAndroid Build Coastguard Worker {
321*2d543d20SAndroid Build Coastguard Worker return get_path(DEFAULT_CONTEXTS);
322*2d543d20SAndroid Build Coastguard Worker }
323*2d543d20SAndroid Build Coastguard Worker
324*2d543d20SAndroid Build Coastguard Worker
selinux_securetty_types_path(void)325*2d543d20SAndroid Build Coastguard Worker const char *selinux_securetty_types_path(void)
326*2d543d20SAndroid Build Coastguard Worker {
327*2d543d20SAndroid Build Coastguard Worker return get_path(SECURETTY_TYPES);
328*2d543d20SAndroid Build Coastguard Worker }
329*2d543d20SAndroid Build Coastguard Worker
330*2d543d20SAndroid Build Coastguard Worker
selinux_failsafe_context_path(void)331*2d543d20SAndroid Build Coastguard Worker const char *selinux_failsafe_context_path(void)
332*2d543d20SAndroid Build Coastguard Worker {
333*2d543d20SAndroid Build Coastguard Worker return get_path(FAILSAFE_CONTEXT);
334*2d543d20SAndroid Build Coastguard Worker }
335*2d543d20SAndroid Build Coastguard Worker
336*2d543d20SAndroid Build Coastguard Worker
selinux_removable_context_path(void)337*2d543d20SAndroid Build Coastguard Worker const char *selinux_removable_context_path(void)
338*2d543d20SAndroid Build Coastguard Worker {
339*2d543d20SAndroid Build Coastguard Worker return get_path(REMOVABLE_CONTEXT);
340*2d543d20SAndroid Build Coastguard Worker }
341*2d543d20SAndroid Build Coastguard Worker
342*2d543d20SAndroid Build Coastguard Worker
selinux_binary_policy_path(void)343*2d543d20SAndroid Build Coastguard Worker const char *selinux_binary_policy_path(void)
344*2d543d20SAndroid Build Coastguard Worker {
345*2d543d20SAndroid Build Coastguard Worker return get_path(BINPOLICY);
346*2d543d20SAndroid Build Coastguard Worker }
347*2d543d20SAndroid Build Coastguard Worker
348*2d543d20SAndroid Build Coastguard Worker
selinux_current_policy_path(void)349*2d543d20SAndroid Build Coastguard Worker const char *selinux_current_policy_path(void)
350*2d543d20SAndroid Build Coastguard Worker {
351*2d543d20SAndroid Build Coastguard Worker int rc = 0;
352*2d543d20SAndroid Build Coastguard Worker int vers = 0;
353*2d543d20SAndroid Build Coastguard Worker static char policy_path[PATH_MAX];
354*2d543d20SAndroid Build Coastguard Worker
355*2d543d20SAndroid Build Coastguard Worker if (selinux_mnt) {
356*2d543d20SAndroid Build Coastguard Worker snprintf(policy_path, sizeof(policy_path), "%s/policy", selinux_mnt);
357*2d543d20SAndroid Build Coastguard Worker if (access(policy_path, F_OK) == 0 ) {
358*2d543d20SAndroid Build Coastguard Worker return policy_path;
359*2d543d20SAndroid Build Coastguard Worker }
360*2d543d20SAndroid Build Coastguard Worker }
361*2d543d20SAndroid Build Coastguard Worker vers = security_policyvers();
362*2d543d20SAndroid Build Coastguard Worker do {
363*2d543d20SAndroid Build Coastguard Worker /* Check prior versions to see if old policy is available */
364*2d543d20SAndroid Build Coastguard Worker snprintf(policy_path, sizeof(policy_path), "%s.%d",
365*2d543d20SAndroid Build Coastguard Worker selinux_binary_policy_path(), vers);
366*2d543d20SAndroid Build Coastguard Worker } while ((rc = access(policy_path, F_OK)) && --vers > 0);
367*2d543d20SAndroid Build Coastguard Worker
368*2d543d20SAndroid Build Coastguard Worker if (rc) return NULL;
369*2d543d20SAndroid Build Coastguard Worker return policy_path;
370*2d543d20SAndroid Build Coastguard Worker }
371*2d543d20SAndroid Build Coastguard Worker
372*2d543d20SAndroid Build Coastguard Worker
selinux_file_context_path(void)373*2d543d20SAndroid Build Coastguard Worker const char *selinux_file_context_path(void)
374*2d543d20SAndroid Build Coastguard Worker {
375*2d543d20SAndroid Build Coastguard Worker return get_path(FILE_CONTEXTS);
376*2d543d20SAndroid Build Coastguard Worker }
377*2d543d20SAndroid Build Coastguard Worker
378*2d543d20SAndroid Build Coastguard Worker
selinux_homedir_context_path(void)379*2d543d20SAndroid Build Coastguard Worker const char *selinux_homedir_context_path(void)
380*2d543d20SAndroid Build Coastguard Worker {
381*2d543d20SAndroid Build Coastguard Worker return get_path(HOMEDIR_CONTEXTS);
382*2d543d20SAndroid Build Coastguard Worker }
383*2d543d20SAndroid Build Coastguard Worker
384*2d543d20SAndroid Build Coastguard Worker
selinux_media_context_path(void)385*2d543d20SAndroid Build Coastguard Worker const char *selinux_media_context_path(void)
386*2d543d20SAndroid Build Coastguard Worker {
387*2d543d20SAndroid Build Coastguard Worker return get_path(MEDIA_CONTEXTS);
388*2d543d20SAndroid Build Coastguard Worker }
389*2d543d20SAndroid Build Coastguard Worker
390*2d543d20SAndroid Build Coastguard Worker
selinux_customizable_types_path(void)391*2d543d20SAndroid Build Coastguard Worker const char *selinux_customizable_types_path(void)
392*2d543d20SAndroid Build Coastguard Worker {
393*2d543d20SAndroid Build Coastguard Worker return get_path(CUSTOMIZABLE_TYPES);
394*2d543d20SAndroid Build Coastguard Worker }
395*2d543d20SAndroid Build Coastguard Worker
396*2d543d20SAndroid Build Coastguard Worker
selinux_contexts_path(void)397*2d543d20SAndroid Build Coastguard Worker const char *selinux_contexts_path(void)
398*2d543d20SAndroid Build Coastguard Worker {
399*2d543d20SAndroid Build Coastguard Worker return get_path(CONTEXTS_DIR);
400*2d543d20SAndroid Build Coastguard Worker }
401*2d543d20SAndroid Build Coastguard Worker
selinux_user_contexts_path(void)402*2d543d20SAndroid Build Coastguard Worker const char *selinux_user_contexts_path(void)
403*2d543d20SAndroid Build Coastguard Worker {
404*2d543d20SAndroid Build Coastguard Worker return get_path(USER_CONTEXTS);
405*2d543d20SAndroid Build Coastguard Worker }
406*2d543d20SAndroid Build Coastguard Worker
407*2d543d20SAndroid Build Coastguard Worker
408*2d543d20SAndroid Build Coastguard Worker /* Deprecated as local policy booleans no longer supported. */
selinux_booleans_path(void)409*2d543d20SAndroid Build Coastguard Worker const char *selinux_booleans_path(void)
410*2d543d20SAndroid Build Coastguard Worker {
411*2d543d20SAndroid Build Coastguard Worker return get_path(BOOLEANS);
412*2d543d20SAndroid Build Coastguard Worker }
413*2d543d20SAndroid Build Coastguard Worker
414*2d543d20SAndroid Build Coastguard Worker
415*2d543d20SAndroid Build Coastguard Worker /* Deprecated as no longer supported. */
selinux_users_path(void)416*2d543d20SAndroid Build Coastguard Worker const char *selinux_users_path(void)
417*2d543d20SAndroid Build Coastguard Worker {
418*2d543d20SAndroid Build Coastguard Worker return get_path(USERS_DIR);
419*2d543d20SAndroid Build Coastguard Worker }
420*2d543d20SAndroid Build Coastguard Worker
421*2d543d20SAndroid Build Coastguard Worker
selinux_usersconf_path(void)422*2d543d20SAndroid Build Coastguard Worker const char *selinux_usersconf_path(void)
423*2d543d20SAndroid Build Coastguard Worker {
424*2d543d20SAndroid Build Coastguard Worker return get_path(SEUSERS);
425*2d543d20SAndroid Build Coastguard Worker }
426*2d543d20SAndroid Build Coastguard Worker
427*2d543d20SAndroid Build Coastguard Worker
selinux_translations_path(void)428*2d543d20SAndroid Build Coastguard Worker const char *selinux_translations_path(void)
429*2d543d20SAndroid Build Coastguard Worker {
430*2d543d20SAndroid Build Coastguard Worker return get_path(TRANSLATIONS);
431*2d543d20SAndroid Build Coastguard Worker }
432*2d543d20SAndroid Build Coastguard Worker
433*2d543d20SAndroid Build Coastguard Worker
selinux_colors_path(void)434*2d543d20SAndroid Build Coastguard Worker const char *selinux_colors_path(void)
435*2d543d20SAndroid Build Coastguard Worker {
436*2d543d20SAndroid Build Coastguard Worker return get_path(COLORS);
437*2d543d20SAndroid Build Coastguard Worker }
438*2d543d20SAndroid Build Coastguard Worker
439*2d543d20SAndroid Build Coastguard Worker
selinux_netfilter_context_path(void)440*2d543d20SAndroid Build Coastguard Worker const char *selinux_netfilter_context_path(void)
441*2d543d20SAndroid Build Coastguard Worker {
442*2d543d20SAndroid Build Coastguard Worker return get_path(NETFILTER_CONTEXTS);
443*2d543d20SAndroid Build Coastguard Worker }
444*2d543d20SAndroid Build Coastguard Worker
445*2d543d20SAndroid Build Coastguard Worker
selinux_file_context_homedir_path(void)446*2d543d20SAndroid Build Coastguard Worker const char *selinux_file_context_homedir_path(void)
447*2d543d20SAndroid Build Coastguard Worker {
448*2d543d20SAndroid Build Coastguard Worker return get_path(FILE_CONTEXTS_HOMEDIR);
449*2d543d20SAndroid Build Coastguard Worker }
450*2d543d20SAndroid Build Coastguard Worker
451*2d543d20SAndroid Build Coastguard Worker
selinux_file_context_local_path(void)452*2d543d20SAndroid Build Coastguard Worker const char *selinux_file_context_local_path(void)
453*2d543d20SAndroid Build Coastguard Worker {
454*2d543d20SAndroid Build Coastguard Worker return get_path(FILE_CONTEXTS_LOCAL);
455*2d543d20SAndroid Build Coastguard Worker }
456*2d543d20SAndroid Build Coastguard Worker
457*2d543d20SAndroid Build Coastguard Worker
selinux_x_context_path(void)458*2d543d20SAndroid Build Coastguard Worker const char *selinux_x_context_path(void)
459*2d543d20SAndroid Build Coastguard Worker {
460*2d543d20SAndroid Build Coastguard Worker return get_path(X_CONTEXTS);
461*2d543d20SAndroid Build Coastguard Worker }
462*2d543d20SAndroid Build Coastguard Worker
463*2d543d20SAndroid Build Coastguard Worker
selinux_virtual_domain_context_path(void)464*2d543d20SAndroid Build Coastguard Worker const char *selinux_virtual_domain_context_path(void)
465*2d543d20SAndroid Build Coastguard Worker {
466*2d543d20SAndroid Build Coastguard Worker return get_path(VIRTUAL_DOMAIN);
467*2d543d20SAndroid Build Coastguard Worker }
468*2d543d20SAndroid Build Coastguard Worker
469*2d543d20SAndroid Build Coastguard Worker
selinux_virtual_image_context_path(void)470*2d543d20SAndroid Build Coastguard Worker const char *selinux_virtual_image_context_path(void)
471*2d543d20SAndroid Build Coastguard Worker {
472*2d543d20SAndroid Build Coastguard Worker return get_path(VIRTUAL_IMAGE);
473*2d543d20SAndroid Build Coastguard Worker }
474*2d543d20SAndroid Build Coastguard Worker
475*2d543d20SAndroid Build Coastguard Worker
selinux_lxc_contexts_path(void)476*2d543d20SAndroid Build Coastguard Worker const char *selinux_lxc_contexts_path(void)
477*2d543d20SAndroid Build Coastguard Worker {
478*2d543d20SAndroid Build Coastguard Worker return get_path(LXC_CONTEXTS);
479*2d543d20SAndroid Build Coastguard Worker }
480*2d543d20SAndroid Build Coastguard Worker
481*2d543d20SAndroid Build Coastguard Worker
selinux_openrc_contexts_path(void)482*2d543d20SAndroid Build Coastguard Worker const char *selinux_openrc_contexts_path(void)
483*2d543d20SAndroid Build Coastguard Worker {
484*2d543d20SAndroid Build Coastguard Worker return get_path(OPENRC_CONTEXTS);
485*2d543d20SAndroid Build Coastguard Worker }
486*2d543d20SAndroid Build Coastguard Worker
487*2d543d20SAndroid Build Coastguard Worker
selinux_openssh_contexts_path(void)488*2d543d20SAndroid Build Coastguard Worker const char *selinux_openssh_contexts_path(void)
489*2d543d20SAndroid Build Coastguard Worker {
490*2d543d20SAndroid Build Coastguard Worker return get_path(OPENSSH_CONTEXTS);
491*2d543d20SAndroid Build Coastguard Worker }
492*2d543d20SAndroid Build Coastguard Worker
493*2d543d20SAndroid Build Coastguard Worker
selinux_snapperd_contexts_path(void)494*2d543d20SAndroid Build Coastguard Worker const char *selinux_snapperd_contexts_path(void)
495*2d543d20SAndroid Build Coastguard Worker {
496*2d543d20SAndroid Build Coastguard Worker return get_path(SNAPPERD_CONTEXTS);
497*2d543d20SAndroid Build Coastguard Worker }
498*2d543d20SAndroid Build Coastguard Worker
499*2d543d20SAndroid Build Coastguard Worker
selinux_systemd_contexts_path(void)500*2d543d20SAndroid Build Coastguard Worker const char *selinux_systemd_contexts_path(void)
501*2d543d20SAndroid Build Coastguard Worker {
502*2d543d20SAndroid Build Coastguard Worker return get_path(SYSTEMD_CONTEXTS);
503*2d543d20SAndroid Build Coastguard Worker }
504*2d543d20SAndroid Build Coastguard Worker
505*2d543d20SAndroid Build Coastguard Worker
selinux_booleans_subs_path(void)506*2d543d20SAndroid Build Coastguard Worker const char * selinux_booleans_subs_path(void) {
507*2d543d20SAndroid Build Coastguard Worker return get_path(BOOLEAN_SUBS);
508*2d543d20SAndroid Build Coastguard Worker }
509*2d543d20SAndroid Build Coastguard Worker
510*2d543d20SAndroid Build Coastguard Worker
selinux_file_context_subs_path(void)511*2d543d20SAndroid Build Coastguard Worker const char * selinux_file_context_subs_path(void) {
512*2d543d20SAndroid Build Coastguard Worker return get_path(FILE_CONTEXT_SUBS);
513*2d543d20SAndroid Build Coastguard Worker }
514*2d543d20SAndroid Build Coastguard Worker
515*2d543d20SAndroid Build Coastguard Worker
selinux_file_context_subs_dist_path(void)516*2d543d20SAndroid Build Coastguard Worker const char * selinux_file_context_subs_dist_path(void) {
517*2d543d20SAndroid Build Coastguard Worker return get_path(FILE_CONTEXT_SUBS_DIST);
518*2d543d20SAndroid Build Coastguard Worker }
519*2d543d20SAndroid Build Coastguard Worker
520*2d543d20SAndroid Build Coastguard Worker
selinux_sepgsql_context_path(void)521*2d543d20SAndroid Build Coastguard Worker const char *selinux_sepgsql_context_path(void)
522*2d543d20SAndroid Build Coastguard Worker {
523*2d543d20SAndroid Build Coastguard Worker return get_path(SEPGSQL_CONTEXTS);
524*2d543d20SAndroid Build Coastguard Worker }
525*2d543d20SAndroid Build Coastguard Worker
526