1*2d543d20SAndroid Build Coastguard Worker /* Authors: Joshua Brindle <[email protected]> 2*2d543d20SAndroid Build Coastguard Worker * Jason Tang <[email protected]> 3*2d543d20SAndroid Build Coastguard Worker * 4*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2005 Tresys Technology, LLC 5*2d543d20SAndroid Build Coastguard Worker * 6*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or 7*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public 8*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either 9*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version. 10*2d543d20SAndroid Build Coastguard Worker * 11*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful, 12*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 13*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details. 15*2d543d20SAndroid Build Coastguard Worker * 16*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public 17*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software 18*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19*2d543d20SAndroid Build Coastguard Worker */ 20*2d543d20SAndroid Build Coastguard Worker 21*2d543d20SAndroid Build Coastguard Worker #ifndef _SEMANAGE_HANDLE_H_ 22*2d543d20SAndroid Build Coastguard Worker #define _SEMANAGE_HANDLE_H_ 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker #include <stdint.h> 25*2d543d20SAndroid Build Coastguard Worker 26*2d543d20SAndroid Build Coastguard Worker /* All accesses with semanage are through a "semanage_handle". The 27*2d543d20SAndroid Build Coastguard Worker * handle may ultimately reference local config files, 28*2d543d20SAndroid Build Coastguard Worker * the binary policy file, a module store, or a policy management server. 29*2d543d20SAndroid Build Coastguard Worker */ 30*2d543d20SAndroid Build Coastguard Worker struct semanage_handle; 31*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_handle semanage_handle_t; 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Worker /* Create and return a semanage handle. 34*2d543d20SAndroid Build Coastguard Worker The handle is initially in the disconnected state. */ 35*2d543d20SAndroid Build Coastguard Worker extern semanage_handle_t *semanage_handle_create(void); 36*2d543d20SAndroid Build Coastguard Worker 37*2d543d20SAndroid Build Coastguard Worker /* Deallocate all space associated with a semanage_handle_t, including 38*2d543d20SAndroid Build Coastguard Worker * the pointer itself. CAUTION: this function does not disconnect 39*2d543d20SAndroid Build Coastguard Worker * from the backend; be sure that a semanage_disconnect() was 40*2d543d20SAndroid Build Coastguard Worker * previously called if the handle was connected. */ 41*2d543d20SAndroid Build Coastguard Worker extern void semanage_handle_destroy(semanage_handle_t *); 42*2d543d20SAndroid Build Coastguard Worker 43*2d543d20SAndroid Build Coastguard Worker /* This is the type of connection to the store, for now only 44*2d543d20SAndroid Build Coastguard Worker * direct is supported */ 45*2d543d20SAndroid Build Coastguard Worker enum semanage_connect_type { 46*2d543d20SAndroid Build Coastguard Worker SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT, 47*2d543d20SAndroid Build Coastguard Worker SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE 48*2d543d20SAndroid Build Coastguard Worker }; 49*2d543d20SAndroid Build Coastguard Worker 50*2d543d20SAndroid Build Coastguard Worker /* This function allows you to specify the store to connect to. 51*2d543d20SAndroid Build Coastguard Worker * It must be called after semanage_handle_create but before 52*2d543d20SAndroid Build Coastguard Worker * semanage_connect. The argument should be the full path to the store. 53*2d543d20SAndroid Build Coastguard Worker */ 54*2d543d20SAndroid Build Coastguard Worker extern void semanage_select_store(semanage_handle_t * handle, char *path, 55*2d543d20SAndroid Build Coastguard Worker enum semanage_connect_type storetype); 56*2d543d20SAndroid Build Coastguard Worker 57*2d543d20SAndroid Build Coastguard Worker /* Just reload the policy */ 58*2d543d20SAndroid Build Coastguard Worker extern int semanage_reload_policy(semanage_handle_t * handle); 59*2d543d20SAndroid Build Coastguard Worker 60*2d543d20SAndroid Build Coastguard Worker /* set whether to reload the policy or not after a commit, 61*2d543d20SAndroid Build Coastguard Worker * 1 for yes (default), 0 for no */ 62*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_reload(semanage_handle_t * handle, int do_reload); 63*2d543d20SAndroid Build Coastguard Worker 64*2d543d20SAndroid Build Coastguard Worker /* set whether to rebuild the policy on commit, even if no 65*2d543d20SAndroid Build Coastguard Worker * changes were performed. 66*2d543d20SAndroid Build Coastguard Worker * 1 for yes, 0 for no (default) */ 67*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); 68*2d543d20SAndroid Build Coastguard Worker 69*2d543d20SAndroid Build Coastguard Worker /* set whether to rebuild the policy on commit when potential changes 70*2d543d20SAndroid Build Coastguard Worker * to store files since last rebuild are detected, 71*2d543d20SAndroid Build Coastguard Worker * 1 for yes (default), 0 for no */ 72*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_check_ext_changes(semanage_handle_t * handle, int do_check); 73*2d543d20SAndroid Build Coastguard Worker 74*2d543d20SAndroid Build Coastguard Worker /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path 75*2d543d20SAndroid Build Coastguard Worker * corresponding to lang_ext. 76*2d543d20SAndroid Build Coastguard Worker * Upon success returns 0, -1 on error. */ 77*2d543d20SAndroid Build Coastguard Worker extern int semanage_get_hll_compiler_path(semanage_handle_t *sh, char *lang_ext, char **compiler_path); 78*2d543d20SAndroid Build Coastguard Worker 79*2d543d20SAndroid Build Coastguard Worker /* create the store if it does not exist, this only has an effect on 80*2d543d20SAndroid Build Coastguard Worker * direct connections and must be called before semanage_connect 81*2d543d20SAndroid Build Coastguard Worker * 1 for yes, 0 for no (default) */ 82*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_create_store(semanage_handle_t * handle, int create_store); 83*2d543d20SAndroid Build Coastguard Worker 84*2d543d20SAndroid Build Coastguard Worker /*Get whether or not dontaudits will be disabled upon commit */ 85*2d543d20SAndroid Build Coastguard Worker extern int semanage_get_disable_dontaudit(semanage_handle_t * handle); 86*2d543d20SAndroid Build Coastguard Worker 87*2d543d20SAndroid Build Coastguard Worker /* Set whether or not to disable dontaudits upon commit */ 88*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit); 89*2d543d20SAndroid Build Coastguard Worker 90*2d543d20SAndroid Build Coastguard Worker /* Set whether or not to execute setfiles to check file contexts upon commit */ 91*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts); 92*2d543d20SAndroid Build Coastguard Worker 93*2d543d20SAndroid Build Coastguard Worker /* Get the default priority. */ 94*2d543d20SAndroid Build Coastguard Worker extern uint16_t semanage_get_default_priority(semanage_handle_t *sh); 95*2d543d20SAndroid Build Coastguard Worker 96*2d543d20SAndroid Build Coastguard Worker /* Set the default priority. */ 97*2d543d20SAndroid Build Coastguard Worker extern int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority); 98*2d543d20SAndroid Build Coastguard Worker 99*2d543d20SAndroid Build Coastguard Worker /* Check whether policy is managed via libsemanage on this system. 100*2d543d20SAndroid Build Coastguard Worker * Must be called prior to trying to connect. 101*2d543d20SAndroid Build Coastguard Worker * Return 1 if policy is managed via libsemanage on this system, 102*2d543d20SAndroid Build Coastguard Worker * 0 if policy is not managed, or -1 on error. 103*2d543d20SAndroid Build Coastguard Worker */ 104*2d543d20SAndroid Build Coastguard Worker extern int semanage_is_managed(semanage_handle_t *); 105*2d543d20SAndroid Build Coastguard Worker 106*2d543d20SAndroid Build Coastguard Worker /* "Connect" to a manager based on the configuration and 107*2d543d20SAndroid Build Coastguard Worker * associate the provided handle with the connection. 108*2d543d20SAndroid Build Coastguard Worker * If the connect fails then this function returns a negative value, 109*2d543d20SAndroid Build Coastguard Worker * else it returns zero. 110*2d543d20SAndroid Build Coastguard Worker */ 111*2d543d20SAndroid Build Coastguard Worker extern int semanage_connect(semanage_handle_t *); 112*2d543d20SAndroid Build Coastguard Worker 113*2d543d20SAndroid Build Coastguard Worker /* Disconnect from the manager given by the handle. If already 114*2d543d20SAndroid Build Coastguard Worker * disconnected then this function does nothing. Return 0 if 115*2d543d20SAndroid Build Coastguard Worker * disconnected properly or already disconnected, negative value on 116*2d543d20SAndroid Build Coastguard Worker * error. */ 117*2d543d20SAndroid Build Coastguard Worker extern int semanage_disconnect(semanage_handle_t *); 118*2d543d20SAndroid Build Coastguard Worker 119*2d543d20SAndroid Build Coastguard Worker /* Attempt to obtain a transaction lock on the manager. If another 120*2d543d20SAndroid Build Coastguard Worker * process has the lock then this function may block, depending upon 121*2d543d20SAndroid Build Coastguard Worker * the timeout value in the handle. 122*2d543d20SAndroid Build Coastguard Worker * 123*2d543d20SAndroid Build Coastguard Worker * Note that if the semanage_handle has not yet obtained a transaction 124*2d543d20SAndroid Build Coastguard Worker * lock whenever a writer function is called, there will be an 125*2d543d20SAndroid Build Coastguard Worker * implicit call to this function. */ 126*2d543d20SAndroid Build Coastguard Worker extern int semanage_begin_transaction(semanage_handle_t *); 127*2d543d20SAndroid Build Coastguard Worker 128*2d543d20SAndroid Build Coastguard Worker /* Attempt to commit all changes since this transaction began. If the 129*2d543d20SAndroid Build Coastguard Worker * commit is successful then increment the "policy sequence number" 130*2d543d20SAndroid Build Coastguard Worker * and then release the transaction lock. Return that policy number 131*2d543d20SAndroid Build Coastguard Worker * afterwards, or -1 on error. 132*2d543d20SAndroid Build Coastguard Worker */ 133*2d543d20SAndroid Build Coastguard Worker extern int semanage_commit(semanage_handle_t *); 134*2d543d20SAndroid Build Coastguard Worker 135*2d543d20SAndroid Build Coastguard Worker #define SEMANAGE_CAN_READ 1 136*2d543d20SAndroid Build Coastguard Worker #define SEMANAGE_CAN_WRITE 2 137*2d543d20SAndroid Build Coastguard Worker /* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable 138*2d543d20SAndroid Build Coastguard Worker * or writable, respectively. <0 if an error occurred */ 139*2d543d20SAndroid Build Coastguard Worker extern int semanage_access_check(semanage_handle_t * sh); 140*2d543d20SAndroid Build Coastguard Worker 141*2d543d20SAndroid Build Coastguard Worker /* returns 0 if not connected, 1 if connected */ 142*2d543d20SAndroid Build Coastguard Worker extern int semanage_is_connected(semanage_handle_t * sh); 143*2d543d20SAndroid Build Coastguard Worker 144*2d543d20SAndroid Build Coastguard Worker /* returns 1 if policy is MLS, 0 otherwise. */ 145*2d543d20SAndroid Build Coastguard Worker extern int semanage_mls_enabled(semanage_handle_t *sh); 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Worker /* Change to alternate semanage root path */ 148*2d543d20SAndroid Build Coastguard Worker extern int semanage_set_root(const char *path); 149*2d543d20SAndroid Build Coastguard Worker 150*2d543d20SAndroid Build Coastguard Worker /* Get the current semanage root path */ 151*2d543d20SAndroid Build Coastguard Worker extern const char * semanage_root(void); 152*2d543d20SAndroid Build Coastguard Worker 153*2d543d20SAndroid Build Coastguard Worker /* Get whether or not needless unused branch of tunables would be preserved */ 154*2d543d20SAndroid Build Coastguard Worker extern int semanage_get_preserve_tunables(semanage_handle_t * handle); 155*2d543d20SAndroid Build Coastguard Worker 156*2d543d20SAndroid Build Coastguard Worker /* Set whether or not to preserve the needless unused branch of tunables */ 157*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_preserve_tunables(semanage_handle_t * handle, int preserve_tunables); 158*2d543d20SAndroid Build Coastguard Worker 159*2d543d20SAndroid Build Coastguard Worker /* Get the flag value for whether or not caching is ignored for compiled CIL modules from HLL files */ 160*2d543d20SAndroid Build Coastguard Worker extern int semanage_get_ignore_module_cache(semanage_handle_t *handle); 161*2d543d20SAndroid Build Coastguard Worker 162*2d543d20SAndroid Build Coastguard Worker /* Set semanage_handle flag for whether or not to ignore caching of compiled CIL modules from HLL files */ 163*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_ignore_module_cache(semanage_handle_t *handle, int ignore_module_cache); 164*2d543d20SAndroid Build Coastguard Worker 165*2d543d20SAndroid Build Coastguard Worker /* set the store root path for semanage output files */ 166*2d543d20SAndroid Build Coastguard Worker extern void semanage_set_store_root(semanage_handle_t *sh, const char *store_root); 167*2d543d20SAndroid Build Coastguard Worker 168*2d543d20SAndroid Build Coastguard Worker /* META NOTES 169*2d543d20SAndroid Build Coastguard Worker * 170*2d543d20SAndroid Build Coastguard Worker * For all functions a non-negative number indicates success. For some 171*2d543d20SAndroid Build Coastguard Worker * functions a >=0 returned value is the "policy sequence number". This 172*2d543d20SAndroid Build Coastguard Worker * number keeps tracks of policy revisions and is used to detect if 173*2d543d20SAndroid Build Coastguard Worker * one semanage client has committed policy changes while another is 174*2d543d20SAndroid Build Coastguard Worker * still connected. 175*2d543d20SAndroid Build Coastguard Worker */ 176*2d543d20SAndroid Build Coastguard Worker 177*2d543d20SAndroid Build Coastguard Worker #endif 178