1*2d543d20SAndroid Build Coastguard Worker /* Author: Joshua Brindle <[email protected]
2*2d543d20SAndroid Build Coastguard Worker * Jason Tang <[email protected]>
3*2d543d20SAndroid Build Coastguard Worker *
4*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2004-2005 Tresys Technology, LLC
5*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2005 Red Hat, Inc.
6*2d543d20SAndroid Build Coastguard Worker *
7*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or
8*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public
9*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either
10*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version.
11*2d543d20SAndroid Build Coastguard Worker *
12*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful,
13*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of
14*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details.
16*2d543d20SAndroid Build Coastguard Worker *
17*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public
18*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software
19*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
20*2d543d20SAndroid Build Coastguard Worker */
21*2d543d20SAndroid Build Coastguard Worker
22*2d543d20SAndroid Build Coastguard Worker /* This file implements only the publicly-visible handle functions to libsemanage. */
23*2d543d20SAndroid Build Coastguard Worker
24*2d543d20SAndroid Build Coastguard Worker #include <selinux/selinux.h>
25*2d543d20SAndroid Build Coastguard Worker
26*2d543d20SAndroid Build Coastguard Worker #include <ctype.h>
27*2d543d20SAndroid Build Coastguard Worker #include <stdarg.h>
28*2d543d20SAndroid Build Coastguard Worker #include <assert.h>
29*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
30*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
31*2d543d20SAndroid Build Coastguard Worker #include <string.h>
32*2d543d20SAndroid Build Coastguard Worker #include <sys/time.h>
33*2d543d20SAndroid Build Coastguard Worker
34*2d543d20SAndroid Build Coastguard Worker #include "direct_api.h"
35*2d543d20SAndroid Build Coastguard Worker #include "handle.h"
36*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
37*2d543d20SAndroid Build Coastguard Worker #include "semanage_conf.h"
38*2d543d20SAndroid Build Coastguard Worker #include "semanage_store.h"
39*2d543d20SAndroid Build Coastguard Worker
40*2d543d20SAndroid Build Coastguard Worker #define SEMANAGE_COMMIT_READ_WAIT 5
41*2d543d20SAndroid Build Coastguard Worker
42*2d543d20SAndroid Build Coastguard Worker static char *private_semanage_root = NULL;
43*2d543d20SAndroid Build Coastguard Worker
semanage_set_root(const char * root)44*2d543d20SAndroid Build Coastguard Worker int semanage_set_root(const char *root)
45*2d543d20SAndroid Build Coastguard Worker {
46*2d543d20SAndroid Build Coastguard Worker free(private_semanage_root);
47*2d543d20SAndroid Build Coastguard Worker private_semanage_root = strdup(root);
48*2d543d20SAndroid Build Coastguard Worker return 0;
49*2d543d20SAndroid Build Coastguard Worker }
50*2d543d20SAndroid Build Coastguard Worker
51*2d543d20SAndroid Build Coastguard Worker
semanage_root(void)52*2d543d20SAndroid Build Coastguard Worker const char * semanage_root(void)
53*2d543d20SAndroid Build Coastguard Worker {
54*2d543d20SAndroid Build Coastguard Worker if (private_semanage_root == NULL) {
55*2d543d20SAndroid Build Coastguard Worker return "";
56*2d543d20SAndroid Build Coastguard Worker }
57*2d543d20SAndroid Build Coastguard Worker return private_semanage_root;
58*2d543d20SAndroid Build Coastguard Worker }
59*2d543d20SAndroid Build Coastguard Worker
60*2d543d20SAndroid Build Coastguard Worker
semanage_handle_create(void)61*2d543d20SAndroid Build Coastguard Worker semanage_handle_t *semanage_handle_create(void)
62*2d543d20SAndroid Build Coastguard Worker {
63*2d543d20SAndroid Build Coastguard Worker semanage_handle_t *sh = NULL;
64*2d543d20SAndroid Build Coastguard Worker char *conf_name = NULL;
65*2d543d20SAndroid Build Coastguard Worker
66*2d543d20SAndroid Build Coastguard Worker /* Allocate handle */
67*2d543d20SAndroid Build Coastguard Worker if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
68*2d543d20SAndroid Build Coastguard Worker goto err;
69*2d543d20SAndroid Build Coastguard Worker
70*2d543d20SAndroid Build Coastguard Worker if ((conf_name = semanage_conf_path()) == NULL)
71*2d543d20SAndroid Build Coastguard Worker goto err;
72*2d543d20SAndroid Build Coastguard Worker
73*2d543d20SAndroid Build Coastguard Worker if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
74*2d543d20SAndroid Build Coastguard Worker goto err;
75*2d543d20SAndroid Build Coastguard Worker
76*2d543d20SAndroid Build Coastguard Worker /* Link to sepol handle */
77*2d543d20SAndroid Build Coastguard Worker sh->sepolh = sepol_handle_create();
78*2d543d20SAndroid Build Coastguard Worker if (!sh->sepolh)
79*2d543d20SAndroid Build Coastguard Worker goto err;
80*2d543d20SAndroid Build Coastguard Worker sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh);
81*2d543d20SAndroid Build Coastguard Worker
82*2d543d20SAndroid Build Coastguard Worker /* Default priority is 400 */
83*2d543d20SAndroid Build Coastguard Worker sh->priority = 400;
84*2d543d20SAndroid Build Coastguard Worker
85*2d543d20SAndroid Build Coastguard Worker /* By default do not rebuild the policy on commit
86*2d543d20SAndroid Build Coastguard Worker * If any changes are made, this flag is ignored */
87*2d543d20SAndroid Build Coastguard Worker sh->do_rebuild = 0;
88*2d543d20SAndroid Build Coastguard Worker
89*2d543d20SAndroid Build Coastguard Worker sh->commit_err = 0;
90*2d543d20SAndroid Build Coastguard Worker
91*2d543d20SAndroid Build Coastguard Worker /* By default always reload policy after commit if SELinux is enabled. */
92*2d543d20SAndroid Build Coastguard Worker sh->do_reload = (is_selinux_enabled() > 0);
93*2d543d20SAndroid Build Coastguard Worker
94*2d543d20SAndroid Build Coastguard Worker /* By default always check the file contexts file. */
95*2d543d20SAndroid Build Coastguard Worker sh->do_check_contexts = 1;
96*2d543d20SAndroid Build Coastguard Worker
97*2d543d20SAndroid Build Coastguard Worker /* By default do not create store */
98*2d543d20SAndroid Build Coastguard Worker sh->create_store = 0;
99*2d543d20SAndroid Build Coastguard Worker
100*2d543d20SAndroid Build Coastguard Worker /* Set timeout: some default value for now, later use config */
101*2d543d20SAndroid Build Coastguard Worker sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
102*2d543d20SAndroid Build Coastguard Worker
103*2d543d20SAndroid Build Coastguard Worker /* Set callback */
104*2d543d20SAndroid Build Coastguard Worker sh->msg_callback = semanage_msg_default_handler;
105*2d543d20SAndroid Build Coastguard Worker sh->msg_callback_arg = NULL;
106*2d543d20SAndroid Build Coastguard Worker
107*2d543d20SAndroid Build Coastguard Worker free(conf_name);
108*2d543d20SAndroid Build Coastguard Worker
109*2d543d20SAndroid Build Coastguard Worker return sh;
110*2d543d20SAndroid Build Coastguard Worker
111*2d543d20SAndroid Build Coastguard Worker err:
112*2d543d20SAndroid Build Coastguard Worker free(conf_name);
113*2d543d20SAndroid Build Coastguard Worker semanage_handle_destroy(sh);
114*2d543d20SAndroid Build Coastguard Worker return NULL;
115*2d543d20SAndroid Build Coastguard Worker }
116*2d543d20SAndroid Build Coastguard Worker
semanage_set_rebuild(semanage_handle_t * sh,int do_rebuild)117*2d543d20SAndroid Build Coastguard Worker void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild)
118*2d543d20SAndroid Build Coastguard Worker {
119*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
120*2d543d20SAndroid Build Coastguard Worker
121*2d543d20SAndroid Build Coastguard Worker sh->do_rebuild = do_rebuild;
122*2d543d20SAndroid Build Coastguard Worker }
123*2d543d20SAndroid Build Coastguard Worker
semanage_set_reload(semanage_handle_t * sh,int do_reload)124*2d543d20SAndroid Build Coastguard Worker void semanage_set_reload(semanage_handle_t * sh, int do_reload)
125*2d543d20SAndroid Build Coastguard Worker {
126*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
127*2d543d20SAndroid Build Coastguard Worker
128*2d543d20SAndroid Build Coastguard Worker sh->do_reload = do_reload;
129*2d543d20SAndroid Build Coastguard Worker }
130*2d543d20SAndroid Build Coastguard Worker
semanage_set_check_ext_changes(semanage_handle_t * sh,int do_check)131*2d543d20SAndroid Build Coastguard Worker void semanage_set_check_ext_changes(semanage_handle_t * sh, int do_check)
132*2d543d20SAndroid Build Coastguard Worker {
133*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
134*2d543d20SAndroid Build Coastguard Worker
135*2d543d20SAndroid Build Coastguard Worker sh->check_ext_changes = do_check;
136*2d543d20SAndroid Build Coastguard Worker }
137*2d543d20SAndroid Build Coastguard Worker
semanage_get_hll_compiler_path(semanage_handle_t * sh,char * lang_ext,char ** compiler_path)138*2d543d20SAndroid Build Coastguard Worker int semanage_get_hll_compiler_path(semanage_handle_t *sh,
139*2d543d20SAndroid Build Coastguard Worker char *lang_ext,
140*2d543d20SAndroid Build Coastguard Worker char **compiler_path)
141*2d543d20SAndroid Build Coastguard Worker {
142*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
143*2d543d20SAndroid Build Coastguard Worker assert(lang_ext != NULL);
144*2d543d20SAndroid Build Coastguard Worker
145*2d543d20SAndroid Build Coastguard Worker int i;
146*2d543d20SAndroid Build Coastguard Worker int status = 0;
147*2d543d20SAndroid Build Coastguard Worker int num_printed = 0;
148*2d543d20SAndroid Build Coastguard Worker size_t len;
149*2d543d20SAndroid Build Coastguard Worker char *compiler = NULL;
150*2d543d20SAndroid Build Coastguard Worker char *lower_lang_ext = NULL;
151*2d543d20SAndroid Build Coastguard Worker
152*2d543d20SAndroid Build Coastguard Worker lower_lang_ext = strdup(lang_ext);
153*2d543d20SAndroid Build Coastguard Worker if (lower_lang_ext == NULL) {
154*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Could not create copy of lang_ext. Out of memory.\n");
155*2d543d20SAndroid Build Coastguard Worker status = -1;
156*2d543d20SAndroid Build Coastguard Worker goto cleanup;
157*2d543d20SAndroid Build Coastguard Worker }
158*2d543d20SAndroid Build Coastguard Worker /* Set lang_ext to lowercase in case a file with a mixed case extension was passed to libsemanage */
159*2d543d20SAndroid Build Coastguard Worker for (i = 0; lower_lang_ext[i] != '\0'; i++) {
160*2d543d20SAndroid Build Coastguard Worker lower_lang_ext[i] = tolower(lower_lang_ext[i]);
161*2d543d20SAndroid Build Coastguard Worker }
162*2d543d20SAndroid Build Coastguard Worker
163*2d543d20SAndroid Build Coastguard Worker len = strlen(sh->conf->compiler_directory_path) + strlen("/") + strlen(lower_lang_ext) + 1;
164*2d543d20SAndroid Build Coastguard Worker
165*2d543d20SAndroid Build Coastguard Worker compiler = malloc(len * sizeof(*compiler));
166*2d543d20SAndroid Build Coastguard Worker if (compiler == NULL) {
167*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Error allocating space for compiler path.");
168*2d543d20SAndroid Build Coastguard Worker status = -1;
169*2d543d20SAndroid Build Coastguard Worker goto cleanup;
170*2d543d20SAndroid Build Coastguard Worker }
171*2d543d20SAndroid Build Coastguard Worker
172*2d543d20SAndroid Build Coastguard Worker num_printed = snprintf(compiler, len, "%s/%s", sh->conf->compiler_directory_path, lower_lang_ext);
173*2d543d20SAndroid Build Coastguard Worker if (num_printed < 0 || (int)num_printed >= (int)len) {
174*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Error creating compiler path.");
175*2d543d20SAndroid Build Coastguard Worker status = -1;
176*2d543d20SAndroid Build Coastguard Worker goto cleanup;
177*2d543d20SAndroid Build Coastguard Worker }
178*2d543d20SAndroid Build Coastguard Worker
179*2d543d20SAndroid Build Coastguard Worker *compiler_path = compiler;
180*2d543d20SAndroid Build Coastguard Worker status = 0;
181*2d543d20SAndroid Build Coastguard Worker
182*2d543d20SAndroid Build Coastguard Worker cleanup:
183*2d543d20SAndroid Build Coastguard Worker free(lower_lang_ext);
184*2d543d20SAndroid Build Coastguard Worker if (status != 0) {
185*2d543d20SAndroid Build Coastguard Worker free(compiler);
186*2d543d20SAndroid Build Coastguard Worker }
187*2d543d20SAndroid Build Coastguard Worker
188*2d543d20SAndroid Build Coastguard Worker return status;
189*2d543d20SAndroid Build Coastguard Worker }
190*2d543d20SAndroid Build Coastguard Worker
semanage_set_create_store(semanage_handle_t * sh,int create_store)191*2d543d20SAndroid Build Coastguard Worker void semanage_set_create_store(semanage_handle_t * sh, int create_store)
192*2d543d20SAndroid Build Coastguard Worker {
193*2d543d20SAndroid Build Coastguard Worker
194*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
195*2d543d20SAndroid Build Coastguard Worker
196*2d543d20SAndroid Build Coastguard Worker sh->create_store = create_store;
197*2d543d20SAndroid Build Coastguard Worker return;
198*2d543d20SAndroid Build Coastguard Worker }
199*2d543d20SAndroid Build Coastguard Worker
semanage_get_disable_dontaudit(semanage_handle_t * sh)200*2d543d20SAndroid Build Coastguard Worker int semanage_get_disable_dontaudit(semanage_handle_t * sh)
201*2d543d20SAndroid Build Coastguard Worker {
202*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
203*2d543d20SAndroid Build Coastguard Worker
204*2d543d20SAndroid Build Coastguard Worker return sepol_get_disable_dontaudit(sh->sepolh);
205*2d543d20SAndroid Build Coastguard Worker }
206*2d543d20SAndroid Build Coastguard Worker
semanage_set_disable_dontaudit(semanage_handle_t * sh,int disable_dontaudit)207*2d543d20SAndroid Build Coastguard Worker void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
208*2d543d20SAndroid Build Coastguard Worker {
209*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
210*2d543d20SAndroid Build Coastguard Worker
211*2d543d20SAndroid Build Coastguard Worker sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
212*2d543d20SAndroid Build Coastguard Worker return;
213*2d543d20SAndroid Build Coastguard Worker }
214*2d543d20SAndroid Build Coastguard Worker
semanage_get_preserve_tunables(semanage_handle_t * sh)215*2d543d20SAndroid Build Coastguard Worker int semanage_get_preserve_tunables(semanage_handle_t * sh)
216*2d543d20SAndroid Build Coastguard Worker {
217*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
218*2d543d20SAndroid Build Coastguard Worker return sepol_get_preserve_tunables(sh->sepolh);
219*2d543d20SAndroid Build Coastguard Worker }
220*2d543d20SAndroid Build Coastguard Worker
semanage_set_preserve_tunables(semanage_handle_t * sh,int preserve_tunables)221*2d543d20SAndroid Build Coastguard Worker void semanage_set_preserve_tunables(semanage_handle_t * sh,
222*2d543d20SAndroid Build Coastguard Worker int preserve_tunables)
223*2d543d20SAndroid Build Coastguard Worker {
224*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
225*2d543d20SAndroid Build Coastguard Worker sepol_set_preserve_tunables(sh->sepolh, preserve_tunables);
226*2d543d20SAndroid Build Coastguard Worker }
227*2d543d20SAndroid Build Coastguard Worker
semanage_get_ignore_module_cache(semanage_handle_t * sh)228*2d543d20SAndroid Build Coastguard Worker int semanage_get_ignore_module_cache(semanage_handle_t *sh)
229*2d543d20SAndroid Build Coastguard Worker {
230*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
231*2d543d20SAndroid Build Coastguard Worker return sh->conf->ignore_module_cache;
232*2d543d20SAndroid Build Coastguard Worker }
233*2d543d20SAndroid Build Coastguard Worker
semanage_set_ignore_module_cache(semanage_handle_t * sh,int ignore_module_cache)234*2d543d20SAndroid Build Coastguard Worker void semanage_set_ignore_module_cache(semanage_handle_t *sh,
235*2d543d20SAndroid Build Coastguard Worker int ignore_module_cache)
236*2d543d20SAndroid Build Coastguard Worker {
237*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
238*2d543d20SAndroid Build Coastguard Worker sh->conf->ignore_module_cache = ignore_module_cache;
239*2d543d20SAndroid Build Coastguard Worker }
240*2d543d20SAndroid Build Coastguard Worker
semanage_set_check_contexts(semanage_handle_t * sh,int do_check_contexts)241*2d543d20SAndroid Build Coastguard Worker void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts)
242*2d543d20SAndroid Build Coastguard Worker {
243*2d543d20SAndroid Build Coastguard Worker
244*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
245*2d543d20SAndroid Build Coastguard Worker
246*2d543d20SAndroid Build Coastguard Worker sh->do_check_contexts = do_check_contexts;
247*2d543d20SAndroid Build Coastguard Worker return;
248*2d543d20SAndroid Build Coastguard Worker }
249*2d543d20SAndroid Build Coastguard Worker
semanage_get_default_priority(semanage_handle_t * sh)250*2d543d20SAndroid Build Coastguard Worker uint16_t semanage_get_default_priority(semanage_handle_t *sh)
251*2d543d20SAndroid Build Coastguard Worker {
252*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
253*2d543d20SAndroid Build Coastguard Worker return sh->priority;
254*2d543d20SAndroid Build Coastguard Worker }
255*2d543d20SAndroid Build Coastguard Worker
semanage_set_default_priority(semanage_handle_t * sh,uint16_t priority)256*2d543d20SAndroid Build Coastguard Worker int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority)
257*2d543d20SAndroid Build Coastguard Worker {
258*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
259*2d543d20SAndroid Build Coastguard Worker
260*2d543d20SAndroid Build Coastguard Worker /* Verify priority */
261*2d543d20SAndroid Build Coastguard Worker if (semanage_module_validate_priority(priority) < 0) {
262*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Priority %d is invalid.", priority);
263*2d543d20SAndroid Build Coastguard Worker return -1;
264*2d543d20SAndroid Build Coastguard Worker }
265*2d543d20SAndroid Build Coastguard Worker
266*2d543d20SAndroid Build Coastguard Worker sh->priority = priority;
267*2d543d20SAndroid Build Coastguard Worker return 0;
268*2d543d20SAndroid Build Coastguard Worker }
269*2d543d20SAndroid Build Coastguard Worker
semanage_is_connected(semanage_handle_t * sh)270*2d543d20SAndroid Build Coastguard Worker int semanage_is_connected(semanage_handle_t * sh)
271*2d543d20SAndroid Build Coastguard Worker {
272*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
273*2d543d20SAndroid Build Coastguard Worker return sh->is_connected;
274*2d543d20SAndroid Build Coastguard Worker }
275*2d543d20SAndroid Build Coastguard Worker
semanage_select_store(semanage_handle_t * sh,char * storename,enum semanage_connect_type storetype)276*2d543d20SAndroid Build Coastguard Worker void semanage_select_store(semanage_handle_t * sh, char *storename,
277*2d543d20SAndroid Build Coastguard Worker enum semanage_connect_type storetype)
278*2d543d20SAndroid Build Coastguard Worker {
279*2d543d20SAndroid Build Coastguard Worker
280*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
281*2d543d20SAndroid Build Coastguard Worker
282*2d543d20SAndroid Build Coastguard Worker /* This just sets the storename to what the user requests, no
283*2d543d20SAndroid Build Coastguard Worker verification of existence will be done until connect */
284*2d543d20SAndroid Build Coastguard Worker free(sh->conf->store_path);
285*2d543d20SAndroid Build Coastguard Worker sh->conf->store_path = strdup(storename);
286*2d543d20SAndroid Build Coastguard Worker assert(sh->conf->store_path); /* no way to return failure */
287*2d543d20SAndroid Build Coastguard Worker sh->conf->store_type = storetype;
288*2d543d20SAndroid Build Coastguard Worker
289*2d543d20SAndroid Build Coastguard Worker return;
290*2d543d20SAndroid Build Coastguard Worker }
291*2d543d20SAndroid Build Coastguard Worker
semanage_set_store_root(semanage_handle_t * sh,const char * store_root)292*2d543d20SAndroid Build Coastguard Worker void semanage_set_store_root(semanage_handle_t *sh, const char *store_root)
293*2d543d20SAndroid Build Coastguard Worker {
294*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
295*2d543d20SAndroid Build Coastguard Worker
296*2d543d20SAndroid Build Coastguard Worker free(sh->conf->store_root_path);
297*2d543d20SAndroid Build Coastguard Worker sh->conf->store_root_path = strdup(store_root);
298*2d543d20SAndroid Build Coastguard Worker assert(sh->conf->store_root_path); /* no way to return failure */
299*2d543d20SAndroid Build Coastguard Worker
300*2d543d20SAndroid Build Coastguard Worker return;
301*2d543d20SAndroid Build Coastguard Worker }
302*2d543d20SAndroid Build Coastguard Worker
semanage_is_managed(semanage_handle_t * sh)303*2d543d20SAndroid Build Coastguard Worker int semanage_is_managed(semanage_handle_t * sh)
304*2d543d20SAndroid Build Coastguard Worker {
305*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
306*2d543d20SAndroid Build Coastguard Worker if (sh->is_connected) {
307*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Already connected.");
308*2d543d20SAndroid Build Coastguard Worker return -1;
309*2d543d20SAndroid Build Coastguard Worker }
310*2d543d20SAndroid Build Coastguard Worker switch (sh->conf->store_type) {
311*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_CON_DIRECT:
312*2d543d20SAndroid Build Coastguard Worker return semanage_direct_is_managed(sh);
313*2d543d20SAndroid Build Coastguard Worker default:
314*2d543d20SAndroid Build Coastguard Worker ERR(sh,
315*2d543d20SAndroid Build Coastguard Worker "The connection type specified within your semanage.conf file has not been implemented yet.");
316*2d543d20SAndroid Build Coastguard Worker /* fall through */
317*2d543d20SAndroid Build Coastguard Worker }
318*2d543d20SAndroid Build Coastguard Worker return -1;
319*2d543d20SAndroid Build Coastguard Worker }
320*2d543d20SAndroid Build Coastguard Worker
semanage_mls_enabled(semanage_handle_t * sh)321*2d543d20SAndroid Build Coastguard Worker int semanage_mls_enabled(semanage_handle_t * sh)
322*2d543d20SAndroid Build Coastguard Worker {
323*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
324*2d543d20SAndroid Build Coastguard Worker switch (sh->conf->store_type) {
325*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_CON_DIRECT:
326*2d543d20SAndroid Build Coastguard Worker return semanage_direct_mls_enabled(sh);
327*2d543d20SAndroid Build Coastguard Worker default:
328*2d543d20SAndroid Build Coastguard Worker ERR(sh,
329*2d543d20SAndroid Build Coastguard Worker "The connection type specified within your semanage.conf file has not been implemented yet.");
330*2d543d20SAndroid Build Coastguard Worker /* fall through */
331*2d543d20SAndroid Build Coastguard Worker }
332*2d543d20SAndroid Build Coastguard Worker return -1;
333*2d543d20SAndroid Build Coastguard Worker }
334*2d543d20SAndroid Build Coastguard Worker
semanage_connect(semanage_handle_t * sh)335*2d543d20SAndroid Build Coastguard Worker int semanage_connect(semanage_handle_t * sh)
336*2d543d20SAndroid Build Coastguard Worker {
337*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
338*2d543d20SAndroid Build Coastguard Worker switch (sh->conf->store_type) {
339*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_CON_DIRECT:{
340*2d543d20SAndroid Build Coastguard Worker if (semanage_direct_connect(sh) < 0) {
341*2d543d20SAndroid Build Coastguard Worker return -1;
342*2d543d20SAndroid Build Coastguard Worker }
343*2d543d20SAndroid Build Coastguard Worker break;
344*2d543d20SAndroid Build Coastguard Worker }
345*2d543d20SAndroid Build Coastguard Worker default:{
346*2d543d20SAndroid Build Coastguard Worker ERR(sh,
347*2d543d20SAndroid Build Coastguard Worker "The connection type specified within your semanage.conf file has not been implemented yet.");
348*2d543d20SAndroid Build Coastguard Worker return -1;
349*2d543d20SAndroid Build Coastguard Worker }
350*2d543d20SAndroid Build Coastguard Worker }
351*2d543d20SAndroid Build Coastguard Worker sh->is_connected = 1;
352*2d543d20SAndroid Build Coastguard Worker return 0;
353*2d543d20SAndroid Build Coastguard Worker }
354*2d543d20SAndroid Build Coastguard Worker
semanage_access_check(semanage_handle_t * sh)355*2d543d20SAndroid Build Coastguard Worker int semanage_access_check(semanage_handle_t * sh)
356*2d543d20SAndroid Build Coastguard Worker {
357*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL);
358*2d543d20SAndroid Build Coastguard Worker switch (sh->conf->store_type) {
359*2d543d20SAndroid Build Coastguard Worker case SEMANAGE_CON_DIRECT:
360*2d543d20SAndroid Build Coastguard Worker return semanage_direct_access_check(sh);
361*2d543d20SAndroid Build Coastguard Worker default:
362*2d543d20SAndroid Build Coastguard Worker return -1;
363*2d543d20SAndroid Build Coastguard Worker }
364*2d543d20SAndroid Build Coastguard Worker
365*2d543d20SAndroid Build Coastguard Worker return -1; /* unreachable */
366*2d543d20SAndroid Build Coastguard Worker }
367*2d543d20SAndroid Build Coastguard Worker
368*2d543d20SAndroid Build Coastguard Worker
semanage_disconnect(semanage_handle_t * sh)369*2d543d20SAndroid Build Coastguard Worker int semanage_disconnect(semanage_handle_t * sh)
370*2d543d20SAndroid Build Coastguard Worker {
371*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL && sh->funcs != NULL
372*2d543d20SAndroid Build Coastguard Worker && sh->funcs->disconnect != NULL);
373*2d543d20SAndroid Build Coastguard Worker if (!sh->is_connected) {
374*2d543d20SAndroid Build Coastguard Worker return 0;
375*2d543d20SAndroid Build Coastguard Worker }
376*2d543d20SAndroid Build Coastguard Worker if (sh->funcs->disconnect(sh) < 0) {
377*2d543d20SAndroid Build Coastguard Worker return -1;
378*2d543d20SAndroid Build Coastguard Worker }
379*2d543d20SAndroid Build Coastguard Worker sh->is_in_transaction = 0;
380*2d543d20SAndroid Build Coastguard Worker sh->is_connected = 0;
381*2d543d20SAndroid Build Coastguard Worker sh->modules_modified = 0;
382*2d543d20SAndroid Build Coastguard Worker return 0;
383*2d543d20SAndroid Build Coastguard Worker }
384*2d543d20SAndroid Build Coastguard Worker
semanage_handle_destroy(semanage_handle_t * sh)385*2d543d20SAndroid Build Coastguard Worker void semanage_handle_destroy(semanage_handle_t * sh)
386*2d543d20SAndroid Build Coastguard Worker {
387*2d543d20SAndroid Build Coastguard Worker if (sh == NULL)
388*2d543d20SAndroid Build Coastguard Worker return;
389*2d543d20SAndroid Build Coastguard Worker
390*2d543d20SAndroid Build Coastguard Worker if (sh->funcs != NULL && sh->funcs->destroy != NULL)
391*2d543d20SAndroid Build Coastguard Worker sh->funcs->destroy(sh);
392*2d543d20SAndroid Build Coastguard Worker semanage_conf_destroy(sh->conf);
393*2d543d20SAndroid Build Coastguard Worker sepol_handle_destroy(sh->sepolh);
394*2d543d20SAndroid Build Coastguard Worker free(sh);
395*2d543d20SAndroid Build Coastguard Worker }
396*2d543d20SAndroid Build Coastguard Worker
397*2d543d20SAndroid Build Coastguard Worker
398*2d543d20SAndroid Build Coastguard Worker /********************* public transaction functions *********************/
semanage_begin_transaction(semanage_handle_t * sh)399*2d543d20SAndroid Build Coastguard Worker int semanage_begin_transaction(semanage_handle_t * sh)
400*2d543d20SAndroid Build Coastguard Worker {
401*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL && sh->funcs != NULL
402*2d543d20SAndroid Build Coastguard Worker && sh->funcs->begin_trans != NULL);
403*2d543d20SAndroid Build Coastguard Worker if (!sh->is_connected) {
404*2d543d20SAndroid Build Coastguard Worker ERR(sh, "Not connected.");
405*2d543d20SAndroid Build Coastguard Worker return -1;
406*2d543d20SAndroid Build Coastguard Worker }
407*2d543d20SAndroid Build Coastguard Worker if (sh->is_in_transaction) {
408*2d543d20SAndroid Build Coastguard Worker return 0;
409*2d543d20SAndroid Build Coastguard Worker }
410*2d543d20SAndroid Build Coastguard Worker
411*2d543d20SAndroid Build Coastguard Worker if (sh->funcs->begin_trans(sh) < 0) {
412*2d543d20SAndroid Build Coastguard Worker return -1;
413*2d543d20SAndroid Build Coastguard Worker }
414*2d543d20SAndroid Build Coastguard Worker sh->is_in_transaction = 1;
415*2d543d20SAndroid Build Coastguard Worker return 0;
416*2d543d20SAndroid Build Coastguard Worker }
417*2d543d20SAndroid Build Coastguard Worker
418*2d543d20SAndroid Build Coastguard Worker
semanage_commit(semanage_handle_t * sh)419*2d543d20SAndroid Build Coastguard Worker int semanage_commit(semanage_handle_t * sh)
420*2d543d20SAndroid Build Coastguard Worker {
421*2d543d20SAndroid Build Coastguard Worker int retval;
422*2d543d20SAndroid Build Coastguard Worker assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL);
423*2d543d20SAndroid Build Coastguard Worker if (!sh->is_in_transaction) {
424*2d543d20SAndroid Build Coastguard Worker ERR(sh,
425*2d543d20SAndroid Build Coastguard Worker "Will not commit because caller does not have a transaction lock yet.");
426*2d543d20SAndroid Build Coastguard Worker return -1;
427*2d543d20SAndroid Build Coastguard Worker }
428*2d543d20SAndroid Build Coastguard Worker retval = sh->funcs->commit(sh);
429*2d543d20SAndroid Build Coastguard Worker sh->is_in_transaction = 0;
430*2d543d20SAndroid Build Coastguard Worker sh->modules_modified = 0;
431*2d543d20SAndroid Build Coastguard Worker return retval;
432*2d543d20SAndroid Build Coastguard Worker }
433