1*2d543d20SAndroid Build Coastguard Worker /* Author: Joshua Brindle <[email protected]> 2*2d543d20SAndroid Build Coastguard Worker * Jason Tang <[email protected]> 3*2d543d20SAndroid Build Coastguard Worker * Ivan Gyurdiev <[email protected]> 4*2d543d20SAndroid Build Coastguard Worker * 5*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2005 Tresys Technology, LLC 6*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2005 Red Hat Inc. 7*2d543d20SAndroid Build Coastguard Worker * 8*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or 9*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public 10*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either 11*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version. 12*2d543d20SAndroid Build Coastguard Worker * 13*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful, 14*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 15*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details. 17*2d543d20SAndroid Build Coastguard Worker * 18*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public 19*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software 20*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 21*2d543d20SAndroid Build Coastguard Worker */ 22*2d543d20SAndroid Build Coastguard Worker 23*2d543d20SAndroid Build Coastguard Worker #ifndef _SEMANAGE_INTERNAL_HANDLE_H_ 24*2d543d20SAndroid Build Coastguard Worker #define _SEMANAGE_INTERNAL_HANDLE_H_ 25*2d543d20SAndroid Build Coastguard Worker 26*2d543d20SAndroid Build Coastguard Worker #include <stdint.h> 27*2d543d20SAndroid Build Coastguard Worker #include <stddef.h> 28*2d543d20SAndroid Build Coastguard Worker #include <sepol/handle.h> 29*2d543d20SAndroid Build Coastguard Worker #include "modules.h" 30*2d543d20SAndroid Build Coastguard Worker #include "semanage_conf.h" 31*2d543d20SAndroid Build Coastguard Worker #include "database.h" 32*2d543d20SAndroid Build Coastguard Worker #include "direct_api.h" 33*2d543d20SAndroid Build Coastguard Worker #include "policy.h" 34*2d543d20SAndroid Build Coastguard Worker 35*2d543d20SAndroid Build Coastguard Worker struct semanage_handle { 36*2d543d20SAndroid Build Coastguard Worker int con_id; /* Connection ID */ 37*2d543d20SAndroid Build Coastguard Worker 38*2d543d20SAndroid Build Coastguard Worker /* Error handling */ 39*2d543d20SAndroid Build Coastguard Worker int msg_level; 40*2d543d20SAndroid Build Coastguard Worker const char *msg_channel; 41*2d543d20SAndroid Build Coastguard Worker const char *msg_fname; 42*2d543d20SAndroid Build Coastguard Worker #ifdef __GNUC__ 43*2d543d20SAndroid Build Coastguard Worker __attribute__ ((format(printf, 3, 4))) 44*2d543d20SAndroid Build Coastguard Worker #endif 45*2d543d20SAndroid Build Coastguard Worker void (*msg_callback) (void *varg, 46*2d543d20SAndroid Build Coastguard Worker semanage_handle_t * handle, const char *fmt, ...); 47*2d543d20SAndroid Build Coastguard Worker void *msg_callback_arg; 48*2d543d20SAndroid Build Coastguard Worker 49*2d543d20SAndroid Build Coastguard Worker /* Direct vs Server specific handle */ 50*2d543d20SAndroid Build Coastguard Worker union { 51*2d543d20SAndroid Build Coastguard Worker struct semanage_direct_handle direct; 52*2d543d20SAndroid Build Coastguard Worker } u; 53*2d543d20SAndroid Build Coastguard Worker 54*2d543d20SAndroid Build Coastguard Worker /* Libsepol handle */ 55*2d543d20SAndroid Build Coastguard Worker sepol_handle_t *sepolh; 56*2d543d20SAndroid Build Coastguard Worker 57*2d543d20SAndroid Build Coastguard Worker semanage_conf_t *conf; 58*2d543d20SAndroid Build Coastguard Worker 59*2d543d20SAndroid Build Coastguard Worker uint16_t priority; 60*2d543d20SAndroid Build Coastguard Worker int is_connected; 61*2d543d20SAndroid Build Coastguard Worker int is_in_transaction; 62*2d543d20SAndroid Build Coastguard Worker int do_reload; /* whether to reload policy after commit */ 63*2d543d20SAndroid Build Coastguard Worker int do_rebuild; /* whether to rebuild policy if there were no changes */ 64*2d543d20SAndroid Build Coastguard Worker int check_ext_changes; /* whether to rebuild if external changes are detected via checksum */ 65*2d543d20SAndroid Build Coastguard Worker int commit_err; /* set by semanage_direct_commit() if there are 66*2d543d20SAndroid Build Coastguard Worker * any errors when building or committing the 67*2d543d20SAndroid Build Coastguard Worker * sandbox to kernel policy at /etc/selinux 68*2d543d20SAndroid Build Coastguard Worker */ 69*2d543d20SAndroid Build Coastguard Worker int modules_modified; 70*2d543d20SAndroid Build Coastguard Worker int create_store; /* whether to create the store if it does not exist 71*2d543d20SAndroid Build Coastguard Worker * this will only have an effect on direct connections */ 72*2d543d20SAndroid Build Coastguard Worker int do_check_contexts; /* whether to run setfiles check the file contexts file */ 73*2d543d20SAndroid Build Coastguard Worker 74*2d543d20SAndroid Build Coastguard Worker /* This timeout is used for transactions and waiting for lock 75*2d543d20SAndroid Build Coastguard Worker -1 means wait indefinitely 76*2d543d20SAndroid Build Coastguard Worker 0 means return immediately 77*2d543d20SAndroid Build Coastguard Worker >0 means wait that many seconds */ 78*2d543d20SAndroid Build Coastguard Worker int timeout; 79*2d543d20SAndroid Build Coastguard Worker 80*2d543d20SAndroid Build Coastguard Worker /* these function pointers will point to the appropriate 81*2d543d20SAndroid Build Coastguard Worker * routine given the connection type. think of these as 82*2d543d20SAndroid Build Coastguard Worker * simulating polymorphism for non-OO languages. */ 83*2d543d20SAndroid Build Coastguard Worker struct semanage_policy_table *funcs; 84*2d543d20SAndroid Build Coastguard Worker 85*2d543d20SAndroid Build Coastguard Worker /* Object databases */ 86*2d543d20SAndroid Build Coastguard Worker #define DBASE_COUNT 24 87*2d543d20SAndroid Build Coastguard Worker 88*2d543d20SAndroid Build Coastguard Worker /* Local modifications */ 89*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_USERS_BASE 0 90*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_USERS_EXTRA 1 91*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_USERS 2 92*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_PORTS 3 93*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_INTERFACES 4 94*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_BOOLEANS 5 95*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_FCONTEXTS 6 96*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_SEUSERS 7 97*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_NODES 8 98*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_IBPKEYS 9 99*2d543d20SAndroid Build Coastguard Worker #define DBASE_LOCAL_IBENDPORTS 10 100*2d543d20SAndroid Build Coastguard Worker 101*2d543d20SAndroid Build Coastguard Worker /* Policy + Local modifications */ 102*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_USERS_BASE 11 103*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_USERS_EXTRA 12 104*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_USERS 13 105*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_PORTS 14 106*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_INTERFACES 15 107*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_BOOLEANS 16 108*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_FCONTEXTS 17 109*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_FCONTEXTS_H 18 110*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_SEUSERS 19 111*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_NODES 20 112*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_IBPKEYS 21 113*2d543d20SAndroid Build Coastguard Worker #define DBASE_POLICY_IBENDPORTS 22 114*2d543d20SAndroid Build Coastguard Worker 115*2d543d20SAndroid Build Coastguard Worker /* Active kernel policy */ 116*2d543d20SAndroid Build Coastguard Worker #define DBASE_ACTIVE_BOOLEANS 23 117*2d543d20SAndroid Build Coastguard Worker dbase_config_t dbase[DBASE_COUNT]; 118*2d543d20SAndroid Build Coastguard Worker }; 119*2d543d20SAndroid Build Coastguard Worker 120*2d543d20SAndroid Build Coastguard Worker /* === Local modifications === */ 121*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_base_dbase_local(semanage_handle_t * handle)122*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle) 123*2d543d20SAndroid Build Coastguard Worker { 124*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_USERS_BASE]; 125*2d543d20SAndroid Build Coastguard Worker } 126*2d543d20SAndroid Build Coastguard Worker 127*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_extra_dbase_local(semanage_handle_t * handle)128*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_extra_dbase_local(semanage_handle_t * handle) 129*2d543d20SAndroid Build Coastguard Worker { 130*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_USERS_EXTRA]; 131*2d543d20SAndroid Build Coastguard Worker } 132*2d543d20SAndroid Build Coastguard Worker 133*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_dbase_local(semanage_handle_t * handle)134*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_dbase_local(semanage_handle_t * handle) 135*2d543d20SAndroid Build Coastguard Worker { 136*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_USERS]; 137*2d543d20SAndroid Build Coastguard Worker } 138*2d543d20SAndroid Build Coastguard Worker 139*2d543d20SAndroid Build Coastguard Worker static inline semanage_port_dbase_local(semanage_handle_t * handle)140*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_port_dbase_local(semanage_handle_t * handle) 141*2d543d20SAndroid Build Coastguard Worker { 142*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_PORTS]; 143*2d543d20SAndroid Build Coastguard Worker } 144*2d543d20SAndroid Build Coastguard Worker 145*2d543d20SAndroid Build Coastguard Worker static inline semanage_ibpkey_dbase_local(semanage_handle_t * handle)146*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_ibpkey_dbase_local(semanage_handle_t * handle) 147*2d543d20SAndroid Build Coastguard Worker { 148*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_IBPKEYS]; 149*2d543d20SAndroid Build Coastguard Worker } 150*2d543d20SAndroid Build Coastguard Worker 151*2d543d20SAndroid Build Coastguard Worker static inline semanage_ibendport_dbase_local(semanage_handle_t * handle)152*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_ibendport_dbase_local(semanage_handle_t * handle) 153*2d543d20SAndroid Build Coastguard Worker { 154*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_IBENDPORTS]; 155*2d543d20SAndroid Build Coastguard Worker } 156*2d543d20SAndroid Build Coastguard Worker 157*2d543d20SAndroid Build Coastguard Worker static inline semanage_iface_dbase_local(semanage_handle_t * handle)158*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle) 159*2d543d20SAndroid Build Coastguard Worker { 160*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_INTERFACES]; 161*2d543d20SAndroid Build Coastguard Worker } 162*2d543d20SAndroid Build Coastguard Worker 163*2d543d20SAndroid Build Coastguard Worker static inline semanage_bool_dbase_local(semanage_handle_t * handle)164*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_bool_dbase_local(semanage_handle_t * handle) 165*2d543d20SAndroid Build Coastguard Worker { 166*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_BOOLEANS]; 167*2d543d20SAndroid Build Coastguard Worker } 168*2d543d20SAndroid Build Coastguard Worker 169*2d543d20SAndroid Build Coastguard Worker static inline semanage_fcontext_dbase_local(semanage_handle_t * handle)170*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_fcontext_dbase_local(semanage_handle_t * handle) 171*2d543d20SAndroid Build Coastguard Worker { 172*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_FCONTEXTS]; 173*2d543d20SAndroid Build Coastguard Worker } 174*2d543d20SAndroid Build Coastguard Worker 175*2d543d20SAndroid Build Coastguard Worker static inline semanage_seuser_dbase_local(semanage_handle_t * handle)176*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_seuser_dbase_local(semanage_handle_t * handle) 177*2d543d20SAndroid Build Coastguard Worker { 178*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_SEUSERS]; 179*2d543d20SAndroid Build Coastguard Worker } 180*2d543d20SAndroid Build Coastguard Worker 181*2d543d20SAndroid Build Coastguard Worker static inline semanage_node_dbase_local(semanage_handle_t * handle)182*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_node_dbase_local(semanage_handle_t * handle) 183*2d543d20SAndroid Build Coastguard Worker { 184*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_LOCAL_NODES]; 185*2d543d20SAndroid Build Coastguard Worker } 186*2d543d20SAndroid Build Coastguard Worker 187*2d543d20SAndroid Build Coastguard Worker /* === Policy + Local modifications === */ 188*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_base_dbase_policy(semanage_handle_t * handle)189*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_base_dbase_policy(semanage_handle_t * handle) 190*2d543d20SAndroid Build Coastguard Worker { 191*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_USERS_BASE]; 192*2d543d20SAndroid Build Coastguard Worker } 193*2d543d20SAndroid Build Coastguard Worker 194*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_extra_dbase_policy(semanage_handle_t * handle)195*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_extra_dbase_policy(semanage_handle_t * 196*2d543d20SAndroid Build Coastguard Worker handle) 197*2d543d20SAndroid Build Coastguard Worker { 198*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_USERS_EXTRA]; 199*2d543d20SAndroid Build Coastguard Worker } 200*2d543d20SAndroid Build Coastguard Worker 201*2d543d20SAndroid Build Coastguard Worker static inline semanage_user_dbase_policy(semanage_handle_t * handle)202*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_user_dbase_policy(semanage_handle_t * handle) 203*2d543d20SAndroid Build Coastguard Worker { 204*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_USERS]; 205*2d543d20SAndroid Build Coastguard Worker } 206*2d543d20SAndroid Build Coastguard Worker 207*2d543d20SAndroid Build Coastguard Worker static inline semanage_port_dbase_policy(semanage_handle_t * handle)208*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_port_dbase_policy(semanage_handle_t * handle) 209*2d543d20SAndroid Build Coastguard Worker { 210*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_PORTS]; 211*2d543d20SAndroid Build Coastguard Worker } 212*2d543d20SAndroid Build Coastguard Worker 213*2d543d20SAndroid Build Coastguard Worker static inline semanage_ibpkey_dbase_policy(semanage_handle_t * handle)214*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_ibpkey_dbase_policy(semanage_handle_t * handle) 215*2d543d20SAndroid Build Coastguard Worker { 216*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_IBPKEYS]; 217*2d543d20SAndroid Build Coastguard Worker } 218*2d543d20SAndroid Build Coastguard Worker 219*2d543d20SAndroid Build Coastguard Worker static inline semanage_ibendport_dbase_policy(semanage_handle_t * handle)220*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_ibendport_dbase_policy(semanage_handle_t * handle) 221*2d543d20SAndroid Build Coastguard Worker { 222*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_IBENDPORTS]; 223*2d543d20SAndroid Build Coastguard Worker } 224*2d543d20SAndroid Build Coastguard Worker 225*2d543d20SAndroid Build Coastguard Worker static inline semanage_iface_dbase_policy(semanage_handle_t * handle)226*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle) 227*2d543d20SAndroid Build Coastguard Worker { 228*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_INTERFACES]; 229*2d543d20SAndroid Build Coastguard Worker } 230*2d543d20SAndroid Build Coastguard Worker 231*2d543d20SAndroid Build Coastguard Worker static inline semanage_bool_dbase_policy(semanage_handle_t * handle)232*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_bool_dbase_policy(semanage_handle_t * handle) 233*2d543d20SAndroid Build Coastguard Worker { 234*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_BOOLEANS]; 235*2d543d20SAndroid Build Coastguard Worker } 236*2d543d20SAndroid Build Coastguard Worker 237*2d543d20SAndroid Build Coastguard Worker static inline semanage_fcontext_dbase_policy(semanage_handle_t * handle)238*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_fcontext_dbase_policy(semanage_handle_t * handle) 239*2d543d20SAndroid Build Coastguard Worker { 240*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_FCONTEXTS]; 241*2d543d20SAndroid Build Coastguard Worker } 242*2d543d20SAndroid Build Coastguard Worker 243*2d543d20SAndroid Build Coastguard Worker static inline semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)244*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) 245*2d543d20SAndroid Build Coastguard Worker { 246*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; 247*2d543d20SAndroid Build Coastguard Worker } 248*2d543d20SAndroid Build Coastguard Worker 249*2d543d20SAndroid Build Coastguard Worker static inline semanage_seuser_dbase_policy(semanage_handle_t * handle)250*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) 251*2d543d20SAndroid Build Coastguard Worker { 252*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_SEUSERS]; 253*2d543d20SAndroid Build Coastguard Worker } 254*2d543d20SAndroid Build Coastguard Worker 255*2d543d20SAndroid Build Coastguard Worker static inline semanage_node_dbase_policy(semanage_handle_t * handle)256*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_node_dbase_policy(semanage_handle_t * handle) 257*2d543d20SAndroid Build Coastguard Worker { 258*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_POLICY_NODES]; 259*2d543d20SAndroid Build Coastguard Worker } 260*2d543d20SAndroid Build Coastguard Worker 261*2d543d20SAndroid Build Coastguard Worker /* === Active kernel policy === */ 262*2d543d20SAndroid Build Coastguard Worker static inline semanage_bool_dbase_active(semanage_handle_t * handle)263*2d543d20SAndroid Build Coastguard Worker dbase_config_t * semanage_bool_dbase_active(semanage_handle_t * handle) 264*2d543d20SAndroid Build Coastguard Worker { 265*2d543d20SAndroid Build Coastguard Worker return &handle->dbase[DBASE_ACTIVE_BOOLEANS]; 266*2d543d20SAndroid Build Coastguard Worker } 267*2d543d20SAndroid Build Coastguard Worker 268*2d543d20SAndroid Build Coastguard Worker #endif 269