1*2d543d20SAndroid Build Coastguard Worker /* Authors: Karl MacMillan <[email protected]> 2*2d543d20SAndroid Build Coastguard Worker * Joshua Brindle <[email protected]> 3*2d543d20SAndroid Build Coastguard Worker * Jason Tang <[email protected]> 4*2d543d20SAndroid Build Coastguard Worker * Christopher Ashworth <[email protected]> 5*2d543d20SAndroid Build Coastguard Worker * 6*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2004-2006 Tresys Technology, LLC 7*2d543d20SAndroid Build Coastguard Worker * Copyright (C) 2005 Red Hat, Inc. 8*2d543d20SAndroid Build Coastguard Worker * 9*2d543d20SAndroid Build Coastguard Worker * This library is free software; you can redistribute it and/or 10*2d543d20SAndroid Build Coastguard Worker * modify it under the terms of the GNU Lesser General Public 11*2d543d20SAndroid Build Coastguard Worker * License as published by the Free Software Foundation; either 12*2d543d20SAndroid Build Coastguard Worker * version 2.1 of the License, or (at your option) any later version. 13*2d543d20SAndroid Build Coastguard Worker * 14*2d543d20SAndroid Build Coastguard Worker * This library is distributed in the hope that it will be useful, 15*2d543d20SAndroid Build Coastguard Worker * but WITHOUT ANY WARRANTY; without even the implied warranty of 16*2d543d20SAndroid Build Coastguard Worker * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17*2d543d20SAndroid Build Coastguard Worker * Lesser General Public License for more details. 18*2d543d20SAndroid Build Coastguard Worker * 19*2d543d20SAndroid Build Coastguard Worker * You should have received a copy of the GNU Lesser General Public 20*2d543d20SAndroid Build Coastguard Worker * License along with this library; if not, write to the Free Software 21*2d543d20SAndroid Build Coastguard Worker * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 22*2d543d20SAndroid Build Coastguard Worker */ 23*2d543d20SAndroid Build Coastguard Worker 24*2d543d20SAndroid Build Coastguard Worker #ifndef SEMANAGE_MODULE_STORE_H 25*2d543d20SAndroid Build Coastguard Worker #define SEMANAGE_MODULE_STORE_H 26*2d543d20SAndroid Build Coastguard Worker 27*2d543d20SAndroid Build Coastguard Worker #include <stdbool.h> 28*2d543d20SAndroid Build Coastguard Worker #include <sys/time.h> 29*2d543d20SAndroid Build Coastguard Worker #include <sepol/module.h> 30*2d543d20SAndroid Build Coastguard Worker #include <sepol/cil/cil.h> 31*2d543d20SAndroid Build Coastguard Worker #include "handle.h" 32*2d543d20SAndroid Build Coastguard Worker 33*2d543d20SAndroid Build Coastguard Worker enum semanage_store_defs { 34*2d543d20SAndroid Build Coastguard Worker SEMANAGE_ACTIVE, 35*2d543d20SAndroid Build Coastguard Worker SEMANAGE_PREVIOUS, 36*2d543d20SAndroid Build Coastguard Worker SEMANAGE_TMP, 37*2d543d20SAndroid Build Coastguard Worker SEMANAGE_NUM_STORES 38*2d543d20SAndroid Build Coastguard Worker }; 39*2d543d20SAndroid Build Coastguard Worker 40*2d543d20SAndroid Build Coastguard Worker /* sandbox filenames and paths */ 41*2d543d20SAndroid Build Coastguard Worker enum semanage_sandbox_defs { 42*2d543d20SAndroid Build Coastguard Worker SEMANAGE_TOPLEVEL, 43*2d543d20SAndroid Build Coastguard Worker SEMANAGE_MODULES, 44*2d543d20SAndroid Build Coastguard Worker SEMANAGE_LINKED, 45*2d543d20SAndroid Build Coastguard Worker SEMANAGE_HOMEDIR_TMPL, 46*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_TMPL, 47*2d543d20SAndroid Build Coastguard Worker SEMANAGE_COMMIT_NUM_FILE, 48*2d543d20SAndroid Build Coastguard Worker SEMANAGE_IBPKEYS_LOCAL, 49*2d543d20SAndroid Build Coastguard Worker SEMANAGE_IBENDPORTS_LOCAL, 50*2d543d20SAndroid Build Coastguard Worker SEMANAGE_PORTS_LOCAL, 51*2d543d20SAndroid Build Coastguard Worker SEMANAGE_INTERFACES_LOCAL, 52*2d543d20SAndroid Build Coastguard Worker SEMANAGE_NODES_LOCAL, 53*2d543d20SAndroid Build Coastguard Worker SEMANAGE_BOOLEANS_LOCAL, 54*2d543d20SAndroid Build Coastguard Worker SEMANAGE_SEUSERS_LOCAL, 55*2d543d20SAndroid Build Coastguard Worker SEMANAGE_SEUSERS_LINKED, 56*2d543d20SAndroid Build Coastguard Worker SEMANAGE_USERS_BASE_LOCAL, 57*2d543d20SAndroid Build Coastguard Worker SEMANAGE_USERS_EXTRA_LOCAL, 58*2d543d20SAndroid Build Coastguard Worker SEMANAGE_USERS_EXTRA_LINKED, 59*2d543d20SAndroid Build Coastguard Worker SEMANAGE_USERS_EXTRA, 60*2d543d20SAndroid Build Coastguard Worker SEMANAGE_DISABLE_DONTAUDIT, 61*2d543d20SAndroid Build Coastguard Worker SEMANAGE_PRESERVE_TUNABLES, 62*2d543d20SAndroid Build Coastguard Worker SEMANAGE_MODULES_DISABLED, 63*2d543d20SAndroid Build Coastguard Worker SEMANAGE_MODULES_CHECKSUM, 64*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_KERNEL, 65*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_FC_LOCAL, 66*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_FC_HOMEDIRS, 67*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_FC, 68*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_SEUSERS, 69*2d543d20SAndroid Build Coastguard Worker SEMANAGE_STORE_NUM_PATHS 70*2d543d20SAndroid Build Coastguard Worker }; 71*2d543d20SAndroid Build Coastguard Worker 72*2d543d20SAndroid Build Coastguard Worker enum semanage_final_defs { 73*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FINAL_TMP, 74*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FINAL_SELINUX, 75*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FINAL_NUM 76*2d543d20SAndroid Build Coastguard Worker }; 77*2d543d20SAndroid Build Coastguard Worker 78*2d543d20SAndroid Build Coastguard Worker enum semanage_final_path_defs { 79*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FINAL_TOPLEVEL, 80*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC, 81*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_BIN, 82*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_HOMEDIRS, 83*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_HOMEDIRS_BIN, 84*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_LOCAL, 85*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FC_LOCAL_BIN, 86*2d543d20SAndroid Build Coastguard Worker SEMANAGE_KERNEL, 87*2d543d20SAndroid Build Coastguard Worker SEMANAGE_NC, 88*2d543d20SAndroid Build Coastguard Worker SEMANAGE_SEUSERS, 89*2d543d20SAndroid Build Coastguard Worker SEMANAGE_FINAL_PATH_NUM 90*2d543d20SAndroid Build Coastguard Worker }; 91*2d543d20SAndroid Build Coastguard Worker 92*2d543d20SAndroid Build Coastguard Worker /* FIXME: this needs to be made a module store specific init and the 93*2d543d20SAndroid Build Coastguard Worker * global configuration moved to another file. 94*2d543d20SAndroid Build Coastguard Worker */ 95*2d543d20SAndroid Build Coastguard Worker char *semanage_conf_path(void); 96*2d543d20SAndroid Build Coastguard Worker 97*2d543d20SAndroid Build Coastguard Worker int semanage_check_init(semanage_handle_t *sh, const char *prefix); 98*2d543d20SAndroid Build Coastguard Worker 99*2d543d20SAndroid Build Coastguard Worker extern const char *semanage_fname(enum semanage_sandbox_defs file_enum); 100*2d543d20SAndroid Build Coastguard Worker 101*2d543d20SAndroid Build Coastguard Worker extern const char *semanage_path(enum semanage_store_defs store, 102*2d543d20SAndroid Build Coastguard Worker enum semanage_sandbox_defs file); 103*2d543d20SAndroid Build Coastguard Worker 104*2d543d20SAndroid Build Coastguard Worker extern const char *semanage_final_path(enum semanage_final_defs root, 105*2d543d20SAndroid Build Coastguard Worker enum semanage_final_path_defs suffix); 106*2d543d20SAndroid Build Coastguard Worker 107*2d543d20SAndroid Build Coastguard Worker int semanage_create_store(semanage_handle_t * sh, int create); 108*2d543d20SAndroid Build Coastguard Worker 109*2d543d20SAndroid Build Coastguard Worker int semanage_store_access_check(void); 110*2d543d20SAndroid Build Coastguard Worker 111*2d543d20SAndroid Build Coastguard Worker int semanage_remove_directory(const char *path); 112*2d543d20SAndroid Build Coastguard Worker 113*2d543d20SAndroid Build Coastguard Worker int semanage_mkdir(semanage_handle_t *sh, const char *path); 114*2d543d20SAndroid Build Coastguard Worker 115*2d543d20SAndroid Build Coastguard Worker int semanage_mkpath(semanage_handle_t *sh, const char *path); 116*2d543d20SAndroid Build Coastguard Worker 117*2d543d20SAndroid Build Coastguard Worker int semanage_make_sandbox(semanage_handle_t * sh); 118*2d543d20SAndroid Build Coastguard Worker 119*2d543d20SAndroid Build Coastguard Worker int semanage_make_final(semanage_handle_t * sh); 120*2d543d20SAndroid Build Coastguard Worker 121*2d543d20SAndroid Build Coastguard Worker int semanage_get_cil_paths(semanage_handle_t * sh, semanage_module_info_t *modinfos, 122*2d543d20SAndroid Build Coastguard Worker int len, char ***filenames); 123*2d543d20SAndroid Build Coastguard Worker 124*2d543d20SAndroid Build Coastguard Worker int semanage_get_active_modules(semanage_handle_t *sh, 125*2d543d20SAndroid Build Coastguard Worker semanage_module_info_t **modinfo, int *num_modules); 126*2d543d20SAndroid Build Coastguard Worker 127*2d543d20SAndroid Build Coastguard Worker void semanage_setfiles(const char *path); 128*2d543d20SAndroid Build Coastguard Worker 129*2d543d20SAndroid Build Coastguard Worker /* lock file routines */ 130*2d543d20SAndroid Build Coastguard Worker int semanage_get_trans_lock(semanage_handle_t * sh); 131*2d543d20SAndroid Build Coastguard Worker int semanage_get_active_lock(semanage_handle_t * sh); 132*2d543d20SAndroid Build Coastguard Worker void semanage_release_trans_lock(semanage_handle_t * sh); 133*2d543d20SAndroid Build Coastguard Worker void semanage_release_active_lock(semanage_handle_t * sh); 134*2d543d20SAndroid Build Coastguard Worker int semanage_direct_get_serial(semanage_handle_t * sh); 135*2d543d20SAndroid Build Coastguard Worker 136*2d543d20SAndroid Build Coastguard Worker int semanage_load_files(semanage_handle_t * sh, 137*2d543d20SAndroid Build Coastguard Worker cil_db_t *cildb, char **filenames, int num_modules); 138*2d543d20SAndroid Build Coastguard Worker 139*2d543d20SAndroid Build Coastguard Worker int semanage_read_policydb(semanage_handle_t * sh, 140*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t * policydb, 141*2d543d20SAndroid Build Coastguard Worker enum semanage_sandbox_defs file); 142*2d543d20SAndroid Build Coastguard Worker 143*2d543d20SAndroid Build Coastguard Worker int semanage_write_policydb(semanage_handle_t * sh, 144*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t * policydb, 145*2d543d20SAndroid Build Coastguard Worker enum semanage_sandbox_defs file); 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Worker int semanage_install_sandbox(semanage_handle_t * sh); 148*2d543d20SAndroid Build Coastguard Worker 149*2d543d20SAndroid Build Coastguard Worker int semanage_verify_modules(semanage_handle_t * sh, 150*2d543d20SAndroid Build Coastguard Worker char **module_filenames, int num_modules); 151*2d543d20SAndroid Build Coastguard Worker 152*2d543d20SAndroid Build Coastguard Worker int semanage_verify_linked(semanage_handle_t * sh); 153*2d543d20SAndroid Build Coastguard Worker int semanage_verify_kernel(semanage_handle_t * sh); 154*2d543d20SAndroid Build Coastguard Worker int semanage_split_fc(semanage_handle_t * sh); 155*2d543d20SAndroid Build Coastguard Worker 156*2d543d20SAndroid Build Coastguard Worker /* sort file context routines */ 157*2d543d20SAndroid Build Coastguard Worker int semanage_fc_sort(semanage_handle_t * sh, 158*2d543d20SAndroid Build Coastguard Worker const char *buf, 159*2d543d20SAndroid Build Coastguard Worker size_t buf_len, 160*2d543d20SAndroid Build Coastguard Worker char **sorted_buf, size_t * sorted_buf_len); 161*2d543d20SAndroid Build Coastguard Worker 162*2d543d20SAndroid Build Coastguard Worker /* sort netfilter context routines */ 163*2d543d20SAndroid Build Coastguard Worker int semanage_nc_sort(semanage_handle_t * sh, 164*2d543d20SAndroid Build Coastguard Worker const char *buf, 165*2d543d20SAndroid Build Coastguard Worker size_t buf_len, 166*2d543d20SAndroid Build Coastguard Worker char **sorted_buf, size_t * sorted_buf_len); 167*2d543d20SAndroid Build Coastguard Worker 168*2d543d20SAndroid Build Coastguard Worker int semanage_copy_file(const char *src, const char *dst, mode_t mode, 169*2d543d20SAndroid Build Coastguard Worker bool syncrequired); 170*2d543d20SAndroid Build Coastguard Worker 171*2d543d20SAndroid Build Coastguard Worker #endif 172