1*2d543d20SAndroid Build Coastguard Worker #ifndef _SEPOL_POLICYDB_H_ 2*2d543d20SAndroid Build Coastguard Worker #define _SEPOL_POLICYDB_H_ 3*2d543d20SAndroid Build Coastguard Worker 4*2d543d20SAndroid Build Coastguard Worker #include <stddef.h> 5*2d543d20SAndroid Build Coastguard Worker #include <stdio.h> 6*2d543d20SAndroid Build Coastguard Worker 7*2d543d20SAndroid Build Coastguard Worker #include <sepol/handle.h> 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 10*2d543d20SAndroid Build Coastguard Worker extern "C" { 11*2d543d20SAndroid Build Coastguard Worker #endif 12*2d543d20SAndroid Build Coastguard Worker 13*2d543d20SAndroid Build Coastguard Worker struct sepol_policy_file; 14*2d543d20SAndroid Build Coastguard Worker typedef struct sepol_policy_file sepol_policy_file_t; 15*2d543d20SAndroid Build Coastguard Worker 16*2d543d20SAndroid Build Coastguard Worker struct sepol_policydb; 17*2d543d20SAndroid Build Coastguard Worker typedef struct sepol_policydb sepol_policydb_t; 18*2d543d20SAndroid Build Coastguard Worker 19*2d543d20SAndroid Build Coastguard Worker /* Policy file public interfaces. */ 20*2d543d20SAndroid Build Coastguard Worker 21*2d543d20SAndroid Build Coastguard Worker /* Create and free memory associated with a policy file. */ 22*2d543d20SAndroid Build Coastguard Worker extern int sepol_policy_file_create(sepol_policy_file_t ** pf); 23*2d543d20SAndroid Build Coastguard Worker extern void sepol_policy_file_free(sepol_policy_file_t * pf); 24*2d543d20SAndroid Build Coastguard Worker 25*2d543d20SAndroid Build Coastguard Worker /* 26*2d543d20SAndroid Build Coastguard Worker * Set the policy file to represent a binary policy memory image. 27*2d543d20SAndroid Build Coastguard Worker * Subsequent operations using the policy file will read and write 28*2d543d20SAndroid Build Coastguard Worker * the image located at the specified address with the specified length. 29*2d543d20SAndroid Build Coastguard Worker * If 'len' is 0, then merely compute the necessary length upon 30*2d543d20SAndroid Build Coastguard Worker * subsequent policydb write operations in order to determine the 31*2d543d20SAndroid Build Coastguard Worker * necessary buffer size to allocate. 32*2d543d20SAndroid Build Coastguard Worker */ 33*2d543d20SAndroid Build Coastguard Worker extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf, 34*2d543d20SAndroid Build Coastguard Worker char *data, size_t len); 35*2d543d20SAndroid Build Coastguard Worker 36*2d543d20SAndroid Build Coastguard Worker /* 37*2d543d20SAndroid Build Coastguard Worker * Get the size of the buffer needed to store a policydb write 38*2d543d20SAndroid Build Coastguard Worker * previously done on this policy file. 39*2d543d20SAndroid Build Coastguard Worker */ 40*2d543d20SAndroid Build Coastguard Worker extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len); 41*2d543d20SAndroid Build Coastguard Worker 42*2d543d20SAndroid Build Coastguard Worker /* 43*2d543d20SAndroid Build Coastguard Worker * Set the policy file to represent a FILE. 44*2d543d20SAndroid Build Coastguard Worker * Subsequent operations using the policy file will read and write 45*2d543d20SAndroid Build Coastguard Worker * to the FILE. 46*2d543d20SAndroid Build Coastguard Worker */ 47*2d543d20SAndroid Build Coastguard Worker extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp); 48*2d543d20SAndroid Build Coastguard Worker 49*2d543d20SAndroid Build Coastguard Worker /* 50*2d543d20SAndroid Build Coastguard Worker * Associate a handle with a policy file, for use in 51*2d543d20SAndroid Build Coastguard Worker * error reporting from subsequent calls that take the 52*2d543d20SAndroid Build Coastguard Worker * policy file as an argument. 53*2d543d20SAndroid Build Coastguard Worker */ 54*2d543d20SAndroid Build Coastguard Worker extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf, 55*2d543d20SAndroid Build Coastguard Worker sepol_handle_t * handle); 56*2d543d20SAndroid Build Coastguard Worker 57*2d543d20SAndroid Build Coastguard Worker /* Policydb public interfaces. */ 58*2d543d20SAndroid Build Coastguard Worker 59*2d543d20SAndroid Build Coastguard Worker /* Create and free memory associated with a policydb. */ 60*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_create(sepol_policydb_t ** p); 61*2d543d20SAndroid Build Coastguard Worker extern void sepol_policydb_free(sepol_policydb_t * p); 62*2d543d20SAndroid Build Coastguard Worker 63*2d543d20SAndroid Build Coastguard Worker /* Legal types of policies that the policydb can represent. */ 64*2d543d20SAndroid Build Coastguard Worker #define SEPOL_POLICY_KERN 0 65*2d543d20SAndroid Build Coastguard Worker #define SEPOL_POLICY_BASE 1 66*2d543d20SAndroid Build Coastguard Worker #define SEPOL_POLICY_MOD 2 67*2d543d20SAndroid Build Coastguard Worker 68*2d543d20SAndroid Build Coastguard Worker /* 69*2d543d20SAndroid Build Coastguard Worker * Range of policy versions for the kernel policy type supported 70*2d543d20SAndroid Build Coastguard Worker * by this library. 71*2d543d20SAndroid Build Coastguard Worker */ 72*2d543d20SAndroid Build Coastguard Worker extern int sepol_policy_kern_vers_min(void); 73*2d543d20SAndroid Build Coastguard Worker extern int sepol_policy_kern_vers_max(void); 74*2d543d20SAndroid Build Coastguard Worker 75*2d543d20SAndroid Build Coastguard Worker /* 76*2d543d20SAndroid Build Coastguard Worker * Set the policy type as specified, and automatically initialize the 77*2d543d20SAndroid Build Coastguard Worker * policy version accordingly to the maximum version supported for the 78*2d543d20SAndroid Build Coastguard Worker * policy type. 79*2d543d20SAndroid Build Coastguard Worker * Returns -1 if the policy type is not legal. 80*2d543d20SAndroid Build Coastguard Worker */ 81*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type); 82*2d543d20SAndroid Build Coastguard Worker 83*2d543d20SAndroid Build Coastguard Worker /* 84*2d543d20SAndroid Build Coastguard Worker * Set the policy version to a different value. 85*2d543d20SAndroid Build Coastguard Worker * Returns -1 if the policy version is not in the supported range for 86*2d543d20SAndroid Build Coastguard Worker * the (previously set) policy type. 87*2d543d20SAndroid Build Coastguard Worker */ 88*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers); 89*2d543d20SAndroid Build Coastguard Worker 90*2d543d20SAndroid Build Coastguard Worker /* Set how to handle unknown class/perms. */ 91*2d543d20SAndroid Build Coastguard Worker #define SEPOL_DENY_UNKNOWN 0 92*2d543d20SAndroid Build Coastguard Worker #define SEPOL_REJECT_UNKNOWN 2 93*2d543d20SAndroid Build Coastguard Worker #define SEPOL_ALLOW_UNKNOWN 4 94*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p, 95*2d543d20SAndroid Build Coastguard Worker unsigned int handle_unknown); 96*2d543d20SAndroid Build Coastguard Worker 97*2d543d20SAndroid Build Coastguard Worker /* Set the target platform */ 98*2d543d20SAndroid Build Coastguard Worker #define SEPOL_TARGET_SELINUX 0 99*2d543d20SAndroid Build Coastguard Worker #define SEPOL_TARGET_XEN 1 100*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_set_target_platform(sepol_policydb_t * p, 101*2d543d20SAndroid Build Coastguard Worker int target_platform); 102*2d543d20SAndroid Build Coastguard Worker 103*2d543d20SAndroid Build Coastguard Worker /* 104*2d543d20SAndroid Build Coastguard Worker * Optimize the policy by removing redundant rules. 105*2d543d20SAndroid Build Coastguard Worker */ 106*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_optimize(sepol_policydb_t * p); 107*2d543d20SAndroid Build Coastguard Worker 108*2d543d20SAndroid Build Coastguard Worker /* 109*2d543d20SAndroid Build Coastguard Worker * Read a policydb from a policy file. 110*2d543d20SAndroid Build Coastguard Worker * This automatically sets the type and version based on the 111*2d543d20SAndroid Build Coastguard Worker * image contents. 112*2d543d20SAndroid Build Coastguard Worker */ 113*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf); 114*2d543d20SAndroid Build Coastguard Worker 115*2d543d20SAndroid Build Coastguard Worker /* 116*2d543d20SAndroid Build Coastguard Worker * Write a policydb to a policy file. 117*2d543d20SAndroid Build Coastguard Worker * The generated image will be in the binary format corresponding 118*2d543d20SAndroid Build Coastguard Worker * to the policy version associated with the policydb. 119*2d543d20SAndroid Build Coastguard Worker */ 120*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf); 121*2d543d20SAndroid Build Coastguard Worker 122*2d543d20SAndroid Build Coastguard Worker /* 123*2d543d20SAndroid Build Coastguard Worker * Extract a policydb from a binary policy memory image. 124*2d543d20SAndroid Build Coastguard Worker * This is equivalent to sepol_policydb_read with a policy file 125*2d543d20SAndroid Build Coastguard Worker * set to refer to memory. 126*2d543d20SAndroid Build Coastguard Worker */ 127*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_from_image(sepol_handle_t * handle, 128*2d543d20SAndroid Build Coastguard Worker void *data, size_t len, 129*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t * p); 130*2d543d20SAndroid Build Coastguard Worker 131*2d543d20SAndroid Build Coastguard Worker /* 132*2d543d20SAndroid Build Coastguard Worker * Generate a binary policy memory image from a policydb. 133*2d543d20SAndroid Build Coastguard Worker * This is equivalent to sepol_policydb_write with a policy file 134*2d543d20SAndroid Build Coastguard Worker * set to refer to memory, but internally handles computing the 135*2d543d20SAndroid Build Coastguard Worker * necessary length and allocating an appropriately sized memory 136*2d543d20SAndroid Build Coastguard Worker * buffer for the caller. 137*2d543d20SAndroid Build Coastguard Worker */ 138*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_to_image(sepol_handle_t * handle, 139*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t * p, 140*2d543d20SAndroid Build Coastguard Worker void **newdata, size_t * newlen); 141*2d543d20SAndroid Build Coastguard Worker 142*2d543d20SAndroid Build Coastguard Worker /* 143*2d543d20SAndroid Build Coastguard Worker * Check whether the policydb has MLS enabled. 144*2d543d20SAndroid Build Coastguard Worker */ 145*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p); 146*2d543d20SAndroid Build Coastguard Worker 147*2d543d20SAndroid Build Coastguard Worker /* 148*2d543d20SAndroid Build Coastguard Worker * Check whether the compatibility mode for SELinux network 149*2d543d20SAndroid Build Coastguard Worker * checks should be enabled when using this policy. 150*2d543d20SAndroid Build Coastguard Worker */ 151*2d543d20SAndroid Build Coastguard Worker extern int sepol_policydb_compat_net(const sepol_policydb_t * p); 152*2d543d20SAndroid Build Coastguard Worker 153*2d543d20SAndroid Build Coastguard Worker #ifdef __cplusplus 154*2d543d20SAndroid Build Coastguard Worker } 155*2d543d20SAndroid Build Coastguard Worker #endif 156*2d543d20SAndroid Build Coastguard Worker 157*2d543d20SAndroid Build Coastguard Worker #endif 158