1 /* Author: Joshua Brindle <jbrindle (at) tresys.com> 2 * Jason Tang <jtang (at) tresys.com> 3 * Ivan Gyurdiev <ivg2 (at) cornell.edu> 4 * 5 * Copyright (C) 2005 Tresys Technology, LLC 6 * Copyright (C) 2005 Red Hat Inc. 7 * 8 * This library is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public 10 * License as published by the Free Software Foundation; either 11 * version 2.1 of the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public 19 * License along with this library; if not, write to the Free Software 20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 21 */ 22 23 #ifndef _SEMANAGE_INTERNAL_HANDLE_H_ 24 #define _SEMANAGE_INTERNAL_HANDLE_H_ 25 26 #include <stdint.h> 27 #include <stddef.h> 28 #include "handle_internal.h" 29 #include <sepol/handle.h> 30 #include "modules.h" 31 #include "semanage_conf.h" 32 #include "database.h" 33 #include "direct_api.h" 34 #include "policy.h" 35 36 struct semanage_handle { 37 int con_id; /* Connection ID */ 38 39 /* Error handling */ 40 int msg_level; 41 const char *msg_channel; 42 const char *msg_fname; 43 #ifdef __GNUC__ 44 __attribute__ ((format(printf, 3, 4))) 45 #endif 46 void (*msg_callback) (void *varg, 47 semanage_handle_t * handle, const char *fmt, ...); 48 void *msg_callback_arg; 49 50 /* Direct vs Server specific handle */ 51 union { 52 struct semanage_direct_handle direct; 53 } u; 54 55 /* Libsepol handle */ 56 sepol_handle_t *sepolh; 57 58 semanage_conf_t *conf; 59 60 uint16_t priority; 61 int is_connected; 62 int is_in_transaction; 63 int do_reload; /* whether to reload policy after commit */ 64 int do_rebuild; /* whether to rebuild policy if there were no changes */ 65 int commit_err; /* set by semanage_direct_commit() if there are 66 * any errors when building or committing the 67 * sandbox to kernel policy at /etc/selinux 68 */ 69 int modules_modified; 70 int create_store; /* whether to create the store if it does not exist 71 * this will only have an effect on direct connections */ 72 int do_check_contexts; /* whether to run setfiles check the file contexts file */ 73 74 /* This timeout is used for transactions and waiting for lock 75 -1 means wait indefinetely 76 0 means return immediately 77 >0 means wait that many seconds */ 78 int timeout; 79 80 /* these function pointers will point to the appropriate 81 * routine given the connection type. think of these as 82 * simulating polymorphism for non-OO languages. */ 83 struct semanage_policy_table *funcs; 84 85 /* Object databases */ 86 #define DBASE_COUNT 24 87 88 /* Local modifications */ 89 #define DBASE_LOCAL_USERS_BASE 0 90 #define DBASE_LOCAL_USERS_EXTRA 1 91 #define DBASE_LOCAL_USERS 2 92 #define DBASE_LOCAL_PORTS 3 93 #define DBASE_LOCAL_INTERFACES 4 94 #define DBASE_LOCAL_BOOLEANS 5 95 #define DBASE_LOCAL_FCONTEXTS 6 96 #define DBASE_LOCAL_SEUSERS 7 97 #define DBASE_LOCAL_NODES 8 98 #define DBASE_LOCAL_IBPKEYS 9 99 #define DBASE_LOCAL_IBENDPORTS 10 100 101 /* Policy + Local modifications */ 102 #define DBASE_POLICY_USERS_BASE 11 103 #define DBASE_POLICY_USERS_EXTRA 12 104 #define DBASE_POLICY_USERS 13 105 #define DBASE_POLICY_PORTS 14 106 #define DBASE_POLICY_INTERFACES 15 107 #define DBASE_POLICY_BOOLEANS 16 108 #define DBASE_POLICY_FCONTEXTS 17 109 #define DBASE_POLICY_FCONTEXTS_H 18 110 #define DBASE_POLICY_SEUSERS 19 111 #define DBASE_POLICY_NODES 20 112 #define DBASE_POLICY_IBPKEYS 21 113 #define DBASE_POLICY_IBENDPORTS 22 114 115 /* Active kernel policy */ 116 #define DBASE_ACTIVE_BOOLEANS 23 117 dbase_config_t dbase[DBASE_COUNT]; 118 }; 119 120 /* === Local modifications === */ 121 static inline 122 dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle) 123 { 124 return &handle->dbase[DBASE_LOCAL_USERS_BASE]; 125 } 126 127 static inline 128 dbase_config_t * semanage_user_extra_dbase_local(semanage_handle_t * handle) 129 { 130 return &handle->dbase[DBASE_LOCAL_USERS_EXTRA]; 131 } 132 133 static inline 134 dbase_config_t * semanage_user_dbase_local(semanage_handle_t * handle) 135 { 136 return &handle->dbase[DBASE_LOCAL_USERS]; 137 } 138 139 static inline 140 dbase_config_t * semanage_port_dbase_local(semanage_handle_t * handle) 141 { 142 return &handle->dbase[DBASE_LOCAL_PORTS]; 143 } 144 145 static inline 146 dbase_config_t * semanage_ibpkey_dbase_local(semanage_handle_t * handle) 147 { 148 return &handle->dbase[DBASE_LOCAL_IBPKEYS]; 149 } 150 151 static inline 152 dbase_config_t * semanage_ibendport_dbase_local(semanage_handle_t * handle) 153 { 154 return &handle->dbase[DBASE_LOCAL_IBENDPORTS]; 155 } 156 157 static inline 158 dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle) 159 { 160 return &handle->dbase[DBASE_LOCAL_INTERFACES]; 161 } 162 163 static inline 164 dbase_config_t * semanage_bool_dbase_local(semanage_handle_t * handle) 165 { 166 return &handle->dbase[DBASE_LOCAL_BOOLEANS]; 167 } 168 169 static inline 170 dbase_config_t * semanage_fcontext_dbase_local(semanage_handle_t * handle) 171 { 172 return &handle->dbase[DBASE_LOCAL_FCONTEXTS]; 173 } 174 175 static inline 176 dbase_config_t * semanage_seuser_dbase_local(semanage_handle_t * handle) 177 { 178 return &handle->dbase[DBASE_LOCAL_SEUSERS]; 179 } 180 181 static inline 182 dbase_config_t * semanage_node_dbase_local(semanage_handle_t * handle) 183 { 184 return &handle->dbase[DBASE_LOCAL_NODES]; 185 } 186 187 /* === Policy + Local modifications === */ 188 static inline 189 dbase_config_t * semanage_user_base_dbase_policy(semanage_handle_t * handle) 190 { 191 return &handle->dbase[DBASE_POLICY_USERS_BASE]; 192 } 193 194 static inline 195 dbase_config_t * semanage_user_extra_dbase_policy(semanage_handle_t * 196 handle) 197 { 198 return &handle->dbase[DBASE_POLICY_USERS_EXTRA]; 199 } 200 201 static inline 202 dbase_config_t * semanage_user_dbase_policy(semanage_handle_t * handle) 203 { 204 return &handle->dbase[DBASE_POLICY_USERS]; 205 } 206 207 static inline 208 dbase_config_t * semanage_port_dbase_policy(semanage_handle_t * handle) 209 { 210 return &handle->dbase[DBASE_POLICY_PORTS]; 211 } 212 213 static inline 214 dbase_config_t * semanage_ibpkey_dbase_policy(semanage_handle_t * handle) 215 { 216 return &handle->dbase[DBASE_POLICY_IBPKEYS]; 217 } 218 219 static inline 220 dbase_config_t * semanage_ibendport_dbase_policy(semanage_handle_t * handle) 221 { 222 return &handle->dbase[DBASE_POLICY_IBENDPORTS]; 223 } 224 225 static inline 226 dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle) 227 { 228 return &handle->dbase[DBASE_POLICY_INTERFACES]; 229 } 230 231 static inline 232 dbase_config_t * semanage_bool_dbase_policy(semanage_handle_t * handle) 233 { 234 return &handle->dbase[DBASE_POLICY_BOOLEANS]; 235 } 236 237 static inline 238 dbase_config_t * semanage_fcontext_dbase_policy(semanage_handle_t * handle) 239 { 240 return &handle->dbase[DBASE_POLICY_FCONTEXTS]; 241 } 242 243 static inline 244 dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle) 245 { 246 return &handle->dbase[DBASE_POLICY_FCONTEXTS_H]; 247 } 248 249 static inline 250 dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle) 251 { 252 return &handle->dbase[DBASE_POLICY_SEUSERS]; 253 } 254 255 static inline 256 dbase_config_t * semanage_node_dbase_policy(semanage_handle_t * handle) 257 { 258 return &handle->dbase[DBASE_POLICY_NODES]; 259 } 260 261 /* === Active kernel policy === */ 262 static inline 263 dbase_config_t * semanage_bool_dbase_active(semanage_handle_t * handle) 264 { 265 return &handle->dbase[DBASE_ACTIVE_BOOLEANS]; 266 } 267 268 #endif 269
