Home | History | Annotate | Download | only in sepol 
      1 #ifndef _SEPOL_POLICYDB_H_
      2 #define _SEPOL_POLICYDB_H_
      3 
      4 #include <stddef.h>
      5 #include <stdio.h>
      6 
      7 #include <sepol/handle.h>
      8 
      9 struct sepol_policy_file;
     10 typedef struct sepol_policy_file sepol_policy_file_t;
     11 
     12 struct sepol_policydb;
     13 typedef struct sepol_policydb sepol_policydb_t;
     14 
     15 /* Policy file public interfaces. */
     16 
     17 /* Create and free memory associated with a policy file. */
     18 extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
     19 extern void sepol_policy_file_free(sepol_policy_file_t * pf);
     20 
     21 /*
     22  * Set the policy file to represent a binary policy memory image.
     23  * Subsequent operations using the policy file will read and write
     24  * the image located at the specified address with the specified length.
     25  * If 'len' is 0, then merely compute the necessary length upon
     26  * subsequent policydb write operations in order to determine the
     27  * necessary buffer size to allocate.
     28  */
     29 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
     30 				      char *data, size_t len);
     31 
     32 /*
     33  * Get the size of the buffer needed to store a policydb write
     34  * previously done on this policy file.
     35  */
     36 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
     37 
     38 /*
     39  * Set the policy file to represent a FILE.
     40  * Subsequent operations using the policy file will read and write
     41  * to the FILE.
     42  */
     43 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
     44 
     45 /*
     46  * Associate a handle with a policy file, for use in
     47  * error reporting from subsequent calls that take the
     48  * policy file as an argument.
     49  */
     50 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
     51 					 sepol_handle_t * handle);
     52 
     53 /* Policydb public interfaces. */
     54 
     55 /* Create and free memory associated with a policydb. */
     56 extern int sepol_policydb_create(sepol_policydb_t ** p);
     57 extern void sepol_policydb_free(sepol_policydb_t * p);
     58 
     59 /* Legal types of policies that the policydb can represent. */
     60 #define SEPOL_POLICY_KERN	0
     61 #define SEPOL_POLICY_BASE	1
     62 #define SEPOL_POLICY_MOD	2
     63 
     64 /*
     65  * Range of policy versions for the kernel policy type supported
     66  * by this library.
     67  */
     68 extern int sepol_policy_kern_vers_min(void);
     69 extern int sepol_policy_kern_vers_max(void);
     70 
     71 /*
     72  * Set the policy type as specified, and automatically initialize the
     73  * policy version accordingly to the maximum version supported for the
     74  * policy type.
     75  * Returns -1 if the policy type is not legal.
     76  */
     77 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
     78 
     79 /*
     80  * Set the policy version to a different value.
     81  * Returns -1 if the policy version is not in the supported range for
     82  * the (previously set) policy type.
     83  */
     84 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
     85 
     86 /* Set how to handle unknown class/perms. */
     87 #define SEPOL_DENY_UNKNOWN	    0
     88 #define SEPOL_REJECT_UNKNOWN	    2
     89 #define SEPOL_ALLOW_UNKNOWN	    4
     90 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
     91 					     unsigned int handle_unknown);
     92 
     93 /*
     94  * Read a policydb from a policy file.
     95  * This automatically sets the type and version based on the
     96  * image contents.
     97  */
     98 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
     99 
    100 /*
    101  * Write a policydb to a policy file.
    102  * The generated image will be in the binary format corresponding
    103  * to the policy version associated with the policydb.
    104  */
    105 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
    106 
    107 /*
    108  * Extract a policydb from a binary policy memory image.
    109  * This is equivalent to sepol_policydb_read with a policy file
    110  * set to refer to memory.
    111  */
    112 extern int sepol_policydb_from_image(sepol_handle_t * handle,
    113 				     void *data, size_t len,
    114 				     sepol_policydb_t * p);
    115 
    116 /*
    117  * Generate a binary policy memory image from a policydb.
    118  * This is equivalent to sepol_policydb_write with a policy file
    119  * set to refer to memory, but internally handles computing the
    120  * necessary length and allocating an appropriately sized memory
    121  * buffer for the caller.
    122  */
    123 extern int sepol_policydb_to_image(sepol_handle_t * handle,
    124 				   sepol_policydb_t * p,
    125 				   void **newdata, size_t * newlen);
    126 
    127 /*
    128  * Check whether the policydb has MLS enabled.
    129  */
    130 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
    131 
    132 /*
    133  * Check whether the compatibility mode for SELinux network
    134  * checks should be enabled when using this policy.
    135  */
    136 extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
    137 
    138 #endif
    139