Home | History | Annotate | Download | only in sepol 
      1 #ifndef _SEPOL_POLICYDB_H_
      2 #define _SEPOL_POLICYDB_H_
      3 
      4 #include <stddef.h>
      5 #include <stdio.h>
      6 
      7 #include <sepol/handle.h>
      8 #include <sys/cdefs.h>
      9 
     10 __BEGIN_DECLS
     11 
     12 struct sepol_policy_file;
     13 typedef struct sepol_policy_file sepol_policy_file_t;
     14 
     15 struct sepol_policydb;
     16 typedef struct sepol_policydb sepol_policydb_t;
     17 
     18 /* Policy file public interfaces. */
     19 
     20 /* Create and free memory associated with a policy file. */
     21 extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
     22 extern void sepol_policy_file_free(sepol_policy_file_t * pf);
     23 
     24 /*
     25  * Set the policy file to represent a binary policy memory image.
     26  * Subsequent operations using the policy file will read and write
     27  * the image located at the specified address with the specified length.
     28  * If 'len' is 0, then merely compute the necessary length upon
     29  * subsequent policydb write operations in order to determine the
     30  * necessary buffer size to allocate.
     31  */
     32 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
     33 				      char *data, size_t len);
     34 
     35 /*
     36  * Get the size of the buffer needed to store a policydb write
     37  * previously done on this policy file.
     38  */
     39 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
     40 
     41 /*
     42  * Set the policy file to represent a FILE.
     43  * Subsequent operations using the policy file will read and write
     44  * to the FILE.
     45  */
     46 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
     47 
     48 /*
     49  * Associate a handle with a policy file, for use in
     50  * error reporting from subsequent calls that take the
     51  * policy file as an argument.
     52  */
     53 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
     54 					 sepol_handle_t * handle);
     55 
     56 /* Policydb public interfaces. */
     57 
     58 /* Create and free memory associated with a policydb. */
     59 extern int sepol_policydb_create(sepol_policydb_t ** p);
     60 extern void sepol_policydb_free(sepol_policydb_t * p);
     61 
     62 /* Legal types of policies that the policydb can represent. */
     63 #define SEPOL_POLICY_KERN	0
     64 #define SEPOL_POLICY_BASE	1
     65 #define SEPOL_POLICY_MOD	2
     66 
     67 /*
     68  * Range of policy versions for the kernel policy type supported
     69  * by this library.
     70  */
     71 extern int sepol_policy_kern_vers_min(void);
     72 extern int sepol_policy_kern_vers_max(void);
     73 
     74 /*
     75  * Set the policy type as specified, and automatically initialize the
     76  * policy version accordingly to the maximum version supported for the
     77  * policy type.
     78  * Returns -1 if the policy type is not legal.
     79  */
     80 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
     81 
     82 /*
     83  * Set the policy version to a different value.
     84  * Returns -1 if the policy version is not in the supported range for
     85  * the (previously set) policy type.
     86  */
     87 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
     88 
     89 /* Set how to handle unknown class/perms. */
     90 #define SEPOL_DENY_UNKNOWN	    0
     91 #define SEPOL_REJECT_UNKNOWN	    2
     92 #define SEPOL_ALLOW_UNKNOWN	    4
     93 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
     94 					     unsigned int handle_unknown);
     95 
     96 /* Set the target platform */
     97 #define SEPOL_TARGET_SELINUX 0
     98 #define SEPOL_TARGET_XEN     1
     99 extern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
    100 					     int target_platform);
    101 
    102 /*
    103  * Read a policydb from a policy file.
    104  * This automatically sets the type and version based on the
    105  * image contents.
    106  */
    107 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
    108 
    109 /*
    110  * Write a policydb to a policy file.
    111  * The generated image will be in the binary format corresponding
    112  * to the policy version associated with the policydb.
    113  */
    114 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
    115 
    116 /*
    117  * Extract a policydb from a binary policy memory image.
    118  * This is equivalent to sepol_policydb_read with a policy file
    119  * set to refer to memory.
    120  */
    121 extern int sepol_policydb_from_image(sepol_handle_t * handle,
    122 				     void *data, size_t len,
    123 				     sepol_policydb_t * p);
    124 
    125 /*
    126  * Generate a binary policy memory image from a policydb.
    127  * This is equivalent to sepol_policydb_write with a policy file
    128  * set to refer to memory, but internally handles computing the
    129  * necessary length and allocating an appropriately sized memory
    130  * buffer for the caller.
    131  */
    132 extern int sepol_policydb_to_image(sepol_handle_t * handle,
    133 				   sepol_policydb_t * p,
    134 				   void **newdata, size_t * newlen);
    135 
    136 /*
    137  * Check whether the policydb has MLS enabled.
    138  */
    139 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
    140 
    141 /*
    142  * Check whether the compatibility mode for SELinux network
    143  * checks should be enabled when using this policy.
    144  */
    145 extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
    146 
    147 __END_DECLS
    148 #endif
    149