Home | History | Annotate | Download | only in src 
      1 /*
      2  * This file describes the internal interface used by the labeler
      3  * for calling the user-supplied memory allocation, validation,
      4  * and locking routine.
      5  *
      6  * Author : Eamon Walsh <ewalsh (at) epoch.ncsc.mil>
      7  */
      8 #ifndef _SELABEL_INTERNAL_H_
      9 #define _SELABEL_INTERNAL_H_
     10 
     11 #include <stdlib.h>
     12 #include <stdarg.h>
     13 #include <stdio.h>
     14 #include <selinux/selinux.h>
     15 #include <selinux/label.h>
     16 #include "dso.h"
     17 #include "sha1.h"
     18 
     19 /*
     20  * Installed backends
     21  */
     22 int selabel_file_init(struct selabel_handle *rec,
     23 			    const struct selinux_opt *opts,
     24 			    unsigned nopts) hidden;
     25 int selabel_media_init(struct selabel_handle *rec,
     26 			    const struct selinux_opt *opts,
     27 			    unsigned nopts) hidden;
     28 int selabel_x_init(struct selabel_handle *rec,
     29 			    const struct selinux_opt *opts,
     30 			    unsigned nopts) hidden;
     31 int selabel_db_init(struct selabel_handle *rec,
     32 			    const struct selinux_opt *opts,
     33 			    unsigned nopts) hidden;
     34 int selabel_property_init(struct selabel_handle *rec,
     35 			    const struct selinux_opt *opts,
     36 			    unsigned nopts) hidden;
     37 
     38 /*
     39  * Labeling internal structures
     40  */
     41 struct selabel_sub {
     42 	char *src;
     43 	int slen;
     44 	char *dst;
     45 	struct selabel_sub *next;
     46 };
     47 
     48 /*
     49  * Calculate an SHA1 hash of all the files used to build the specs.
     50  * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To
     51  * calculate the hash the hashbuf will hold a concatenation of all the files
     52  * used. This is released once the value has been calculated.
     53  */
     54 #define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE
     55 #define DIGEST_FILES_MAX 8
     56 struct selabel_digest {
     57 	unsigned char *digest;	/* SHA1 digest of specfiles */
     58 	unsigned char *hashbuf;	/* buffer to hold specfiles */
     59 	size_t hashbuf_size;	/* buffer size */
     60 	size_t specfile_cnt;	/* how many specfiles processed */
     61 	char **specfile_list;	/* and their names */
     62 };
     63 
     64 extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp,
     65 						    char *from_addr,
     66 						    size_t buf_len,
     67 						    const char *path);
     68 extern void digest_gen_hash(struct selabel_digest *digest);
     69 
     70 extern struct selabel_sub *selabel_subs_init(const char *path,
     71 				    struct selabel_sub *list,
     72 				    struct selabel_digest *digest);
     73 
     74 struct selabel_lookup_rec {
     75 	char * ctx_raw;
     76 	char * ctx_trans;
     77 	int validated;
     78 };
     79 
     80 struct selabel_handle {
     81 	/* arguments that were passed to selabel_open */
     82 	unsigned int backend;
     83 	int validating;
     84 
     85 	/* labeling operations */
     86 	struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
     87 						   const char *key, int type);
     88 	void (*func_close) (struct selabel_handle *h);
     89 	void (*func_stats) (struct selabel_handle *h);
     90 	bool (*func_partial_match) (struct selabel_handle *h, const char *key);
     91 	struct selabel_lookup_rec *(*func_lookup_best_match)
     92 						    (struct selabel_handle *h,
     93 						    const char *key,
     94 						    const char **aliases,
     95 						    int type);
     96 	enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
     97 					    struct selabel_handle *h2);
     98 
     99 	/* supports backend-specific state information */
    100 	void *data;
    101 
    102 	/*
    103 	 * The main spec file used. Note for file contexts the local and/or
    104 	 * homedirs could also have been used to resolve a context.
    105 	 */
    106 	char *spec_file;
    107 
    108 	/* substitution support */
    109 	struct selabel_sub *dist_subs;
    110 	struct selabel_sub *subs;
    111 	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
    112 	struct selabel_digest *digest;
    113 };
    114 
    115 /*
    116  * Validation function
    117  */
    118 extern int
    119 selabel_validate(struct selabel_handle *rec,
    120 		 struct selabel_lookup_rec *contexts) hidden;
    121 
    122 /*
    123  * Compatibility support
    124  */
    125 extern int myprintf_compat;
    126 extern void __attribute__ ((format(printf, 1, 2)))
    127 (*myprintf) (const char *fmt, ...);
    128 
    129 #define COMPAT_LOG(type, fmt...) if (myprintf_compat)	  \
    130 		myprintf(fmt);				  \
    131 	else						  \
    132 		selinux_log(type, fmt);
    133 
    134 extern int
    135 compat_validate(struct selabel_handle *rec,
    136 		struct selabel_lookup_rec *contexts,
    137 		const char *path, unsigned lineno) hidden;
    138 
    139 /*
    140  * The read_spec_entries function may be used to
    141  * replace sscanf to read entries from spec files.
    142  */
    143 extern int read_spec_entries(char *line_buf, int num_args, ...);
    144 
    145 #endif				/* _SELABEL_INTERNAL_H_ */
    146