Home | History | Annotate | Download | only in semanage
      1 /* Authors: Joshua Brindle  <jbrindle (at) tresys.com>
      2  *	    Jason Tang	    <jtang (at) tresys.com>
      3  *
      4  * Copyright (C) 2005 Tresys Technology, LLC
      5  *
      6  *  This library is free software; you can redistribute it and/or
      7  *  modify it under the terms of the GNU Lesser General Public
      8  *  License as published by the Free Software Foundation; either
      9  *  version 2.1 of the License, or (at your option) any later version.
     10  *
     11  *  This library is distributed in the hope that it will be useful,
     12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14  *  Lesser General Public License for more details.
     15  *
     16  *  You should have received a copy of the GNU Lesser General Public
     17  *  License along with this library; if not, write to the Free Software
     18  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
     19  */
     20 
     21 #ifndef _SEMANAGE_HANDLE_H_
     22 #define _SEMANAGE_HANDLE_H_
     23 
     24 #include <stdint.h>
     25 
     26 /* All accesses with semanage are through a "semanage_handle".  The
     27  * handle may ultimately reference local config files,
     28  * the binary policy file, a module store, or a policy management server.
     29  */
     30 struct semanage_handle;
     31 typedef struct semanage_handle semanage_handle_t;
     32 
     33 /* Create and return a semanage handle.
     34    The handle is initially in the disconnected state. */
     35 semanage_handle_t *semanage_handle_create(void);
     36 
     37 /* Deallocate all space associated with a semanage_handle_t, including
     38  * the pointer itself.	CAUTION: this function does not disconnect
     39  * from the backend; be sure that a semanage_disconnect() was
     40  * previously called if the handle was connected. */
     41 void semanage_handle_destroy(semanage_handle_t *);
     42 
     43 /* This is the type of connection to the store, for now only
     44  * direct is supported */
     45 enum semanage_connect_type {
     46 	SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT,
     47 	SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE
     48 };
     49 
     50 /* This function allows you to specify the store to  connect to.
     51  * It must be called after semanage_handle_create but before
     52  * semanage_connect. The argument should be the full path to the store.
     53  */
     54 void semanage_select_store(semanage_handle_t * handle, char *path,
     55 			   enum semanage_connect_type storetype);
     56 
     57 /* Just reload the policy */
     58 int semanage_reload_policy(semanage_handle_t * handle);
     59 
     60 /* set whether to reload the policy or not after a commit,
     61  * 1 for yes (default), 0 for no */
     62 void semanage_set_reload(semanage_handle_t * handle, int do_reload);
     63 
     64 /* set whether to rebuild the policy on commit, even if no
     65  * changes were performed.
     66  * 1 for yes, 0 for no (default) */
     67 void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
     68 
     69 /* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path
     70  * corresponding to lang_ext.
     71  * Upon success returns 0, -1 on error. */
     72 int semanage_get_hll_compiler_path(semanage_handle_t *sh, char *lang_ext, char **compiler_path);
     73 
     74 /* create the store if it does not exist, this only has an effect on
     75  * direct connections and must be called before semanage_connect
     76  * 1 for yes, 0 for no (default) */
     77 void semanage_set_create_store(semanage_handle_t * handle, int create_store);
     78 
     79 /*Get whether or not dontaudits will be disabled upon commit */
     80 int semanage_get_disable_dontaudit(semanage_handle_t * handle);
     81 
     82 /* Set whether or not to disable dontaudits upon commit */
     83 void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
     84 
     85 /* Set whether or not to execute setfiles to check file contexts upon commit */
     86 void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts);
     87 
     88 /* Get the default priority. */
     89 uint16_t semanage_get_default_priority(semanage_handle_t *sh);
     90 
     91 /* Set the default priority. */
     92 int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority);
     93 
     94 /* Check whether policy is managed via libsemanage on this system.
     95  * Must be called prior to trying to connect.
     96  * Return 1 if policy is managed via libsemanage on this system,
     97  * 0 if policy is not managed, or -1 on error.
     98  */
     99 int semanage_is_managed(semanage_handle_t *);
    100 
    101 /* "Connect" to a manager based on the configuration and
    102  * associate the provided handle with the connection.
    103  * If the connect fails then this function returns a negative value,
    104  * else it returns zero.
    105  */
    106 int semanage_connect(semanage_handle_t *);
    107 
    108 /* Disconnect from the manager given by the handle.  If already
    109  * disconnected then this function does nothing.  Return 0 if
    110  * disconnected properly or already disconnected, negative value on
    111  * error. */
    112 int semanage_disconnect(semanage_handle_t *);
    113 
    114 /* Attempt to obtain a transaction lock on the manager.	 If another
    115  * process has the lock then this function may block, depending upon
    116  * the timeout value in the handle.
    117  *
    118  * Note that if the semanage_handle has not yet obtained a transaction
    119  * lock whenever a writer function is called, there will be an
    120  * implicit call to this function. */
    121 int semanage_begin_transaction(semanage_handle_t *);
    122 
    123 /* Attempt to commit all changes since this transaction began.	If the
    124  * commit is successful then increment the "policy sequence number"
    125  * and then release the transaction lock.  Return that policy number
    126  * afterwards, or -1 on error.
    127  */
    128 int semanage_commit(semanage_handle_t *);
    129 
    130 #define SEMANAGE_CAN_READ 1
    131 #define SEMANAGE_CAN_WRITE 2
    132 /* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
    133  * or writable, respectively. <0 if an error occured */
    134 int semanage_access_check(semanage_handle_t * sh);
    135 
    136 /* returns 0 if not connected, 1 if connected */
    137 int semanage_is_connected(semanage_handle_t * sh);
    138 
    139 /* returns 1 if policy is MLS, 0 otherwise. */
    140 int semanage_mls_enabled(semanage_handle_t *sh);
    141 
    142 /* Change to alternate semanage root path */
    143 int semanage_set_root(const char *path);
    144 
    145 /* Get the current semanage root path */
    146 const char * semanage_root(void);
    147 
    148 /* Get whether or not needless unused branch of tunables would be preserved */
    149 int semanage_get_preserve_tunables(semanage_handle_t * handle);
    150 
    151 /* Set whether or not to preserve the needless unused branch of tunables */
    152 void semanage_set_preserve_tunables(semanage_handle_t * handle, int preserve_tunables);
    153 
    154 /* Get the flag value for whether or not caching is ignored for compiled CIL modules from HLL files */
    155 int semanage_get_ignore_module_cache(semanage_handle_t *handle);
    156 
    157 /* Set semanage_handle flag for whether or not to ignore caching of compiled CIL modules from HLL files */
    158 void semanage_set_ignore_module_cache(semanage_handle_t *handle, int ignore_module_cache);
    159 
    160 /* set the store root path for semanage output files */
    161 void semanage_set_store_root(semanage_handle_t *sh, const char *store_root);
    162 
    163 /* META NOTES
    164  *
    165  * For all functions a non-negative number indicates success. For some
    166  * functions a >=0 returned value is the "policy sequence number".  This
    167  * number keeps tracks of policy revisions and is used to detect if
    168  * one semanage client has committed policy changes while another is
    169  * still connected.
    170  */
    171 
    172 #endif
    173