Home | History | Annotate | Download | only in src 
      1 /*
      2  * This file describes the internal interface used by the labeler
      3  * for calling the user-supplied memory allocation, validation,
      4  * and locking routine.
      5  *
      6  * Author : Eamon Walsh <ewalsh (at) epoch.ncsc.mil>
      7  */
      8 #ifndef _SELABEL_INTERNAL_H_
      9 #define _SELABEL_INTERNAL_H_
     10 
     11 #include <stdlib.h>
     12 #include <stdarg.h>
     13 #include <stdio.h>
     14 #include <selinux/selinux.h>
     15 #include <selinux/label.h>
     16 #include "dso.h"
     17 #include "sha1.h"
     18 
     19 #if defined(ANDROID) || defined(__APPLE__)
     20 // Android and Mac do not have fgets_unlocked()
     21 #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
     22 #endif
     23 
     24 /*
     25  * Installed backends
     26  */
     27 int selabel_file_init(struct selabel_handle *rec,
     28 			    const struct selinux_opt *opts,
     29 			    unsigned nopts) hidden;
     30 int selabel_media_init(struct selabel_handle *rec,
     31 			    const struct selinux_opt *opts,
     32 			    unsigned nopts) hidden;
     33 int selabel_x_init(struct selabel_handle *rec,
     34 			    const struct selinux_opt *opts,
     35 			    unsigned nopts) hidden;
     36 int selabel_db_init(struct selabel_handle *rec,
     37 			    const struct selinux_opt *opts,
     38 			    unsigned nopts) hidden;
     39 int selabel_property_init(struct selabel_handle *rec,
     40 			    const struct selinux_opt *opts,
     41 			    unsigned nopts) hidden;
     42 int selabel_service_init(struct selabel_handle *rec,
     43 			    const struct selinux_opt *opts,
     44 			    unsigned nopts) hidden;
     45 
     46 /*
     47  * Labeling internal structures
     48  */
     49 struct selabel_sub {
     50 	char *src;
     51 	int slen;
     52 	char *dst;
     53 	struct selabel_sub *next;
     54 };
     55 
     56 /*
     57  * Calculate an SHA1 hash of all the files used to build the specs.
     58  * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To
     59  * calculate the hash the hashbuf will hold a concatenation of all the files
     60  * used. This is released once the value has been calculated.
     61  */
     62 #define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE
     63 #define DIGEST_FILES_MAX 8
     64 struct selabel_digest {
     65 	unsigned char *digest;	/* SHA1 digest of specfiles */
     66 	unsigned char *hashbuf;	/* buffer to hold specfiles */
     67 	size_t hashbuf_size;	/* buffer size */
     68 	size_t specfile_cnt;	/* how many specfiles processed */
     69 	char **specfile_list;	/* and their names */
     70 };
     71 
     72 extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp,
     73 						    char *from_addr,
     74 						    size_t buf_len,
     75 						    const char *path);
     76 extern void digest_gen_hash(struct selabel_digest *digest);
     77 
     78 extern struct selabel_sub *selabel_subs_init(const char *path,
     79 				    struct selabel_sub *list,
     80 				    struct selabel_digest *digest);
     81 
     82 struct selabel_lookup_rec {
     83 	char * ctx_raw;
     84 	char * ctx_trans;
     85 	int validated;
     86 };
     87 
     88 struct selabel_handle {
     89 	/* arguments that were passed to selabel_open */
     90 	unsigned int backend;
     91 	int validating;
     92 
     93 	/* labeling operations */
     94 	struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
     95 						   const char *key, int type);
     96 	void (*func_close) (struct selabel_handle *h);
     97 	void (*func_stats) (struct selabel_handle *h);
     98 	bool (*func_partial_match) (struct selabel_handle *h, const char *key);
     99 	struct selabel_lookup_rec *(*func_lookup_best_match)
    100 						    (struct selabel_handle *h,
    101 						    const char *key,
    102 						    const char **aliases,
    103 						    int type);
    104 	enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
    105 					    struct selabel_handle *h2);
    106 
    107 	/* supports backend-specific state information */
    108 	void *data;
    109 
    110 	/*
    111 	 * The main spec file(s) used. Note for file contexts the local and/or
    112 	 * homedirs could also have been used to resolve a context.
    113 	 */
    114 	size_t spec_files_len;
    115 	char **spec_files;
    116 
    117 
    118 	/* substitution support */
    119 	struct selabel_sub *dist_subs;
    120 	struct selabel_sub *subs;
    121 	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
    122 	struct selabel_digest *digest;
    123 };
    124 
    125 /*
    126  * Validation function
    127  */
    128 extern int
    129 selabel_validate(struct selabel_handle *rec,
    130 		 struct selabel_lookup_rec *contexts) hidden;
    131 
    132 /*
    133  * Compatibility support
    134  */
    135 extern int myprintf_compat;
    136 extern void __attribute__ ((format(printf, 1, 2)))
    137 (*myprintf) (const char *fmt, ...) hidden;
    138 
    139 #define COMPAT_LOG(type, fmt...) if (myprintf_compat)	  \
    140 		myprintf(fmt);				  \
    141 	else						  \
    142 		selinux_log(type, fmt);
    143 
    144 extern int
    145 compat_validate(struct selabel_handle *rec,
    146 		struct selabel_lookup_rec *contexts,
    147 		const char *path, unsigned lineno) hidden;
    148 
    149 /*
    150  * The read_spec_entries function may be used to
    151  * replace sscanf to read entries from spec files.
    152  */
    153 extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
    154 
    155 #endif				/* _SELABEL_INTERNAL_H_ */
    156