Home | History | Annotate | Download | only in sepol 
      1 #ifndef _SEPOL_POLICYDB_H_
      2 #define _SEPOL_POLICYDB_H_
      3 
      4 #include <stddef.h>
      5 #include <stdio.h>
      6 
      7 #include <sepol/handle.h>
      8 
      9 #ifdef __cplusplus
     10 extern "C" {
     11 #endif
     12 
     13 struct sepol_policy_file;
     14 typedef struct sepol_policy_file sepol_policy_file_t;
     15 
     16 struct sepol_policydb;
     17 typedef struct sepol_policydb sepol_policydb_t;
     18 
     19 /* Policy file public interfaces. */
     20 
     21 /* Create and free memory associated with a policy file. */
     22 extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
     23 extern void sepol_policy_file_free(sepol_policy_file_t * pf);
     24 
     25 /*
     26  * Set the policy file to represent a binary policy memory image.
     27  * Subsequent operations using the policy file will read and write
     28  * the image located at the specified address with the specified length.
     29  * If 'len' is 0, then merely compute the necessary length upon
     30  * subsequent policydb write operations in order to determine the
     31  * necessary buffer size to allocate.
     32  */
     33 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
     34 				      char *data, size_t len);
     35 
     36 /*
     37  * Get the size of the buffer needed to store a policydb write
     38  * previously done on this policy file.
     39  */
     40 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
     41 
     42 /*
     43  * Set the policy file to represent a FILE.
     44  * Subsequent operations using the policy file will read and write
     45  * to the FILE.
     46  */
     47 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
     48 
     49 /*
     50  * Associate a handle with a policy file, for use in
     51  * error reporting from subsequent calls that take the
     52  * policy file as an argument.
     53  */
     54 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
     55 					 sepol_handle_t * handle);
     56 
     57 /* Policydb public interfaces. */
     58 
     59 /* Create and free memory associated with a policydb. */
     60 extern int sepol_policydb_create(sepol_policydb_t ** p);
     61 extern void sepol_policydb_free(sepol_policydb_t * p);
     62 
     63 /* Legal types of policies that the policydb can represent. */
     64 #define SEPOL_POLICY_KERN	0
     65 #define SEPOL_POLICY_BASE	1
     66 #define SEPOL_POLICY_MOD	2
     67 
     68 /*
     69  * Range of policy versions for the kernel policy type supported
     70  * by this library.
     71  */
     72 extern int sepol_policy_kern_vers_min(void);
     73 extern int sepol_policy_kern_vers_max(void);
     74 
     75 /*
     76  * Set the policy type as specified, and automatically initialize the
     77  * policy version accordingly to the maximum version supported for the
     78  * policy type.
     79  * Returns -1 if the policy type is not legal.
     80  */
     81 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
     82 
     83 /*
     84  * Set the policy version to a different value.
     85  * Returns -1 if the policy version is not in the supported range for
     86  * the (previously set) policy type.
     87  */
     88 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
     89 
     90 /* Set how to handle unknown class/perms. */
     91 #define SEPOL_DENY_UNKNOWN	    0
     92 #define SEPOL_REJECT_UNKNOWN	    2
     93 #define SEPOL_ALLOW_UNKNOWN	    4
     94 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
     95 					     unsigned int handle_unknown);
     96 
     97 /* Set the target platform */
     98 #define SEPOL_TARGET_SELINUX 0
     99 #define SEPOL_TARGET_XEN     1
    100 extern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
    101 					     int target_platform);
    102 
    103 /*
    104  * Read a policydb from a policy file.
    105  * This automatically sets the type and version based on the
    106  * image contents.
    107  */
    108 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
    109 
    110 /*
    111  * Write a policydb to a policy file.
    112  * The generated image will be in the binary format corresponding
    113  * to the policy version associated with the policydb.
    114  */
    115 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
    116 
    117 /*
    118  * Extract a policydb from a binary policy memory image.
    119  * This is equivalent to sepol_policydb_read with a policy file
    120  * set to refer to memory.
    121  */
    122 extern int sepol_policydb_from_image(sepol_handle_t * handle,
    123 				     void *data, size_t len,
    124 				     sepol_policydb_t * p);
    125 
    126 /*
    127  * Generate a binary policy memory image from a policydb.
    128  * This is equivalent to sepol_policydb_write with a policy file
    129  * set to refer to memory, but internally handles computing the
    130  * necessary length and allocating an appropriately sized memory
    131  * buffer for the caller.
    132  */
    133 extern int sepol_policydb_to_image(sepol_handle_t * handle,
    134 				   sepol_policydb_t * p,
    135 				   void **newdata, size_t * newlen);
    136 
    137 /*
    138  * Check whether the policydb has MLS enabled.
    139  */
    140 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
    141 
    142 /*
    143  * Check whether the compatibility mode for SELinux network
    144  * checks should be enabled when using this policy.
    145  */
    146 extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
    147 
    148 #ifdef __cplusplus
    149 }
    150 #endif
    151 
    152 #endif
    153