1 #ifndef _SEPOL_POLICYDB_H_
2 #define _SEPOL_POLICYDB_H_
3 
4 #include <stddef.h>
5 #include <stdio.h>
6 
7 #include <sepol/handle.h>
8 #include <sys/cdefs.h>
9 
10 __BEGIN_DECLS
11 
12 struct sepol_policy_file;
13 typedef struct sepol_policy_file sepol_policy_file_t;
14 
15 struct sepol_policydb;
16 typedef struct sepol_policydb sepol_policydb_t;
17 
18 /* Policy file public interfaces. */
19 
20 /* Create and free memory associated with a policy file. */
21 extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
22 extern void sepol_policy_file_free(sepol_policy_file_t * pf);
23 
24 /*
25  * Set the policy file to represent a binary policy memory image.
26  * Subsequent operations using the policy file will read and write
27  * the image located at the specified address with the specified length.
28  * If 'len' is 0, then merely compute the necessary length upon
29  * subsequent policydb write operations in order to determine the
30  * necessary buffer size to allocate.
31  */
32 extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
33 				      char *data, size_t len);
34 
35 /*
36  * Get the size of the buffer needed to store a policydb write
37  * previously done on this policy file.
38  */
39 extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
40 
41 /*
42  * Set the policy file to represent a FILE.
43  * Subsequent operations using the policy file will read and write
44  * to the FILE.
45  */
46 extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
47 
48 /*
49  * Associate a handle with a policy file, for use in
50  * error reporting from subsequent calls that take the
51  * policy file as an argument.
52  */
53 extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
54 					 sepol_handle_t * handle);
55 
56 /* Policydb public interfaces. */
57 
58 /* Create and free memory associated with a policydb. */
59 extern int sepol_policydb_create(sepol_policydb_t ** p);
60 extern void sepol_policydb_free(sepol_policydb_t * p);
61 
62 /* Legal types of policies that the policydb can represent. */
63 #define SEPOL_POLICY_KERN	0
64 #define SEPOL_POLICY_BASE	1
65 #define SEPOL_POLICY_MOD	2
66 
67 /*
68  * Range of policy versions for the kernel policy type supported
69  * by this library.
70  */
71 extern int sepol_policy_kern_vers_min(void);
72 extern int sepol_policy_kern_vers_max(void);
73 
74 /*
75  * Set the policy type as specified, and automatically initialize the
76  * policy version accordingly to the maximum version supported for the
77  * policy type.
78  * Returns -1 if the policy type is not legal.
79  */
80 extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
81 
82 /*
83  * Set the policy version to a different value.
84  * Returns -1 if the policy version is not in the supported range for
85  * the (previously set) policy type.
86  */
87 extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
88 
89 /* Set how to handle unknown class/perms. */
90 #define SEPOL_DENY_UNKNOWN	    0
91 #define SEPOL_REJECT_UNKNOWN	    2
92 #define SEPOL_ALLOW_UNKNOWN	    4
93 extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
94 					     unsigned int handle_unknown);
95 
96 /* Set the target platform */
97 #define SEPOL_TARGET_SELINUX 0
98 #define SEPOL_TARGET_XEN     1
99 extern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
100 					     int target_platform);
101 
102 /*
103  * Read a policydb from a policy file.
104  * This automatically sets the type and version based on the
105  * image contents.
106  */
107 extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
108 
109 /*
110  * Write a policydb to a policy file.
111  * The generated image will be in the binary format corresponding
112  * to the policy version associated with the policydb.
113  */
114 extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
115 
116 /*
117  * Extract a policydb from a binary policy memory image.
118  * This is equivalent to sepol_policydb_read with a policy file
119  * set to refer to memory.
120  */
121 extern int sepol_policydb_from_image(sepol_handle_t * handle,
122 				     void *data, size_t len,
123 				     sepol_policydb_t * p);
124 
125 /*
126  * Generate a binary policy memory image from a policydb.
127  * This is equivalent to sepol_policydb_write with a policy file
128  * set to refer to memory, but internally handles computing the
129  * necessary length and allocating an appropriately sized memory
130  * buffer for the caller.
131  */
132 extern int sepol_policydb_to_image(sepol_handle_t * handle,
133 				   sepol_policydb_t * p,
134 				   void **newdata, size_t * newlen);
135 
136 /*
137  * Check whether the policydb has MLS enabled.
138  */
139 extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
140 
141 /*
142  * Check whether the compatibility mode for SELinux network
143  * checks should be enabled when using this policy.
144  */
145 extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
146 
147 __END_DECLS
148 #endif
149