1#ifndef _SEPOL_POLICYDB_H_
2#define _SEPOL_POLICYDB_H_
3
4#include <stddef.h>
5#include <stdio.h>
6
7#include <sepol/handle.h>
8
9struct sepol_policy_file;
10typedef struct sepol_policy_file sepol_policy_file_t;
11
12struct sepol_policydb;
13typedef struct sepol_policydb sepol_policydb_t;
14
15/* Policy file public interfaces. */
16
17/* Create and free memory associated with a policy file. */
18extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
19extern void sepol_policy_file_free(sepol_policy_file_t * pf);
20
21/*
22 * Set the policy file to represent a binary policy memory image.
23 * Subsequent operations using the policy file will read and write
24 * the image located at the specified address with the specified length.
25 * If 'len' is 0, then merely compute the necessary length upon
26 * subsequent policydb write operations in order to determine the
27 * necessary buffer size to allocate.
28 */
29extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
30				      char *data, size_t len);
31
32/*
33 * Get the size of the buffer needed to store a policydb write
34 * previously done on this policy file.
35 */
36extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
37
38/*
39 * Set the policy file to represent a FILE.
40 * Subsequent operations using the policy file will read and write
41 * to the FILE.
42 */
43extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
44
45/*
46 * Associate a handle with a policy file, for use in
47 * error reporting from subsequent calls that take the
48 * policy file as an argument.
49 */
50extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
51					 sepol_handle_t * handle);
52
53/* Policydb public interfaces. */
54
55/* Create and free memory associated with a policydb. */
56extern int sepol_policydb_create(sepol_policydb_t ** p);
57extern void sepol_policydb_free(sepol_policydb_t * p);
58
59/* Legal types of policies that the policydb can represent. */
60#define SEPOL_POLICY_KERN	0
61#define SEPOL_POLICY_BASE	1
62#define SEPOL_POLICY_MOD	2
63
64/*
65 * Range of policy versions for the kernel policy type supported
66 * by this library.
67 */
68extern int sepol_policy_kern_vers_min(void);
69extern int sepol_policy_kern_vers_max(void);
70
71/*
72 * Set the policy type as specified, and automatically initialize the
73 * policy version accordingly to the maximum version supported for the
74 * policy type.
75 * Returns -1 if the policy type is not legal.
76 */
77extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
78
79/*
80 * Set the policy version to a different value.
81 * Returns -1 if the policy version is not in the supported range for
82 * the (previously set) policy type.
83 */
84extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
85
86/* Set how to handle unknown class/perms. */
87#define SEPOL_DENY_UNKNOWN	    0
88#define SEPOL_REJECT_UNKNOWN	    2
89#define SEPOL_ALLOW_UNKNOWN	    4
90extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
91					     unsigned int handle_unknown);
92
93/*
94 * Read a policydb from a policy file.
95 * This automatically sets the type and version based on the
96 * image contents.
97 */
98extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
99
100/*
101 * Write a policydb to a policy file.
102 * The generated image will be in the binary format corresponding
103 * to the policy version associated with the policydb.
104 */
105extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
106
107/*
108 * Extract a policydb from a binary policy memory image.
109 * This is equivalent to sepol_policydb_read with a policy file
110 * set to refer to memory.
111 */
112extern int sepol_policydb_from_image(sepol_handle_t * handle,
113				     void *data, size_t len,
114				     sepol_policydb_t * p);
115
116/*
117 * Generate a binary policy memory image from a policydb.
118 * This is equivalent to sepol_policydb_write with a policy file
119 * set to refer to memory, but internally handles computing the
120 * necessary length and allocating an appropriately sized memory
121 * buffer for the caller.
122 */
123extern int sepol_policydb_to_image(sepol_handle_t * handle,
124				   sepol_policydb_t * p,
125				   void **newdata, size_t * newlen);
126
127/*
128 * Check whether the policydb has MLS enabled.
129 */
130extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
131
132/*
133 * Check whether the compatibility mode for SELinux network
134 * checks should be enabled when using this policy.
135 */
136extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
137
138#endif
139