handle.h revision 13cd4c8960688af11ad23b4c946149015c80d549 
1/* Authors: Joshua Brindle  <jbrindle@tresys.com>
2 *	    Jason Tang	    <jtang@tresys.com>
3 *
4 * Copyright (C) 2005 Tresys Technology, LLC
5 *
6 *  This library is free software; you can redistribute it and/or
7 *  modify it under the terms of the GNU Lesser General Public
8 *  License as published by the Free Software Foundation; either
9 *  version 2.1 of the License, or (at your option) any later version.
10 *
11 *  This library is distributed in the hope that it will be useful,
12 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 *  Lesser General Public License for more details.
15 *
16 *  You should have received a copy of the GNU Lesser General Public
17 *  License along with this library; if not, write to the Free Software
18 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
19 */
20
21#ifndef _SEMANAGE_HANDLE_H_
22#define _SEMANAGE_HANDLE_H_
23
24/* All accesses with semanage are through a "semanage_handle".  The
25 * handle may ultimately reference local config files,
26 * the binary policy file, a module store, or a policy management server.
27 */
28struct semanage_handle;
29typedef struct semanage_handle semanage_handle_t;
30
31/* Create and return a semanage handle.
32   The handle is initially in the disconnected state. */
33semanage_handle_t *semanage_handle_create(void);
34
35/* Deallocate all space associated with a semanage_handle_t, including
36 * the pointer itself.	CAUTION: this function does not disconnect
37 * from the backend; be sure that a semanage_disconnect() was
38 * previously called if the handle was connected. */
39void semanage_handle_destroy(semanage_handle_t *);
40
41/* This is the type of connection to the store, for now only
42 * direct is supported */
43enum semanage_connect_type {
44	SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT,
45	SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE
46};
47
48/* This function allows you to specify the store to  connect to.
49 * It must be called after semanage_handle_create but before
50 * semanage_connect. The argument should be the full path to the store.
51 */
52void semanage_select_store(semanage_handle_t * handle, char *path,
53			   enum semanage_connect_type storetype);
54
55/* Just reload the policy */
56int semanage_reload_policy(semanage_handle_t * handle);
57
58/* set whether to reload the policy or not after a commit,
59 * 1 for yes (default), 0 for no */
60void semanage_set_reload(semanage_handle_t * handle, int do_reload);
61
62/* set whether to rebuild the policy on commit, even if no
63 * changes were performed.
64 * 1 for yes, 0 for no (default) */
65void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
66
67/* create the store if it does not exist, this only has an effect on
68 * direct connections and must be called before semanage_connect
69 * 1 for yes, 0 for no (default) */
70void semanage_set_create_store(semanage_handle_t * handle, int create_store);
71
72/* Set whether or not to disable dontaudits upon commit */
73void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
74
75/* Check whether policy is managed via libsemanage on this system.
76 * Must be called prior to trying to connect.
77 * Return 1 if policy is managed via libsemanage on this system,
78 * 0 if policy is not managed, or -1 on error.
79 */
80int semanage_is_managed(semanage_handle_t *);
81
82/* "Connect" to a manager based on the configuration and
83 * associate the provided handle with the connection.
84 * If the connect fails then this function returns a negative value,
85 * else it returns zero.
86 */
87int semanage_connect(semanage_handle_t *);
88
89/* Disconnect from the manager given by the handle.  If already
90 * disconnected then this function does nothing.  Return 0 if
91 * disconnected properly or already disconnected, negative value on
92 * error. */
93int semanage_disconnect(semanage_handle_t *);
94
95/* Attempt to obtain a transaction lock on the manager.	 If another
96 * process has the lock then this function may block, depending upon
97 * the timeout value in the handle.
98 *
99 * Note that if the semanage_handle has not yet obtained a transaction
100 * lock whenever a writer function is called, there will be an
101 * implicit call to this function. */
102int semanage_begin_transaction(semanage_handle_t *);
103
104/* Attempt to commit all changes since this transaction began.	If the
105 * commit is successful then increment the "policy sequence number"
106 * and then release the transaction lock.  Return that policy number
107 * afterwards, or -1 on error.
108 */
109int semanage_commit(semanage_handle_t *);
110
111#define SEMANAGE_CAN_READ 1
112#define SEMANAGE_CAN_WRITE 2
113/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
114 * or writable, respectively. <0 if an error occured */
115int semanage_access_check(semanage_handle_t * sh);
116
117/* returns 0 if not connected, 1 if connected */
118int semanage_is_connected(semanage_handle_t * sh);
119
120/* META NOTES
121 *
122 * For all functions a non-negative number indicates success. For some
123 * functions a >=0 returned value is the "policy sequence number".  This
124 * number keeps tracks of policy revisions and is used to detect if
125 * one semanage client has committed policy changes while another is
126 * still connected.
127 */
128
129#endif
130