handle.h revision 13cd4c8960688af11ad23b4c946149015c80d549
1/* Authors: Joshua Brindle <jbrindle@tresys.com> 2 * Jason Tang <jtang@tresys.com> 3 * 4 * Copyright (C) 2005 Tresys Technology, LLC 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21#ifndef _SEMANAGE_HANDLE_H_ 22#define _SEMANAGE_HANDLE_H_ 23 24/* All accesses with semanage are through a "semanage_handle". The 25 * handle may ultimately reference local config files, 26 * the binary policy file, a module store, or a policy management server. 27 */ 28struct semanage_handle; 29typedef struct semanage_handle semanage_handle_t; 30 31/* Create and return a semanage handle. 32 The handle is initially in the disconnected state. */ 33semanage_handle_t *semanage_handle_create(void); 34 35/* Deallocate all space associated with a semanage_handle_t, including 36 * the pointer itself. CAUTION: this function does not disconnect 37 * from the backend; be sure that a semanage_disconnect() was 38 * previously called if the handle was connected. */ 39void semanage_handle_destroy(semanage_handle_t *); 40 41/* This is the type of connection to the store, for now only 42 * direct is supported */ 43enum semanage_connect_type { 44 SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT, 45 SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE 46}; 47 48/* This function allows you to specify the store to connect to. 49 * It must be called after semanage_handle_create but before 50 * semanage_connect. The argument should be the full path to the store. 51 */ 52void semanage_select_store(semanage_handle_t * handle, char *path, 53 enum semanage_connect_type storetype); 54 55/* Just reload the policy */ 56int semanage_reload_policy(semanage_handle_t * handle); 57 58/* set whether to reload the policy or not after a commit, 59 * 1 for yes (default), 0 for no */ 60void semanage_set_reload(semanage_handle_t * handle, int do_reload); 61 62/* set whether to rebuild the policy on commit, even if no 63 * changes were performed. 64 * 1 for yes, 0 for no (default) */ 65void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild); 66 67/* create the store if it does not exist, this only has an effect on 68 * direct connections and must be called before semanage_connect 69 * 1 for yes, 0 for no (default) */ 70void semanage_set_create_store(semanage_handle_t * handle, int create_store); 71 72/* Set whether or not to disable dontaudits upon commit */ 73void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit); 74 75/* Check whether policy is managed via libsemanage on this system. 76 * Must be called prior to trying to connect. 77 * Return 1 if policy is managed via libsemanage on this system, 78 * 0 if policy is not managed, or -1 on error. 79 */ 80int semanage_is_managed(semanage_handle_t *); 81 82/* "Connect" to a manager based on the configuration and 83 * associate the provided handle with the connection. 84 * If the connect fails then this function returns a negative value, 85 * else it returns zero. 86 */ 87int semanage_connect(semanage_handle_t *); 88 89/* Disconnect from the manager given by the handle. If already 90 * disconnected then this function does nothing. Return 0 if 91 * disconnected properly or already disconnected, negative value on 92 * error. */ 93int semanage_disconnect(semanage_handle_t *); 94 95/* Attempt to obtain a transaction lock on the manager. If another 96 * process has the lock then this function may block, depending upon 97 * the timeout value in the handle. 98 * 99 * Note that if the semanage_handle has not yet obtained a transaction 100 * lock whenever a writer function is called, there will be an 101 * implicit call to this function. */ 102int semanage_begin_transaction(semanage_handle_t *); 103 104/* Attempt to commit all changes since this transaction began. If the 105 * commit is successful then increment the "policy sequence number" 106 * and then release the transaction lock. Return that policy number 107 * afterwards, or -1 on error. 108 */ 109int semanage_commit(semanage_handle_t *); 110 111#define SEMANAGE_CAN_READ 1 112#define SEMANAGE_CAN_WRITE 2 113/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable 114 * or writable, respectively. <0 if an error occured */ 115int semanage_access_check(semanage_handle_t * sh); 116 117/* returns 0 if not connected, 1 if connected */ 118int semanage_is_connected(semanage_handle_t * sh); 119 120/* META NOTES 121 * 122 * For all functions a non-negative number indicates success. For some 123 * functions a >=0 returned value is the "policy sequence number". This 124 * number keeps tracks of policy revisions and is used to detect if 125 * one semanage client has committed policy changes while another is 126 * still connected. 127 */ 128 129#endif 130