selinux.h revision 9c46a0a3153124753e3afbd2090fea65a09e1df1 
1#ifndef _SELINUX_H_
2#define _SELINUX_H_
3
4#include <sys/types.h>
5#include <stdarg.h>
6
7#ifdef __cplusplus
8extern "C" {
9#endif
10
11/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
12extern int is_selinux_enabled(void);
13/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
14extern int is_selinux_mls_enabled(void);
15
16typedef char *security_context_t;
17
18/* Free the memory allocated for a context by any of the below get* calls. */
19extern void freecon(security_context_t con);
20
21/* Free the memory allocated for a context array by security_compute_user. */
22extern void freeconary(security_context_t * con);
23
24/* Wrappers for the /proc/pid/attr API. */
25
26/* Get current context, and set *con to refer to it.
27   Caller must free via freecon. */
28extern int getcon(security_context_t * con);
29extern int getcon_raw(security_context_t * con);
30
31/* Set the current security context to con.
32   Note that use of this function requires that the entire application
33   be trusted to maintain any desired separation between the old and new
34   security contexts, unlike exec-based transitions performed via setexeccon.
35   When possible, decompose your application and use setexeccon()+execve()
36   instead. Note that the application may lose access to its open descriptors
37   as a result of a setcon() unless policy allows it to use descriptors opened
38   by the old context. */
39extern int setcon(const security_context_t con);
40extern int setcon_raw(const security_context_t con);
41
42/* Get context of process identified by pid, and
43   set *con to refer to it.  Caller must free via freecon. */
44extern int getpidcon(pid_t pid, security_context_t * con);
45extern int getpidcon_raw(pid_t pid, security_context_t * con);
46
47/* Get previous context (prior to last exec), and set *con to refer to it.
48   Caller must free via freecon. */
49extern int getprevcon(security_context_t * con);
50extern int getprevcon_raw(security_context_t * con);
51
52/* Get exec context, and set *con to refer to it.
53   Sets *con to NULL if no exec context has been set, i.e. using default.
54   If non-NULL, caller must free via freecon. */
55extern int getexeccon(security_context_t * con);
56extern int getexeccon_raw(security_context_t * con);
57
58/* Set exec security context for the next execve.
59   Call with NULL if you want to reset to the default. */
60extern int setexeccon(const security_context_t con);
61extern int setexeccon_raw(const security_context_t con);
62
63/* Get fscreate context, and set *con to refer to it.
64   Sets *con to NULL if no fs create context has been set, i.e. using default.
65   If non-NULL, caller must free via freecon. */
66extern int getfscreatecon(security_context_t * con);
67extern int getfscreatecon_raw(security_context_t * con);
68
69/* Set the fscreate security context for subsequent file creations.
70   Call with NULL if you want to reset to the default. */
71extern int setfscreatecon(const security_context_t context);
72extern int setfscreatecon_raw(const security_context_t context);
73
74/* Get keycreate context, and set *con to refer to it.
75   Sets *con to NULL if no key create context has been set, i.e. using default.
76   If non-NULL, caller must free via freecon. */
77extern int getkeycreatecon(security_context_t * con);
78extern int getkeycreatecon_raw(security_context_t * con);
79
80/* Set the keycreate security context for subsequent key creations.
81   Call with NULL if you want to reset to the default. */
82extern int setkeycreatecon(const security_context_t context);
83extern int setkeycreatecon_raw(const security_context_t context);
84
85/* Get sockcreate context, and set *con to refer to it.
86   Sets *con to NULL if no socket create context has been set, i.e. using default.
87   If non-NULL, caller must free via freecon. */
88extern int getsockcreatecon(security_context_t * con);
89extern int getsockcreatecon_raw(security_context_t * con);
90
91/* Set the sockcreate security context for subsequent socket creations.
92   Call with NULL if you want to reset to the default. */
93extern int setsockcreatecon(const security_context_t context);
94extern int setsockcreatecon_raw(const security_context_t context);
95
96/* Wrappers for the xattr API. */
97
98/* Get file context, and set *con to refer to it.
99   Caller must free via freecon. */
100extern int getfilecon(const char *path, security_context_t * con);
101extern int getfilecon_raw(const char *path, security_context_t * con);
102extern int lgetfilecon(const char *path, security_context_t * con);
103extern int lgetfilecon_raw(const char *path, security_context_t * con);
104extern int fgetfilecon(int fd, security_context_t * con);
105extern int fgetfilecon_raw(int fd, security_context_t * con);
106
107/* Set file context */
108extern int setfilecon(const char *path, security_context_t con);
109extern int setfilecon_raw(const char *path, security_context_t con);
110extern int lsetfilecon(const char *path, security_context_t con);
111extern int lsetfilecon_raw(const char *path, security_context_t con);
112extern int fsetfilecon(int fd, security_context_t con);
113extern int fsetfilecon_raw(int fd, security_context_t con);
114
115/* Wrappers for the socket API */
116
117/* Get context of peer socket, and set *con to refer to it.
118   Caller must free via freecon. */
119extern int getpeercon(int fd, security_context_t * con);
120extern int getpeercon_raw(int fd, security_context_t * con);
121
122/* Wrappers for the selinuxfs (policy) API. */
123
124typedef unsigned int access_vector_t;
125typedef unsigned short security_class_t;
126
127struct av_decision {
128	access_vector_t allowed;
129	access_vector_t decided;
130	access_vector_t auditallow;
131	access_vector_t auditdeny;
132	unsigned int seqno;
133	unsigned int flags;
134};
135
136/* Definitions of av_decision.flags */
137#define SELINUX_AVD_FLAGS_PERMISSIVE	0x0001
138
139/* Structure for passing options, used by AVC and label subsystems */
140struct selinux_opt {
141	int type;
142	const char *value;
143};
144
145/* Callback facilities */
146union selinux_callback {
147	/* log the printf-style format and arguments,
148	   with the type code indicating the type of message */
149	int
150#ifdef __GNUC__
151__attribute__ ((format(printf, 2, 3)))
152#endif
153	(*func_log) (int type, const char *fmt, ...);
154	/* store a string representation of auditdata (corresponding
155	   to the given security class) into msgbuf. */
156	int (*func_audit) (void *auditdata, security_class_t cls,
157			   char *msgbuf, size_t msgbufsize);
158	/* validate the supplied context, modifying if necessary */
159	int (*func_validate) (security_context_t *ctx);
160	/* netlink callback for setenforce message */
161	int (*func_setenforce) (int enforcing);
162	/* netlink callback for policyload message */
163	int (*func_policyload) (int seqno);
164};
165
166#define SELINUX_CB_LOG		0
167#define SELINUX_CB_AUDIT	1
168#define SELINUX_CB_VALIDATE	2
169#define SELINUX_CB_SETENFORCE	3
170#define SELINUX_CB_POLICYLOAD	4
171
172extern union selinux_callback selinux_get_callback(int type);
173extern void selinux_set_callback(int type, union selinux_callback cb);
174
175	/* Logging type codes, passed to the logging callback */
176#define SELINUX_ERROR	        0
177#define SELINUX_WARNING		1
178#define SELINUX_INFO		2
179#define SELINUX_AVC		3
180
181/* Compute an access decision. */
182extern int security_compute_av(const security_context_t scon,
183			       const security_context_t tcon,
184			       security_class_t tclass,
185			       access_vector_t requested,
186			       struct av_decision *avd);
187extern int security_compute_av_raw(const security_context_t scon,
188				   const security_context_t tcon,
189				   security_class_t tclass,
190				   access_vector_t requested,
191				   struct av_decision *avd);
192
193extern int security_compute_av_flags(const security_context_t scon,
194				     const security_context_t tcon,
195				     security_class_t tclass,
196				     access_vector_t requested,
197				     struct av_decision *avd);
198extern int security_compute_av_flags_raw(const security_context_t scon,
199					 const security_context_t tcon,
200					 security_class_t tclass,
201					 access_vector_t requested,
202					 struct av_decision *avd);
203
204/* Compute a labeling decision and set *newcon to refer to it.
205   Caller must free via freecon. */
206extern int security_compute_create(const security_context_t scon,
207				   const security_context_t tcon,
208				   security_class_t tclass,
209				   security_context_t * newcon);
210extern int security_compute_create_raw(const security_context_t scon,
211				       const security_context_t tcon,
212				       security_class_t tclass,
213				       security_context_t * newcon);
214
215/* Compute a relabeling decision and set *newcon to refer to it.
216   Caller must free via freecon. */
217extern int security_compute_relabel(const security_context_t scon,
218				    const security_context_t tcon,
219				    security_class_t tclass,
220				    security_context_t * newcon);
221extern int security_compute_relabel_raw(const security_context_t scon,
222					const security_context_t tcon,
223					security_class_t tclass,
224					security_context_t * newcon);
225
226/* Compute a polyinstantiation member decision and set *newcon to refer to it.
227   Caller must free via freecon. */
228extern int security_compute_member(const security_context_t scon,
229				   const security_context_t tcon,
230				   security_class_t tclass,
231				   security_context_t * newcon);
232extern int security_compute_member_raw(const security_context_t scon,
233				       const security_context_t tcon,
234				       security_class_t tclass,
235				       security_context_t * newcon);
236
237/* Compute the set of reachable user contexts and set *con to refer to
238   the NULL-terminated array of contexts.  Caller must free via freeconary. */
239extern int security_compute_user(const security_context_t scon,
240				 const char *username,
241				 security_context_t ** con);
242extern int security_compute_user_raw(const security_context_t scon,
243				     const char *username,
244				     security_context_t ** con);
245
246/* Load a policy configuration. */
247extern int security_load_policy(void *data, size_t len);
248
249/* Get the context of an initial kernel security identifier by name.
250   Caller must free via freecon */
251extern int security_get_initial_context(const char *name,
252					security_context_t * con);
253extern int security_get_initial_context_raw(const char *name,
254					    security_context_t * con);
255
256/*
257 * Make a policy image and load it.
258 * This function provides a higher level interface for loading policy
259 * than security_load_policy, internally determining the right policy
260 * version, locating and opening the policy file, mapping it into memory,
261 * manipulating it as needed for current boolean settings and/or local
262 * definitions, and then calling security_load_policy to load it.
263 *
264 * 'preservebools' is a boolean flag indicating whether current
265 * policy boolean values should be preserved into the new policy (if 1)
266 * or reset to the saved policy settings (if 0).  The former case is the
267 * default for policy reloads, while the latter case is an option for policy
268 * reloads but is primarily for the initial policy load.
269 */
270extern int selinux_mkload_policy(int preservebools);
271
272/*
273 * Perform the initial policy load.
274 * This function determines the desired enforcing mode, sets the
275 * the *enforce argument accordingly for the caller to use, sets the
276 * SELinux kernel enforcing status to match it, and loads the policy.
277 * It also internally handles the initial selinuxfs mount required to
278 * perform these actions.
279 *
280 * The function returns 0 if everything including the policy load succeeds.
281 * In this case, init is expected to re-exec itself in order to transition
282 * to the proper security context.
283 * Otherwise, the function returns -1, and init must check *enforce to
284 * determine how to proceed.  If enforcing (*enforce > 0), then init should
285 * halt the system.  Otherwise, init may proceed normally without a re-exec.
286 */
287extern int selinux_init_load_policy(int *enforce);
288
289/* Translate boolean strict to name value pair. */
290typedef struct {
291	char *name;
292	int value;
293} SELboolean;
294/* save a list of booleans in a single transaction.  */
295extern int security_set_boolean_list(size_t boolcnt,
296				     SELboolean * boollist, int permanent);
297
298/* Load policy boolean settings.
299   Path may be NULL, in which case the booleans are loaded from
300   the active policy boolean configuration file. */
301extern int security_load_booleans(char *path);
302
303/* Check the validity of a security context. */
304extern int security_check_context(const security_context_t con);
305extern int security_check_context_raw(const security_context_t con);
306
307/* Canonicalize a security context. */
308extern int security_canonicalize_context(const security_context_t con,
309					 security_context_t * canoncon);
310extern int security_canonicalize_context_raw(const security_context_t con,
311					     security_context_t * canoncon);
312
313/* Get the enforce flag value. */
314extern int security_getenforce(void);
315
316/* Set the enforce flag value. */
317extern int security_setenforce(int value);
318
319/* Get the behavior for undefined classes/permissions */
320extern int security_deny_unknown(void);
321
322/* Disable SELinux at runtime (must be done prior to initial policy load). */
323extern int security_disable(void);
324
325/* Get the policy version number. */
326extern int security_policyvers(void);
327
328/* Get the boolean names */
329extern int security_get_boolean_names(char ***names, int *len);
330
331/* Get the pending value for the boolean */
332extern int security_get_boolean_pending(const char *name);
333
334/* Get the active value for the boolean */
335extern int security_get_boolean_active(const char *name);
336
337/* Set the pending value for the boolean */
338extern int security_set_boolean(const char *name, int value);
339
340/* Commit the pending values for the booleans */
341extern int security_commit_booleans(void);
342
343/* Userspace class mapping support */
344struct security_class_mapping {
345	const char *name;
346	const char *perms[sizeof(access_vector_t) * 8 + 1];
347};
348
349extern int selinux_set_mapping(struct security_class_mapping *map);
350
351/* Common helpers */
352
353/* Convert between security class values and string names */
354extern security_class_t string_to_security_class(const char *name);
355extern const char *security_class_to_string(security_class_t cls);
356
357/* Convert between individual access vector permissions and string names */
358extern const char *security_av_perm_to_string(security_class_t tclass,
359					      access_vector_t perm);
360extern access_vector_t string_to_av_perm(security_class_t tclass,
361					 const char *name);
362
363/* Returns an access vector in a string representation.  User must free the
364 * returned string via free(). */
365extern int security_av_string(security_class_t tclass,
366			      access_vector_t av, char **result);
367
368/* Display an access vector in a string representation. */
369extern void print_access_vector(security_class_t tclass, access_vector_t av);
370
371/* Set the function used by matchpathcon_init when displaying
372   errors about the file_contexts configuration.  If not set,
373   then this defaults to fprintf(stderr, fmt, ...). */
374extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
375
376/* Set the function used by matchpathcon_init when checking the
377   validity of a context in the file contexts configuration.  If not set,
378   then this defaults to a test based on security_check_context().
379   The function is also responsible for reporting any such error, and
380   may include the 'path' and 'lineno' in such error messages. */
381extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
382						  unsigned lineno,
383						  char *context));
384
385/* Same as above, but also allows canonicalization of the context,
386   by changing *context to refer to the canonical form.  If not set,
387   and invalidcon is also not set, then this defaults to calling
388   security_canonicalize_context(). */
389extern void set_matchpathcon_canoncon(int (*f) (const char *path,
390						unsigned lineno,
391						char **context));
392
393/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
394#define MATCHPATHCON_BASEONLY 1	/* Only process the base file_contexts file. */
395#define MATCHPATHCON_NOTRANS  2	/* Do not perform any context translation. */
396#define MATCHPATHCON_VALIDATE 4	/* Validate/canonicalize contexts at init time. */
397extern void set_matchpathcon_flags(unsigned int flags);
398
399/* Load the file contexts configuration specified by 'path'
400   into memory for use by subsequent matchpathcon calls.
401   If 'path' is NULL, then load the active file contexts configuration,
402   i.e. the path returned by selinux_file_context_path().
403   Unless the MATCHPATHCON_BASEONLY flag has been set, this
404   function also checks for a 'path'.homedirs file and
405   a 'path'.local file and loads additional specifications
406   from them if present. */
407extern int matchpathcon_init(const char *path);
408
409/* Same as matchpathcon_init, but only load entries with
410   regexes that have stems that are prefixes of 'prefix'. */
411extern int matchpathcon_init_prefix(const char *path, const char *prefix);
412
413/* Free the memory allocated by matchpathcon_init. */
414extern void matchpathcon_fini(void);
415
416/* Match the specified pathname and mode against the file contexts
417   configuration and set *con to refer to the resulting context.
418   'mode' can be 0 to disable mode matching.
419   Caller must free via freecon.
420   If matchpathcon_init has not already been called, then this function
421   will call it upon its first invocation with a NULL path. */
422extern int matchpathcon(const char *path,
423			mode_t mode, security_context_t * con);
424
425/* Same as above, but return a specification index for
426   later use in a matchpathcon_filespec_add() call - see below. */
427extern int matchpathcon_index(const char *path,
428			      mode_t mode, security_context_t * con);
429
430/* Maintain an association between an inode and a specification index,
431   and check whether a conflicting specification is already associated
432   with the same inode (e.g. due to multiple hard links).  If so, then
433   use the latter of the two specifications based on their order in the
434   file contexts configuration.  Return the used specification index. */
435extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
436
437/* Destroy any inode associations that have been added, e.g. to restart
438   for a new filesystem. */
439extern void matchpathcon_filespec_destroy(void);
440
441/* Display statistics on the hash table usage for the associations. */
442extern void matchpathcon_filespec_eval(void);
443
444/* Check to see whether any specifications had no matches and report them.
445   The 'str' is used as a prefix for any warning messages. */
446extern void matchpathcon_checkmatches(char *str);
447
448/* Match the specified media and against the media contexts
449   configuration and set *con to refer to the resulting context.
450   Caller must free con via freecon. */
451extern int matchmediacon(const char *media, security_context_t * con);
452
453/*
454  selinux_getenforcemode reads the /etc/selinux/config file and determines
455  whether the machine should be started in enforcing (1), permissive (0) or
456  disabled (-1) mode.
457 */
458extern int selinux_getenforcemode(int *enforce);
459
460/*
461  selinux_getpolicytype reads the /etc/selinux/config file and determines
462  what the default policy for the machine is.  Calling application must
463  free policytype.
464 */
465extern int selinux_getpolicytype(char **policytype);
466
467/*
468  selinux_policy_root reads the /etc/selinux/config file and returns
469  the directory path under which the compiled policy file and context
470  configuration files exist.
471 */
472extern const char *selinux_policy_root(void);
473
474/* These functions return the paths to specific files under the
475   policy root directory. */
476extern const char *selinux_binary_policy_path(void);
477extern const char *selinux_failsafe_context_path(void);
478extern const char *selinux_removable_context_path(void);
479extern const char *selinux_default_context_path(void);
480extern const char *selinux_user_contexts_path(void);
481extern const char *selinux_file_context_path(void);
482extern const char *selinux_file_context_homedir_path(void);
483extern const char *selinux_file_context_local_path(void);
484extern const char *selinux_file_context_subs_path(void);
485extern const char *selinux_file_context_subs_dist_path(void);
486extern const char *selinux_homedir_context_path(void);
487extern const char *selinux_media_context_path(void);
488extern const char *selinux_virtual_domain_context_path(void);
489extern const char *selinux_virtual_image_context_path(void);
490extern const char *selinux_x_context_path(void);
491extern const char *selinux_sepgsql_context_path(void);
492extern const char *selinux_contexts_path(void);
493extern const char *selinux_securetty_types_path(void);
494extern const char *selinux_booleans_path(void);
495extern const char *selinux_customizable_types_path(void);
496extern const char *selinux_users_path(void);
497extern const char *selinux_usersconf_path(void);
498extern const char *selinux_translations_path(void);
499extern const char *selinux_colors_path(void);
500extern const char *selinux_netfilter_context_path(void);
501extern const char *selinux_path(void);
502
503/**
504 * selinux_check_access - Check permissions and perform appropriate auditing.
505 * @scon: source security context
506 * @tcon: target security context
507 * @tclass: target security class string
508 * @perm: requested permissions string, interpreted based on @tclass
509 * @auditdata: auxiliary audit data
510 *
511 * Check the AVC to determine whether the @perm permissions are granted
512 * for the SID pair (@scon, @tcon), interpreting the permissions
513 * based on @tclass.
514 * Return %0 if all @perm permissions are granted, -%1 with
515 * @errno set to %EACCES if any permissions are denied or to another
516 * value upon other errors.
517 * If auditing or logging is configured the appropriate callbacks will be called
518 * and passed the auditdata field
519 */
520extern int selinux_check_access(const security_context_t scon, const security_context_t tcon, const char *tclass, const char *perm, void *auditdata);
521
522/* Check a permission in the passwd class.
523   Return 0 if granted or -1 otherwise. */
524extern int selinux_check_passwd_access(access_vector_t requested);
525extern int checkPasswdAccess(access_vector_t requested);
526
527/* Check if the tty_context is defined as a securetty
528   Return 0 if secure, < 0 otherwise. */
529extern int selinux_check_securetty_context(const security_context_t tty_context);
530
531/* Set the path to the selinuxfs mount point explicitly.
532   Normally, this is determined automatically during libselinux
533   initialization, but this is not always possible, e.g. for /sbin/init
534   which performs the initial mount of selinuxfs. */
535void set_selinuxmnt(char *mnt);
536
537/* Check if selinuxfs exists as a kernel filesystem */
538int selinuxfs_exists(void);
539
540/* clear selinuxmnt variable and free allocated memory */
541void fini_selinuxmnt(void);
542
543/* Execute a helper for rpm in an appropriate security context. */
544extern int rpm_execcon(unsigned int verified,
545		       const char *filename,
546		       char *const argv[], char *const envp[]);
547
548/* Returns whether a file context is customizable, and should not
549   be relabeled . */
550extern int is_context_customizable(const security_context_t scontext);
551
552/* Perform context translation between the human-readable format
553   ("translated") and the internal system format ("raw").
554   Caller must free the resulting context via freecon.
555   Returns -1 upon an error or 0 otherwise.
556   If passed NULL, sets the returned context to NULL and returns 0. */
557extern int selinux_trans_to_raw_context(const security_context_t trans,
558					security_context_t * rawp);
559extern int selinux_raw_to_trans_context(const security_context_t raw,
560					security_context_t * transp);
561
562/* Perform context translation between security contexts
563   and display colors.  Returns a space-separated list of ten
564   ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
565   Caller must free the resulting string via free.
566   Returns -1 upon an error or 0 otherwise. */
567extern int selinux_raw_context_to_color(const security_context_t raw,
568					char **color_str);
569
570/* Get the SELinux username and level to use for a given Linux username.
571   These values may then be passed into the get_ordered_context_list*
572   and get_default_context* functions to obtain a context for the user.
573   Returns 0 on success or -1 otherwise.
574   Caller must free the returned strings via free. */
575extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
576
577/* Get the SELinux username and level to use for a given Linux username and service.
578   These values may then be passed into the get_ordered_context_list*
579   and get_default_context* functions to obtain a context for the user.
580   Returns 0 on success or -1 otherwise.
581   Caller must free the returned strings via free. */
582extern int getseuser(const char *username, const char *service,
583		     char **r_seuser, char **r_level);
584
585/* Compare two file contexts, return 0 if equivalent. */
586extern int selinux_file_context_cmp(const security_context_t a,
587			     const security_context_t b);
588
589/*
590 * Verify the context of the file 'path' against policy.
591 * Return 1 if match, 0 if not and -1 on error.
592 */
593extern int selinux_file_context_verify(const char *path, mode_t mode);
594
595/* This function sets the file context on to the system defaults returns 0 on success */
596extern int selinux_lsetfilecon_default(const char *path);
597
598/*
599 * Force a reset of the loaded configuration
600 * WARNING: This is not thread safe. Be very sure that no other threads
601 * are calling into libselinux when this is called.
602 */
603extern void selinux_reset_config(void);
604
605#ifdef __cplusplus
606}
607#endif
608#endif
609