1#ifndef _SEPOL_POLICYDB_H_
2#define _SEPOL_POLICYDB_H_
3
4#include <stddef.h>
5#include <stdio.h>
6
7#include <sepol/handle.h>
8#include <sys/cdefs.h>
9
10__BEGIN_DECLS
11
12struct sepol_policy_file;
13typedef struct sepol_policy_file sepol_policy_file_t;
14
15struct sepol_policydb;
16typedef struct sepol_policydb sepol_policydb_t;
17
18/* Policy file public interfaces. */
19
20/* Create and free memory associated with a policy file. */
21extern int sepol_policy_file_create(sepol_policy_file_t ** pf);
22extern void sepol_policy_file_free(sepol_policy_file_t * pf);
23
24/*
25 * Set the policy file to represent a binary policy memory image.
26 * Subsequent operations using the policy file will read and write
27 * the image located at the specified address with the specified length.
28 * If 'len' is 0, then merely compute the necessary length upon
29 * subsequent policydb write operations in order to determine the
30 * necessary buffer size to allocate.
31 */
32extern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
33				      char *data, size_t len);
34
35/*
36 * Get the size of the buffer needed to store a policydb write
37 * previously done on this policy file.
38 */
39extern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
40
41/*
42 * Set the policy file to represent a FILE.
43 * Subsequent operations using the policy file will read and write
44 * to the FILE.
45 */
46extern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
47
48/*
49 * Associate a handle with a policy file, for use in
50 * error reporting from subsequent calls that take the
51 * policy file as an argument.
52 */
53extern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
54					 sepol_handle_t * handle);
55
56/* Policydb public interfaces. */
57
58/* Create and free memory associated with a policydb. */
59extern int sepol_policydb_create(sepol_policydb_t ** p);
60extern void sepol_policydb_free(sepol_policydb_t * p);
61
62/* Legal types of policies that the policydb can represent. */
63#define SEPOL_POLICY_KERN	0
64#define SEPOL_POLICY_BASE	1
65#define SEPOL_POLICY_MOD	2
66
67/*
68 * Range of policy versions for the kernel policy type supported
69 * by this library.
70 */
71extern int sepol_policy_kern_vers_min(void);
72extern int sepol_policy_kern_vers_max(void);
73
74/*
75 * Set the policy type as specified, and automatically initialize the
76 * policy version accordingly to the maximum version supported for the
77 * policy type.
78 * Returns -1 if the policy type is not legal.
79 */
80extern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
81
82/*
83 * Set the policy version to a different value.
84 * Returns -1 if the policy version is not in the supported range for
85 * the (previously set) policy type.
86 */
87extern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
88
89/* Set how to handle unknown class/perms. */
90#define SEPOL_DENY_UNKNOWN	    0
91#define SEPOL_REJECT_UNKNOWN	    2
92#define SEPOL_ALLOW_UNKNOWN	    4
93extern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
94					     unsigned int handle_unknown);
95
96/* Set the target platform */
97#define SEPOL_TARGET_SELINUX 0
98#define SEPOL_TARGET_XEN     1
99extern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
100					     int target_platform);
101
102/*
103 * Read a policydb from a policy file.
104 * This automatically sets the type and version based on the
105 * image contents.
106 */
107extern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
108
109/*
110 * Write a policydb to a policy file.
111 * The generated image will be in the binary format corresponding
112 * to the policy version associated with the policydb.
113 */
114extern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
115
116/*
117 * Extract a policydb from a binary policy memory image.
118 * This is equivalent to sepol_policydb_read with a policy file
119 * set to refer to memory.
120 */
121extern int sepol_policydb_from_image(sepol_handle_t * handle,
122				     void *data, size_t len,
123				     sepol_policydb_t * p);
124
125/*
126 * Generate a binary policy memory image from a policydb.
127 * This is equivalent to sepol_policydb_write with a policy file
128 * set to refer to memory, but internally handles computing the
129 * necessary length and allocating an appropriately sized memory
130 * buffer for the caller.
131 */
132extern int sepol_policydb_to_image(sepol_handle_t * handle,
133				   sepol_policydb_t * p,
134				   void **newdata, size_t * newlen);
135
136/*
137 * Check whether the policydb has MLS enabled.
138 */
139extern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
140
141/*
142 * Check whether the compatibility mode for SELinux network
143 * checks should be enabled when using this policy.
144 */
145extern int sepol_policydb_compat_net(const sepol_policydb_t * p);
146
147__END_DECLS
148#endif
149