selinux.h revision 13cd4c8960688af11ad23b4c946149015c80d549
1#ifndef _SELINUX_H_ 2#define _SELINUX_H_ 3 4#include <sys/types.h> 5#include <stdarg.h> 6 7#ifdef __cplusplus 8extern "C" { 9#endif 10 11/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */ 12extern int is_selinux_enabled(void); 13/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ 14extern int is_selinux_mls_enabled(void); 15 16typedef char *security_context_t; 17 18/* Free the memory allocated for a context by any of the below get* calls. */ 19extern void freecon(security_context_t con); 20 21/* Free the memory allocated for a context array by security_compute_user. */ 22extern void freeconary(security_context_t * con); 23 24/* Wrappers for the /proc/pid/attr API. */ 25 26/* Get current context, and set *con to refer to it. 27 Caller must free via freecon. */ 28extern int getcon(security_context_t * con); 29extern int getcon_raw(security_context_t * con); 30 31/* Set the current security context to con. 32 Note that use of this function requires that the entire application 33 be trusted to maintain any desired separation between the old and new 34 security contexts, unlike exec-based transitions performed via setexeccon. 35 When possible, decompose your application and use setexeccon()+execve() 36 instead. Note that the application may lose access to its open descriptors 37 as a result of a setcon() unless policy allows it to use descriptors opened 38 by the old context. */ 39extern int setcon(security_context_t con); 40extern int setcon_raw(security_context_t con); 41 42/* Get context of process identified by pid, and 43 set *con to refer to it. Caller must free via freecon. */ 44extern int getpidcon(pid_t pid, security_context_t * con); 45extern int getpidcon_raw(pid_t pid, security_context_t * con); 46 47/* Get previous context (prior to last exec), and set *con to refer to it. 48 Caller must free via freecon. */ 49extern int getprevcon(security_context_t * con); 50extern int getprevcon_raw(security_context_t * con); 51 52/* Get exec context, and set *con to refer to it. 53 Sets *con to NULL if no exec context has been set, i.e. using default. 54 If non-NULL, caller must free via freecon. */ 55extern int getexeccon(security_context_t * con); 56extern int getexeccon_raw(security_context_t * con); 57 58/* Set exec security context for the next execve. 59 Call with NULL if you want to reset to the default. */ 60extern int setexeccon(security_context_t con); 61extern int setexeccon_raw(security_context_t con); 62 63/* Get fscreate context, and set *con to refer to it. 64 Sets *con to NULL if no fs create context has been set, i.e. using default. 65 If non-NULL, caller must free via freecon. */ 66extern int getfscreatecon(security_context_t * con); 67extern int getfscreatecon_raw(security_context_t * con); 68 69/* Set the fscreate security context for subsequent file creations. 70 Call with NULL if you want to reset to the default. */ 71extern int setfscreatecon(security_context_t context); 72extern int setfscreatecon_raw(security_context_t context); 73 74/* Get keycreate context, and set *con to refer to it. 75 Sets *con to NULL if no key create context has been set, i.e. using default. 76 If non-NULL, caller must free via freecon. */ 77extern int getkeycreatecon(security_context_t * con); 78extern int getkeycreatecon_raw(security_context_t * con); 79 80/* Set the keycreate security context for subsequent key creations. 81 Call with NULL if you want to reset to the default. */ 82extern int setkeycreatecon(security_context_t context); 83extern int setkeycreatecon_raw(security_context_t context); 84 85/* Get sockcreate context, and set *con to refer to it. 86 Sets *con to NULL if no socket create context has been set, i.e. using default. 87 If non-NULL, caller must free via freecon. */ 88extern int getsockcreatecon(security_context_t * con); 89extern int getsockcreatecon_raw(security_context_t * con); 90 91/* Set the sockcreate security context for subsequent socket creations. 92 Call with NULL if you want to reset to the default. */ 93extern int setsockcreatecon(security_context_t context); 94extern int setsockcreatecon_raw(security_context_t context); 95 96/* Wrappers for the xattr API. */ 97 98/* Get file context, and set *con to refer to it. 99 Caller must free via freecon. */ 100extern int getfilecon(const char *path, security_context_t * con); 101extern int getfilecon_raw(const char *path, security_context_t * con); 102extern int lgetfilecon(const char *path, security_context_t * con); 103extern int lgetfilecon_raw(const char *path, security_context_t * con); 104extern int fgetfilecon(int fd, security_context_t * con); 105extern int fgetfilecon_raw(int fd, security_context_t * con); 106 107/* Set file context */ 108extern int setfilecon(const char *path, security_context_t con); 109extern int setfilecon_raw(const char *path, security_context_t con); 110extern int lsetfilecon(const char *path, security_context_t con); 111extern int lsetfilecon_raw(const char *path, security_context_t con); 112extern int fsetfilecon(int fd, security_context_t con); 113extern int fsetfilecon_raw(int fd, security_context_t con); 114 115/* Wrappers for the socket API */ 116 117/* Get context of peer socket, and set *con to refer to it. 118 Caller must free via freecon. */ 119extern int getpeercon(int fd, security_context_t * con); 120extern int getpeercon_raw(int fd, security_context_t * con); 121 122/* Wrappers for the selinuxfs (policy) API. */ 123 124typedef unsigned int access_vector_t; 125typedef unsigned short security_class_t; 126 127struct av_decision { 128 access_vector_t allowed; 129 access_vector_t decided; 130 access_vector_t auditallow; 131 access_vector_t auditdeny; 132 unsigned int seqno; 133}; 134 135/* Structure for passing options, used by AVC and label subsystems */ 136struct selinux_opt { 137 int type; 138 const char *value; 139}; 140 141/* Callback facilities */ 142union selinux_callback { 143 /* log the printf-style format and arguments, 144 with the type code indicating the type of message */ 145 int 146#ifdef __GNUC__ 147__attribute__ ((format(printf, 2, 3))) 148#endif 149 (*func_log) (int type, const char *fmt, ...); 150 /* store a string representation of auditdata (corresponding 151 to the given security class) into msgbuf. */ 152 int (*func_audit) (void *auditdata, security_class_t cls, 153 char *msgbuf, size_t msgbufsize); 154 /* validate the supplied context, modifying if necessary */ 155 int (*func_validate) (security_context_t *ctx); 156}; 157 158#define SELINUX_CB_LOG 0 159#define SELINUX_CB_AUDIT 1 160#define SELINUX_CB_VALIDATE 2 161 162extern union selinux_callback selinux_get_callback(int type); 163extern void selinux_set_callback(int type, union selinux_callback cb); 164 165 /* Logging type codes, passed to the logging callback */ 166#define SELINUX_ERROR 0 167#define SELINUX_WARNING 1 168#define SELINUX_INFO 2 169#define SELINUX_AVC 3 170 171/* Compute an access decision. */ 172extern int security_compute_av(security_context_t scon, 173 security_context_t tcon, 174 security_class_t tclass, 175 access_vector_t requested, 176 struct av_decision *avd); 177extern int security_compute_av_raw(security_context_t scon, 178 security_context_t tcon, 179 security_class_t tclass, 180 access_vector_t requested, 181 struct av_decision *avd); 182 183/* Compute a labeling decision and set *newcon to refer to it. 184 Caller must free via freecon. */ 185extern int security_compute_create(security_context_t scon, 186 security_context_t tcon, 187 security_class_t tclass, 188 security_context_t * newcon); 189extern int security_compute_create_raw(security_context_t scon, 190 security_context_t tcon, 191 security_class_t tclass, 192 security_context_t * newcon); 193 194/* Compute a relabeling decision and set *newcon to refer to it. 195 Caller must free via freecon. */ 196extern int security_compute_relabel(security_context_t scon, 197 security_context_t tcon, 198 security_class_t tclass, 199 security_context_t * newcon); 200extern int security_compute_relabel_raw(security_context_t scon, 201 security_context_t tcon, 202 security_class_t tclass, 203 security_context_t * newcon); 204 205/* Compute a polyinstantiation member decision and set *newcon to refer to it. 206 Caller must free via freecon. */ 207extern int security_compute_member(security_context_t scon, 208 security_context_t tcon, 209 security_class_t tclass, 210 security_context_t * newcon); 211extern int security_compute_member_raw(security_context_t scon, 212 security_context_t tcon, 213 security_class_t tclass, 214 security_context_t * newcon); 215 216/* Compute the set of reachable user contexts and set *con to refer to 217 the NULL-terminated array of contexts. Caller must free via freeconary. */ 218extern int security_compute_user(security_context_t scon, 219 const char *username, 220 security_context_t ** con); 221extern int security_compute_user_raw(security_context_t scon, 222 const char *username, 223 security_context_t ** con); 224 225/* Load a policy configuration. */ 226extern int security_load_policy(void *data, size_t len); 227 228/* Get the context of an initial kernel security identifier by name. 229 Caller must free via freecon */ 230extern int security_get_initial_context(const char *name, 231 security_context_t * con); 232extern int security_get_initial_context_raw(const char *name, 233 security_context_t * con); 234 235/* 236 * Make a policy image and load it. 237 * This function provides a higher level interface for loading policy 238 * than security_load_policy, internally determining the right policy 239 * version, locating and opening the policy file, mapping it into memory, 240 * manipulating it as needed for current boolean settings and/or local 241 * definitions, and then calling security_load_policy to load it. 242 * 243 * 'preservebools' is a boolean flag indicating whether current 244 * policy boolean values should be preserved into the new policy (if 1) 245 * or reset to the saved policy settings (if 0). The former case is the 246 * default for policy reloads, while the latter case is an option for policy 247 * reloads but is primarily for the initial policy load. 248 */ 249extern int selinux_mkload_policy(int preservebools); 250 251/* 252 * Perform the initial policy load. 253 * This function determines the desired enforcing mode, sets the 254 * the *enforce argument accordingly for the caller to use, sets the 255 * SELinux kernel enforcing status to match it, and loads the policy. 256 * It also internally handles the initial selinuxfs mount required to 257 * perform these actions. 258 * 259 * The function returns 0 if everything including the policy load succeeds. 260 * In this case, init is expected to re-exec itself in order to transition 261 * to the proper security context. 262 * Otherwise, the function returns -1, and init must check *enforce to 263 * determine how to proceed. If enforcing (*enforce > 0), then init should 264 * halt the system. Otherwise, init may proceed normally without a re-exec. 265 */ 266extern int selinux_init_load_policy(int *enforce); 267 268/* Translate boolean strict to name value pair. */ 269typedef struct { 270 char *name; 271 int value; 272} SELboolean; 273/* save a list of booleans in a single transaction. */ 274extern int security_set_boolean_list(size_t boolcnt, 275 SELboolean * boollist, int permanent); 276 277/* Load policy boolean settings. 278 Path may be NULL, in which case the booleans are loaded from 279 the active policy boolean configuration file. */ 280extern int security_load_booleans(char *path); 281 282/* Check the validity of a security context. */ 283extern int security_check_context(security_context_t con); 284extern int security_check_context_raw(security_context_t con); 285 286/* Canonicalize a security context. */ 287extern int security_canonicalize_context(security_context_t con, 288 security_context_t * canoncon); 289extern int security_canonicalize_context_raw(security_context_t con, 290 security_context_t * canoncon); 291 292/* Get the enforce flag value. */ 293extern int security_getenforce(void); 294 295/* Set the enforce flag value. */ 296extern int security_setenforce(int value); 297 298/* Disable SELinux at runtime (must be done prior to initial policy load). */ 299extern int security_disable(void); 300 301/* Get the policy version number. */ 302extern int security_policyvers(void); 303 304/* Get the boolean names */ 305extern int security_get_boolean_names(char ***names, int *len); 306 307/* Get the pending value for the boolean */ 308extern int security_get_boolean_pending(const char *name); 309 310/* Get the active value for the boolean */ 311extern int security_get_boolean_active(const char *name); 312 313/* Set the pending value for the boolean */ 314extern int security_set_boolean(const char *name, int value); 315 316/* Commit the pending values for the booleans */ 317extern int security_commit_booleans(void); 318 319/* Userspace class mapping support */ 320struct security_class_mapping { 321 const char *name; 322 const char *perms[sizeof(access_vector_t) * 8 + 1]; 323}; 324 325int selinux_set_mapping(struct security_class_mapping *map); 326 327/* Common helpers */ 328 329/* Convert between security class values and string names */ 330extern security_class_t string_to_security_class(const char *name); 331extern const char *security_class_to_string(security_class_t cls); 332 333/* Convert between individual access vector permissions and string names */ 334extern const char *security_av_perm_to_string(security_class_t tclass, 335 access_vector_t perm); 336extern access_vector_t string_to_av_perm(security_class_t tclass, 337 const char *name); 338 339/* Returns an access vector in a string representation. User must free the 340 * returned string via free(). */ 341extern int security_av_string(security_class_t tclass, 342 access_vector_t av, char **result); 343 344/* Display an access vector in a string representation. */ 345extern void print_access_vector(security_class_t tclass, access_vector_t av); 346 347/* Set the function used by matchpathcon_init when displaying 348 errors about the file_contexts configuration. If not set, 349 then this defaults to fprintf(stderr, fmt, ...). */ 350extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); 351 352/* Set the function used by matchpathcon_init when checking the 353 validity of a context in the file contexts configuration. If not set, 354 then this defaults to a test based on security_check_context(). 355 The function is also responsible for reporting any such error, and 356 may include the 'path' and 'lineno' in such error messages. */ 357extern void set_matchpathcon_invalidcon(int (*f) (const char *path, 358 unsigned lineno, 359 char *context)); 360 361/* Same as above, but also allows canonicalization of the context, 362 by changing *context to refer to the canonical form. If not set, 363 and invalidcon is also not set, then this defaults to calling 364 security_canonicalize_context(). */ 365extern void set_matchpathcon_canoncon(int (*f) (const char *path, 366 unsigned lineno, 367 char **context)); 368 369/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ 370#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ 371#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ 372#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */ 373extern void set_matchpathcon_flags(unsigned int flags); 374 375/* Load the file contexts configuration specified by 'path' 376 into memory for use by subsequent matchpathcon calls. 377 If 'path' is NULL, then load the active file contexts configuration, 378 i.e. the path returned by selinux_file_context_path(). 379 Unless the MATCHPATHCON_BASEONLY flag has been set, this 380 function also checks for a 'path'.homedirs file and 381 a 'path'.local file and loads additional specifications 382 from them if present. */ 383extern int matchpathcon_init(const char *path); 384 385/* Same as matchpathcon_init, but only load entries with 386 regexes that have stems that are prefixes of 'prefix'. */ 387extern int matchpathcon_init_prefix(const char *path, const char *prefix); 388 389/* Free the memory allocated by matchpathcon_init. */ 390extern void matchpathcon_fini(void); 391 392/* Match the specified pathname and mode against the file contexts 393 configuration and set *con to refer to the resulting context. 394 'mode' can be 0 to disable mode matching. 395 Caller must free via freecon. 396 If matchpathcon_init has not already been called, then this function 397 will call it upon its first invocation with a NULL path. */ 398extern int matchpathcon(const char *path, 399 mode_t mode, security_context_t * con); 400 401/* Same as above, but return a specification index for 402 later use in a matchpathcon_filespec_add() call - see below. */ 403extern int matchpathcon_index(const char *path, 404 mode_t mode, security_context_t * con); 405 406/* Maintain an association between an inode and a specification index, 407 and check whether a conflicting specification is already associated 408 with the same inode (e.g. due to multiple hard links). If so, then 409 use the latter of the two specifications based on their order in the 410 file contexts configuration. Return the used specification index. */ 411extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file); 412 413/* Destroy any inode associations that have been added, e.g. to restart 414 for a new filesystem. */ 415extern void matchpathcon_filespec_destroy(void); 416 417/* Display statistics on the hash table usage for the associations. */ 418extern void matchpathcon_filespec_eval(void); 419 420/* Check to see whether any specifications had no matches and report them. 421 The 'str' is used as a prefix for any warning messages. */ 422extern void matchpathcon_checkmatches(char *str); 423 424/* Match the specified media and against the media contexts 425 configuration and set *con to refer to the resulting context. 426 Caller must free con via freecon. */ 427extern int matchmediacon(const char *media, security_context_t * con); 428 429/* 430 selinux_getenforcemode reads the /etc/selinux/config file and determines 431 whether the machine should be started in enforcing (1), permissive (0) or 432 disabled (-1) mode. 433 */ 434extern int selinux_getenforcemode(int *enforce); 435 436/* 437 selinux_getpolicytype reads the /etc/selinux/config file and determines 438 what the default policy for the machine is. Calling application must 439 free policytype. 440 */ 441extern int selinux_getpolicytype(char **policytype); 442 443/* 444 selinux_policy_root reads the /etc/selinux/config file and returns 445 the directory path under which the compiled policy file and context 446 configuration files exist. 447 */ 448extern const char *selinux_policy_root(void); 449 450/* These functions return the paths to specific files under the 451 policy root directory. */ 452extern const char *selinux_binary_policy_path(void); 453extern const char *selinux_failsafe_context_path(void); 454extern const char *selinux_removable_context_path(void); 455extern const char *selinux_default_context_path(void); 456extern const char *selinux_user_contexts_path(void); 457extern const char *selinux_file_context_path(void); 458extern const char *selinux_file_context_homedir_path(void); 459extern const char *selinux_file_context_local_path(void); 460extern const char *selinux_homedir_context_path(void); 461extern const char *selinux_media_context_path(void); 462extern const char *selinux_x_context_path(void); 463extern const char *selinux_contexts_path(void); 464extern const char *selinux_securetty_types_path(void); 465extern const char *selinux_booleans_path(void); 466extern const char *selinux_customizable_types_path(void); 467extern const char *selinux_users_path(void); 468extern const char *selinux_usersconf_path(void); 469extern const char *selinux_translations_path(void); 470extern const char *selinux_netfilter_context_path(void); 471extern const char *selinux_path(void); 472 473/* Check a permission in the passwd class. 474 Return 0 if granted or -1 otherwise. */ 475extern int selinux_check_passwd_access(access_vector_t requested); 476extern int checkPasswdAccess(access_vector_t requested); 477 478/* Check if the tty_context is defined as a securetty 479 Return 0 if secure, < 0 otherwise. */ 480extern int selinux_check_securetty_context(security_context_t tty_context); 481 482/* Set the path to the selinuxfs mount point explicitly. 483 Normally, this is determined automatically during libselinux 484 initialization, but this is not always possible, e.g. for /sbin/init 485 which performs the initial mount of selinuxfs. */ 486void set_selinuxmnt(char *mnt); 487 488/* Execute a helper for rpm in an appropriate security context. */ 489extern int rpm_execcon(unsigned int verified, 490 const char *filename, 491 char *const argv[], char *const envp[]); 492 493/* Returns whether a file context is customizable, and should not 494 be relabeled . */ 495extern int is_context_customizable(security_context_t scontext); 496 497/* Perform context translation between the human-readable format 498 ("translated") and the internal system format ("raw"). 499 Caller must free the resulting context via freecon. 500 Returns -1 upon an error or 0 otherwise. 501 If passed NULL, sets the returned context to NULL and returns 0. */ 502extern int selinux_trans_to_raw_context(security_context_t trans, 503 security_context_t * rawp); 504extern int selinux_raw_to_trans_context(security_context_t raw, 505 security_context_t * transp); 506 507/* Get the SELinux username and level to use for a given Linux username. 508 These values may then be passed into the get_ordered_context_list* 509 and get_default_context* functions to obtain a context for the user. 510 Returns 0 on success or -1 otherwise. 511 Caller must free the returned strings via free. */ 512extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); 513 514/* Compare two file contexts, return 0 if equivalent. */ 515int selinux_file_context_cmp(const security_context_t a, 516 const security_context_t b); 517 518/* 519 * Verify the context of the file 'path' against policy. 520 * Return 0 if correct. 521 */ 522int selinux_file_context_verify(const char *path, mode_t mode); 523 524/* This function sets the file context on to the system defaults returns 0 on success */ 525int selinux_lsetfilecon_default(const char *path); 526 527#ifdef __cplusplus 528} 529#endif 530#endif 531