android/selinux/android_selinux.h - fp2-dev/platform/external/busybox - Gitiles

 #ifndef BB_ANDROID_SELINUX_H
 #define BB_ANDROID_SELINUX_H

 #include <selinux/selinux.h>
 #include <selinux/label.h>
 #include <selinux/android.h>

 /* Set the function used by matchpathcon_init when displaying
    errors about the file_contexts configuration.  If not set,
    then this defaults to fprintf(stderr, fmt, ...). */
 extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));

 /* Set the function used by matchpathcon_init when checking the
    validity of a context in the file contexts configuration.  If not set,
    then this defaults to a test based on security_check_context().
    The function is also responsible for reporting any such error, and
    may include the 'path' and 'lineno' in such error messages. */
 extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
 						  unsigned lineno,
 						  char *context));

 /* Same as above, but also allows canonicalization of the context,
    by changing *context to refer to the canonical form.  If not set,
    and invalidcon is also not set, then this defaults to calling
    security_canonicalize_context(). */
 extern void set_matchpathcon_canoncon(int (*f) (const char *path,
 						unsigned lineno,
 						char **context));

 /* Set flags controlling operation of matchpathcon_init or matchpathcon. */
 #define MATCHPATHCON_BASEONLY 1	/* Only process the base file_contexts file. */
 #define MATCHPATHCON_NOTRANS  2	/* Do not perform any context translation. */
 #define MATCHPATHCON_VALIDATE 4	/* Validate/canonicalize contexts at init time. */
 extern void set_matchpathcon_flags(unsigned int flags);

 /* Load the file contexts configuration specified by 'path'
    into memory for use by subsequent matchpathcon calls.
    If 'path' is NULL, then load the active file contexts configuration,
    i.e. the path returned by selinux_file_context_path().
    Unless the MATCHPATHCON_BASEONLY flag has been set, this
    function also checks for a 'path'.homedirs file and
    a 'path'.local file and loads additional specifications
    from them if present. */
 extern int matchpathcon_init(const char *path);

 /* Same as matchpathcon_init, but only load entries with
    regexes that have stems that are prefixes of 'prefix'. */
 extern int matchpathcon_init_prefix(const char *path, const char *prefix);

 /* Free the memory allocated by matchpathcon_init. */
 extern void matchpathcon_fini(void);

 /* Resolve all of the symlinks and relative portions of a pathname, but NOT
  * the final component (same a realpath() unless the final component is a
  * symlink.  Resolved path must be a path of size PATH_MAX + 1 */
 extern int realpath_not_final(const char *name, char *resolved_path);

 /* Match the specified pathname and mode against the file contexts
    configuration and set *con to refer to the resulting context.
    'mode' can be 0 to disable mode matching.
    Caller must free via freecon.
    If matchpathcon_init has not already been called, then this function
    will call it upon its first invocation with a NULL path. */
 extern int matchpathcon(const char *path,
 			mode_t mode, char ** con);

 /* Same as above, but return a specification index for
    later use in a matchpathcon_filespec_add() call - see below. */
 extern int matchpathcon_index(const char *path,
 			      mode_t mode, char ** con);

 /* Maintain an association between an inode and a specification index,
    and check whether a conflicting specification is already associated
    with the same inode (e.g. due to multiple hard links).  If so, then
    use the latter of the two specifications based on their order in the
    file contexts configuration.  Return the used specification index. */
 extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);

 /* Destroy any inode associations that have been added, e.g. to restart
    for a new filesystem. */
 extern void matchpathcon_filespec_destroy(void);

 /* Display statistics on the hash table usage for the associations. */
 extern void matchpathcon_filespec_eval(void);

 /* Check to see whether any specifications had no matches and report them.
    The 'str' is used as a prefix for any warning messages. */
 extern void matchpathcon_checkmatches(char *str);

 /*
  * Verify the context of the file 'path' against policy.
  * Return 1 if match, 0 if not and -1 on error.
  */
 extern int selinux_file_context_verify(const char *path, mode_t mode);

 /* Get the default security context for a user session for 'user'
    spawned by 'fromcon' and set *newcon to refer to it.  The context
    will be one of those authorized by the policy, but the selection
    of a default is subject to user customizable preferences.
    If 'fromcon' is NULL, defaults to current context.
    Returns 0 on success or -1 otherwise.
    Caller must free via freecon. */
 extern int get_default_context(const char* user, const char* fromcon,
 			char ** newcon);

 /* Check a permission in the passwd class.
    Return 0 if granted or -1 otherwise. */
 #define PASSWD__PASSWD  0x001UL
 #define PASSWD__CHFN    0x002UL
 #define PASSWD__CHSH    0x004UL
 #define PASSWD__ROOTOK  0x008UL
 #define PASSWD__CRONTAB 0x010UL
 extern int selinux_check_passwd_access(access_vector_t requested);

 #define lgetfilecon_raw(path, context) \
 	lgetfilecon(path, context)

 #define lsetfilecon_raw(path, scontext) \
 	lsetfilecon(path, scontext)

 #define selabel_lookup_raw(hnd, con, path, mode) \
 	selabel_lookup(hnd, con, path, mode)

 #define security_canonicalize_context_raw(context, newctx) \
 	security_canonicalize_context(context, newctx)

 #define getprevcon_raw(context) \
 	getprevcon(context)

 #define is_context_customizable(ctx) false

 #define selinux_log(type, ...) bb_error_msg(__VA_ARGS__)

 #define selinux_policy_root() "/sepolicy"

 static int selinux_getenforcemode(int *rc)
 {
 	if (rc) {
 		*rc = security_getenforce();
 		return 0;
 	}
 	return -1;
 }

 static const char *selinux_file_contexts_path()
 {
 	return "/file_contexts";
 }

 #endif /* BB_ANDROID_SELINUX_H */
	#ifndef BB_ANDROID_SELINUX_H
	#define BB_ANDROID_SELINUX_H

	#include <selinux/selinux.h>
	#include <selinux/label.h>
	#include <selinux/android.h>

	/* Set the function used by matchpathcon_init when displaying
	errors about the file_contexts configuration. If not set,
	then this defaults to fprintf(stderr, fmt, ...). */
	extern void set_matchpathcon_printf(void (f) (const char fmt, ...));

	/* Set the function used by matchpathcon_init when checking the
	validity of a context in the file contexts configuration. If not set,
	then this defaults to a test based on security_check_context().
	The function is also responsible for reporting any such error, and
	may include the 'path' and 'lineno' in such error messages. */
	extern void set_matchpathcon_invalidcon(int (f) (const char path,
	unsigned lineno,
	char *context));

	/* Same as above, but also allows canonicalization of the context,
	by changing *context to refer to the canonical form. If not set,
	and invalidcon is also not set, then this defaults to calling
	security_canonicalize_context(). */
	extern void set_matchpathcon_canoncon(int (f) (const char path,
	unsigned lineno,
	char **context));

	/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
	#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
	#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
	#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
	extern void set_matchpathcon_flags(unsigned int flags);

	/* Load the file contexts configuration specified by 'path'
	into memory for use by subsequent matchpathcon calls.
	If 'path' is NULL, then load the active file contexts configuration,
	i.e. the path returned by selinux_file_context_path().
	Unless the MATCHPATHCON_BASEONLY flag has been set, this
	function also checks for a 'path'.homedirs file and
	a 'path'.local file and loads additional specifications
	from them if present. */
	extern int matchpathcon_init(const char *path);

	/* Same as matchpathcon_init, but only load entries with
	regexes that have stems that are prefixes of 'prefix'. */
	extern int matchpathcon_init_prefix(const char path, const char prefix);

	/* Free the memory allocated by matchpathcon_init. */
	extern void matchpathcon_fini(void);

	/* Resolve all of the symlinks and relative portions of a pathname, but NOT
	* the final component (same a realpath() unless the final component is a
	* symlink. Resolved path must be a path of size PATH_MAX + 1 */
	extern int realpath_not_final(const char name, char resolved_path);

	/* Match the specified pathname and mode against the file contexts
	configuration and set *con to refer to the resulting context.
	'mode' can be 0 to disable mode matching.
	Caller must free via freecon.
	If matchpathcon_init has not already been called, then this function
	will call it upon its first invocation with a NULL path. */
	extern int matchpathcon(const char *path,
	mode_t mode, char ** con);

	/* Same as above, but return a specification index for
	later use in a matchpathcon_filespec_add() call - see below. */
	extern int matchpathcon_index(const char *path,
	mode_t mode, char ** con);

	/* Maintain an association between an inode and a specification index,
	and check whether a conflicting specification is already associated
	with the same inode (e.g. due to multiple hard links). If so, then
	use the latter of the two specifications based on their order in the
	file contexts configuration. Return the used specification index. */
	extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);

	/* Destroy any inode associations that have been added, e.g. to restart
	for a new filesystem. */
	extern void matchpathcon_filespec_destroy(void);

	/* Display statistics on the hash table usage for the associations. */
	extern void matchpathcon_filespec_eval(void);

	/* Check to see whether any specifications had no matches and report them.
	The 'str' is used as a prefix for any warning messages. */
	extern void matchpathcon_checkmatches(char *str);

	/*
	* Verify the context of the file 'path' against policy.
	* Return 1 if match, 0 if not and -1 on error.
	*/
	extern int selinux_file_context_verify(const char *path, mode_t mode);

	/* Get the default security context for a user session for 'user'
	spawned by 'fromcon' and set *newcon to refer to it. The context
	will be one of those authorized by the policy, but the selection
	of a default is subject to user customizable preferences.
	If 'fromcon' is NULL, defaults to current context.
	Returns 0 on success or -1 otherwise.
	Caller must free via freecon. */
	extern int get_default_context(const char* user, const char* fromcon,
	char ** newcon);

	/* Check a permission in the passwd class.
	Return 0 if granted or -1 otherwise. */
	#define PASSWD__PASSWD 0x001UL
	#define PASSWD__CHFN 0x002UL
	#define PASSWD__CHSH 0x004UL
	#define PASSWD__ROOTOK 0x008UL
	#define PASSWD__CRONTAB 0x010UL
	extern int selinux_check_passwd_access(access_vector_t requested);

	#define lgetfilecon_raw(path, context) \
	lgetfilecon(path, context)

	#define lsetfilecon_raw(path, scontext) \
	lsetfilecon(path, scontext)

	#define selabel_lookup_raw(hnd, con, path, mode) \
	selabel_lookup(hnd, con, path, mode)

	#define security_canonicalize_context_raw(context, newctx) \
	security_canonicalize_context(context, newctx)

	#define getprevcon_raw(context) \
	getprevcon(context)

	#define is_context_customizable(ctx) false

	#define selinux_log(type, ...) bb_error_msg(__VA_ARGS__)

	#define selinux_policy_root() "/sepolicy"

	static int selinux_getenforcemode(int *rc)
	{
	if (rc) {
	*rc = security_getenforce();
	return 0;
	}
	return -1;
	}

	static const char *selinux_file_contexts_path()
	{
	return "/file_contexts";
	}

	#endif /* BB_ANDROID_SELINUX_H */