maxwen | 27116ba | 2015-08-14 21:41:28 +0200 | [diff] [blame] | 1 | /* |
| 2 | * selinux_internal.h and label_internal.h definitions (libselinux) |
| 3 | * |
| 4 | */ |
| 5 | #ifndef _SELINUX_BB_INTERNAL_H |
| 6 | #define _SELINUX_BB_INTERNAL_H 1 |
| 7 | |
| 8 | #include <selinux/selinux.h> |
| 9 | #include <selinux/label.h> |
| 10 | #include <pthread.h> |
| 11 | |
| 12 | #ifdef SHARED |
| 13 | # define hidden __attribute__ ((visibility ("hidden"))) |
| 14 | # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) |
| 15 | # define __hidden_proto(fct, internal) \ |
| 16 | extern __typeof (fct) internal; \ |
| 17 | extern __typeof (fct) fct __asm (#internal) hidden; |
| 18 | # if defined(__alpha__) || defined(__mips__) |
| 19 | # define hidden_def(fct) \ |
| 20 | asm (".globl " #fct "\n" #fct " = " #fct "_internal"); |
| 21 | # else |
| 22 | # define hidden_def(fct) \ |
| 23 | asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); |
| 24 | #endif |
| 25 | #else |
| 26 | # define hidden |
| 27 | # define hidden_proto(fct) |
| 28 | # define hidden_def(fct) |
| 29 | #endif |
| 30 | |
| 31 | hidden_proto(selinux_mkload_policy) |
| 32 | hidden_proto(fini_selinuxmnt) |
| 33 | hidden_proto(set_selinuxmnt) |
| 34 | hidden_proto(selinuxfs_exists) |
| 35 | hidden_proto(security_disable) |
| 36 | hidden_proto(security_policyvers) |
| 37 | hidden_proto(security_load_policy) |
| 38 | hidden_proto(security_get_boolean_active) |
| 39 | hidden_proto(security_get_boolean_names) |
| 40 | hidden_proto(security_set_boolean) |
| 41 | hidden_proto(security_commit_booleans) |
| 42 | hidden_proto(security_check_context) |
| 43 | hidden_proto(security_check_context_raw) |
| 44 | hidden_proto(security_canonicalize_context) |
| 45 | hidden_proto(security_canonicalize_context_raw) |
| 46 | hidden_proto(security_compute_av) |
| 47 | hidden_proto(security_compute_av_raw) |
| 48 | hidden_proto(security_compute_av_flags) |
| 49 | hidden_proto(security_compute_av_flags_raw) |
| 50 | hidden_proto(security_compute_user) |
| 51 | hidden_proto(security_compute_user_raw) |
| 52 | hidden_proto(security_compute_create) |
| 53 | hidden_proto(security_compute_create_raw) |
| 54 | hidden_proto(security_compute_create_name) |
| 55 | hidden_proto(security_compute_create_name_raw) |
| 56 | hidden_proto(security_compute_member_raw) |
| 57 | hidden_proto(security_compute_relabel_raw) |
| 58 | hidden_proto(is_selinux_enabled) |
| 59 | hidden_proto(is_selinux_mls_enabled) |
| 60 | hidden_proto(freecon) |
| 61 | hidden_proto(freeconary) |
| 62 | hidden_proto(getprevcon) |
| 63 | hidden_proto(getprevcon_raw) |
| 64 | hidden_proto(getcon) |
| 65 | hidden_proto(getcon_raw) |
| 66 | hidden_proto(setcon_raw) |
| 67 | hidden_proto(getpeercon_raw) |
| 68 | hidden_proto(getpidcon_raw) |
| 69 | hidden_proto(getexeccon_raw) |
| 70 | hidden_proto(getfilecon) |
| 71 | hidden_proto(getfilecon_raw) |
| 72 | hidden_proto(lgetfilecon_raw) |
| 73 | hidden_proto(fgetfilecon_raw) |
| 74 | hidden_proto(setfilecon_raw) |
| 75 | hidden_proto(lsetfilecon_raw) |
| 76 | hidden_proto(fsetfilecon_raw) |
| 77 | hidden_proto(setexeccon) |
| 78 | hidden_proto(setexeccon_raw) |
| 79 | hidden_proto(getfscreatecon_raw) |
| 80 | hidden_proto(getkeycreatecon_raw) |
| 81 | hidden_proto(getsockcreatecon_raw) |
| 82 | hidden_proto(setfscreatecon_raw) |
| 83 | hidden_proto(setkeycreatecon_raw) |
| 84 | hidden_proto(setsockcreatecon_raw) |
| 85 | hidden_proto(security_getenforce) |
| 86 | hidden_proto(security_setenforce) |
| 87 | hidden_proto(security_deny_unknown) |
| 88 | hidden_proto(selinux_boolean_sub) |
| 89 | hidden_proto(selinux_binary_policy_path) |
| 90 | hidden_proto(selinux_booleans_subs_path) |
| 91 | hidden_proto(selinux_default_context_path) |
| 92 | hidden_proto(selinux_securetty_types_path) |
| 93 | hidden_proto(selinux_failsafe_context_path) |
| 94 | hidden_proto(selinux_removable_context_path) |
| 95 | hidden_proto(selinux_virtual_domain_context_path) |
| 96 | hidden_proto(selinux_virtual_image_context_path) |
| 97 | hidden_proto(selinux_lxc_contexts_path) |
| 98 | hidden_proto(selinux_file_context_path) |
| 99 | hidden_proto(selinux_file_context_homedir_path) |
| 100 | hidden_proto(selinux_file_context_local_path) |
| 101 | hidden_proto(selinux_file_context_subs_dist_path) |
| 102 | hidden_proto(selinux_file_context_subs_path) |
| 103 | hidden_proto(selinux_netfilter_context_path) |
| 104 | hidden_proto(selinux_homedir_context_path) |
| 105 | hidden_proto(selinux_user_contexts_path) |
| 106 | hidden_proto(selinux_booleans_path) |
| 107 | hidden_proto(selinux_customizable_types_path) |
| 108 | hidden_proto(selinux_media_context_path) |
| 109 | hidden_proto(selinux_x_context_path) |
| 110 | hidden_proto(selinux_sepgsql_context_path) |
| 111 | hidden_proto(selinux_path) |
| 112 | hidden_proto(selinux_check_passwd_access) |
| 113 | hidden_proto(selinux_check_securetty_context) |
| 114 | hidden_proto(matchpathcon_init_prefix) |
| 115 | hidden_proto(selinux_users_path) |
| 116 | hidden_proto(selinux_usersconf_path); |
| 117 | hidden_proto(selinux_translations_path); |
| 118 | hidden_proto(selinux_colors_path); |
| 119 | hidden_proto(selinux_getenforcemode); |
| 120 | hidden_proto(selinux_getpolicytype); |
| 121 | hidden_proto(selinux_raw_to_trans_context); |
| 122 | hidden_proto(selinux_trans_to_raw_context); |
| 123 | hidden_proto(selinux_raw_context_to_color); |
| 124 | hidden_proto(security_get_initial_context); |
| 125 | hidden_proto(security_get_initial_context_raw); |
| 126 | hidden_proto(selinux_reset_config); |
| 127 | |
| 128 | extern int load_setlocaldefs hidden; |
| 129 | extern int require_seusers hidden; |
| 130 | extern int selinux_page_size hidden; |
| 131 | |
| 132 | /* Make pthread_once optional */ |
| 133 | #pragma weak pthread_once |
| 134 | #pragma weak pthread_key_create |
| 135 | #pragma weak pthread_key_delete |
| 136 | #pragma weak pthread_setspecific |
| 137 | |
| 138 | /* Call handler iff the first call. */ |
| 139 | #define __selinux_once(ONCE_CONTROL, INIT_FUNCTION) \ |
| 140 | do { \ |
| 141 | if (pthread_once != NULL) \ |
| 142 | pthread_once (&(ONCE_CONTROL), (INIT_FUNCTION)); \ |
| 143 | else if ((ONCE_CONTROL) == PTHREAD_ONCE_INIT) { \ |
| 144 | INIT_FUNCTION (); \ |
| 145 | (ONCE_CONTROL) = 2; \ |
| 146 | } \ |
| 147 | } while (0) |
| 148 | |
| 149 | /* Pthread key macros */ |
| 150 | #define __selinux_key_create(KEY, DESTRUCTOR) \ |
| 151 | (pthread_key_create != NULL ? pthread_key_create(KEY, DESTRUCTOR) : -1) |
| 152 | |
| 153 | #define __selinux_key_delete(KEY) \ |
| 154 | do { \ |
| 155 | if (pthread_key_delete != NULL) \ |
| 156 | pthread_key_delete(KEY); \ |
| 157 | } while (0) |
| 158 | |
| 159 | #define __selinux_setspecific(KEY, VALUE) \ |
| 160 | do { \ |
| 161 | if (pthread_setspecific != NULL) \ |
| 162 | pthread_setspecific(KEY, VALUE); \ |
| 163 | } while (0) |
| 164 | |
| 165 | |
| 166 | /* |
| 167 | * Installed backends |
| 168 | */ |
| 169 | int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts, |
| 170 | unsigned nopts) hidden; |
| 171 | int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts, |
| 172 | unsigned nopts) hidden; |
| 173 | int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts, |
| 174 | unsigned nopts) hidden; |
| 175 | int selabel_db_init(struct selabel_handle *rec, |
| 176 | struct selinux_opt *opts, unsigned nopts) hidden; |
| 177 | int selabel_property_init(struct selabel_handle *rec, |
| 178 | struct selinux_opt *opts, unsigned nopts) hidden; |
| 179 | |
| 180 | /* |
| 181 | * Labeling internal structures |
| 182 | */ |
| 183 | struct selabel_sub { |
| 184 | char *src; |
| 185 | int slen; |
| 186 | char *dst; |
| 187 | struct selabel_sub *next; |
| 188 | }; |
| 189 | |
| 190 | extern struct selabel_sub *selabel_subs_init(const char *path, |
| 191 | struct selabel_sub *list); |
| 192 | |
| 193 | struct selabel_lookup_rec { |
| 194 | security_context_t ctx_raw; |
| 195 | security_context_t ctx_trans; |
| 196 | int validated; |
| 197 | }; |
| 198 | |
| 199 | struct selabel_handle { |
| 200 | /* arguments that were passed to selabel_open */ |
| 201 | unsigned int backend; |
| 202 | int validating; |
| 203 | |
| 204 | /* labeling operations */ |
| 205 | struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h, |
| 206 | const char *key, int type); |
| 207 | void (*func_close) (struct selabel_handle *h); |
| 208 | void (*func_stats) (struct selabel_handle *h); |
| 209 | |
| 210 | /* supports backend-specific state information */ |
| 211 | void *data; |
| 212 | #if 0 |
| 213 | /* |
| 214 | * The main spec file used. Note for file contexts the local and/or |
| 215 | * homedirs could also have been used to resolve a context. |
| 216 | */ |
| 217 | char *spec_file; |
| 218 | #endif |
| 219 | /* substitution support */ |
| 220 | struct selabel_sub *subs; |
| 221 | }; |
| 222 | |
| 223 | /* |
| 224 | * Validation function |
| 225 | */ |
| 226 | extern int |
| 227 | selabel_validate(struct selabel_handle *rec, |
| 228 | struct selabel_lookup_rec *contexts) hidden; |
| 229 | |
| 230 | /* |
| 231 | * Compatibility support |
| 232 | */ |
| 233 | extern int myprintf_compat; |
| 234 | extern void __attribute__ ((format(printf, 1, 2))) |
| 235 | (*myprintf) (const char *fmt,...); |
| 236 | |
| 237 | #define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ |
| 238 | myprintf(fmt); \ |
| 239 | else \ |
| 240 | selinux_log(type, fmt); |
| 241 | |
| 242 | extern int |
| 243 | compat_validate(struct selabel_handle *rec, |
| 244 | struct selabel_lookup_rec *contexts, |
| 245 | const char *path, unsigned lineno) hidden; |
| 246 | |
| 247 | |
| 248 | #endif // _SELINUX_BB_INTERNAL_H |