Martijn Coenen | 7ce83be | 2017-04-07 16:19:32 -0700 | [diff] [blame] | 1 | #include <string> |
| 2 | |
| 3 | #include <selinux/android.h> |
| 4 | #include <selinux/avc.h> |
| 5 | |
| 6 | namespace android { |
| 7 | |
| 8 | class AccessControl { |
| 9 | public: |
| 10 | AccessControl(); |
Steven Moreland | 4034c1c | 2017-11-03 17:42:27 -0700 | [diff] [blame] | 11 | |
| 12 | using Context = std::unique_ptr<char, decltype(&freecon)>; |
| 13 | Context getContext(pid_t sourcePid); |
| 14 | |
| 15 | bool canAdd(const std::string& fqName, const Context &context, pid_t pid); |
Martijn Coenen | 7ce83be | 2017-04-07 16:19:32 -0700 | [diff] [blame] | 16 | bool canGet(const std::string& fqName, pid_t pid); |
| 17 | bool canList(pid_t pid); |
Steven Moreland | 4034c1c | 2017-11-03 17:42:27 -0700 | [diff] [blame] | 18 | |
Martijn Coenen | 7ce83be | 2017-04-07 16:19:32 -0700 | [diff] [blame] | 19 | private: |
Steven Moreland | 4034c1c | 2017-11-03 17:42:27 -0700 | [diff] [blame] | 20 | |
| 21 | bool checkPermission(const Context &context, pid_t sourceAuditPid, const char *targetContext, const char *perm, const char *interface); |
| 22 | bool checkPermission(const Context &context, pid_t sourcePid, const char *perm, const char *interface); |
Martijn Coenen | 7ce83be | 2017-04-07 16:19:32 -0700 | [diff] [blame] | 23 | |
| 24 | static int auditCallback(void *data, security_class_t cls, char *buf, size_t len); |
| 25 | |
| 26 | char* mSeContext; |
| 27 | struct selabel_handle* mSeHandle; |
| 28 | union selinux_callback mSeCallbacks; |
| 29 | }; |
| 30 | |
| 31 | } // namespace android |