Martijn Coenen | 7ce83be | 2017-04-07 16:19:32 -0700 | [diff] [blame^] | 1 | #include <string> |
| 2 | |
| 3 | #include <selinux/android.h> |
| 4 | #include <selinux/avc.h> |
| 5 | |
| 6 | namespace android { |
| 7 | |
| 8 | class AccessControl { |
| 9 | public: |
| 10 | AccessControl(); |
| 11 | bool canAdd(const std::string& fqName, pid_t pid); |
| 12 | bool canGet(const std::string& fqName, pid_t pid); |
| 13 | bool canList(pid_t pid); |
| 14 | private: |
| 15 | bool checkPermission(pid_t sourcePid, const char *perm, const char *interface); |
| 16 | bool checkPermission(pid_t sourcePid, const char *targetContext, const char *perm, const char *interface); |
| 17 | |
| 18 | static int auditCallback(void *data, security_class_t cls, char *buf, size_t len); |
| 19 | |
| 20 | char* mSeContext; |
| 21 | struct selabel_handle* mSeHandle; |
| 22 | union selinux_callback mSeCallbacks; |
| 23 | }; |
| 24 | |
| 25 | } // namespace android |