1*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
4*2d543d20SAndroid Build Coastguard Worker #include <sepol/policydb/policydb.h>
5*2d543d20SAndroid Build Coastguard Worker #include "policydb_internal.h"
6*2d543d20SAndroid Build Coastguard Worker
7*2d543d20SAndroid Build Coastguard Worker /* Policy file interfaces. */
8*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_create(sepol_policy_file_t ** pf)9*2d543d20SAndroid Build Coastguard Worker int sepol_policy_file_create(sepol_policy_file_t ** pf)
10*2d543d20SAndroid Build Coastguard Worker {
11*2d543d20SAndroid Build Coastguard Worker *pf = calloc(1, sizeof(sepol_policy_file_t));
12*2d543d20SAndroid Build Coastguard Worker if (!(*pf))
13*2d543d20SAndroid Build Coastguard Worker return -1;
14*2d543d20SAndroid Build Coastguard Worker return 0;
15*2d543d20SAndroid Build Coastguard Worker }
16*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_set_mem(sepol_policy_file_t * spf,char * data,size_t len)17*2d543d20SAndroid Build Coastguard Worker void sepol_policy_file_set_mem(sepol_policy_file_t * spf,
18*2d543d20SAndroid Build Coastguard Worker char *data, size_t len)
19*2d543d20SAndroid Build Coastguard Worker {
20*2d543d20SAndroid Build Coastguard Worker struct policy_file *pf = &spf->pf;
21*2d543d20SAndroid Build Coastguard Worker if (!len) {
22*2d543d20SAndroid Build Coastguard Worker pf->type = PF_LEN;
23*2d543d20SAndroid Build Coastguard Worker return;
24*2d543d20SAndroid Build Coastguard Worker }
25*2d543d20SAndroid Build Coastguard Worker pf->type = PF_USE_MEMORY;
26*2d543d20SAndroid Build Coastguard Worker pf->data = data;
27*2d543d20SAndroid Build Coastguard Worker pf->len = len;
28*2d543d20SAndroid Build Coastguard Worker pf->size = len;
29*2d543d20SAndroid Build Coastguard Worker return;
30*2d543d20SAndroid Build Coastguard Worker }
31*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_set_fp(sepol_policy_file_t * spf,FILE * fp)32*2d543d20SAndroid Build Coastguard Worker void sepol_policy_file_set_fp(sepol_policy_file_t * spf, FILE * fp)
33*2d543d20SAndroid Build Coastguard Worker {
34*2d543d20SAndroid Build Coastguard Worker struct policy_file *pf = &spf->pf;
35*2d543d20SAndroid Build Coastguard Worker pf->type = PF_USE_STDIO;
36*2d543d20SAndroid Build Coastguard Worker pf->fp = fp;
37*2d543d20SAndroid Build Coastguard Worker return;
38*2d543d20SAndroid Build Coastguard Worker }
39*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_get_len(sepol_policy_file_t * spf,size_t * len)40*2d543d20SAndroid Build Coastguard Worker int sepol_policy_file_get_len(sepol_policy_file_t * spf, size_t * len)
41*2d543d20SAndroid Build Coastguard Worker {
42*2d543d20SAndroid Build Coastguard Worker struct policy_file *pf = &spf->pf;
43*2d543d20SAndroid Build Coastguard Worker if (pf->type != PF_LEN)
44*2d543d20SAndroid Build Coastguard Worker return -1;
45*2d543d20SAndroid Build Coastguard Worker *len = pf->len;
46*2d543d20SAndroid Build Coastguard Worker return 0;
47*2d543d20SAndroid Build Coastguard Worker }
48*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_set_handle(sepol_policy_file_t * pf,sepol_handle_t * handle)49*2d543d20SAndroid Build Coastguard Worker void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
50*2d543d20SAndroid Build Coastguard Worker sepol_handle_t * handle)
51*2d543d20SAndroid Build Coastguard Worker {
52*2d543d20SAndroid Build Coastguard Worker pf->pf.handle = handle;
53*2d543d20SAndroid Build Coastguard Worker }
54*2d543d20SAndroid Build Coastguard Worker
sepol_policy_file_free(sepol_policy_file_t * pf)55*2d543d20SAndroid Build Coastguard Worker void sepol_policy_file_free(sepol_policy_file_t * pf)
56*2d543d20SAndroid Build Coastguard Worker {
57*2d543d20SAndroid Build Coastguard Worker free(pf);
58*2d543d20SAndroid Build Coastguard Worker }
59*2d543d20SAndroid Build Coastguard Worker
60*2d543d20SAndroid Build Coastguard Worker /* Policydb interfaces. */
61*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_create(sepol_policydb_t ** sp)62*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_create(sepol_policydb_t ** sp)
63*2d543d20SAndroid Build Coastguard Worker {
64*2d543d20SAndroid Build Coastguard Worker policydb_t *p;
65*2d543d20SAndroid Build Coastguard Worker *sp = malloc(sizeof(sepol_policydb_t));
66*2d543d20SAndroid Build Coastguard Worker if (!(*sp))
67*2d543d20SAndroid Build Coastguard Worker return -1;
68*2d543d20SAndroid Build Coastguard Worker p = &(*sp)->p;
69*2d543d20SAndroid Build Coastguard Worker if (policydb_init(p)) {
70*2d543d20SAndroid Build Coastguard Worker free(*sp);
71*2d543d20SAndroid Build Coastguard Worker *sp = NULL;
72*2d543d20SAndroid Build Coastguard Worker return -1;
73*2d543d20SAndroid Build Coastguard Worker }
74*2d543d20SAndroid Build Coastguard Worker return 0;
75*2d543d20SAndroid Build Coastguard Worker }
76*2d543d20SAndroid Build Coastguard Worker
77*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_free(sepol_policydb_t * p)78*2d543d20SAndroid Build Coastguard Worker void sepol_policydb_free(sepol_policydb_t * p)
79*2d543d20SAndroid Build Coastguard Worker {
80*2d543d20SAndroid Build Coastguard Worker if (!p)
81*2d543d20SAndroid Build Coastguard Worker return;
82*2d543d20SAndroid Build Coastguard Worker policydb_destroy(&p->p);
83*2d543d20SAndroid Build Coastguard Worker free(p);
84*2d543d20SAndroid Build Coastguard Worker }
85*2d543d20SAndroid Build Coastguard Worker
86*2d543d20SAndroid Build Coastguard Worker
sepol_policy_kern_vers_min(void)87*2d543d20SAndroid Build Coastguard Worker int sepol_policy_kern_vers_min(void)
88*2d543d20SAndroid Build Coastguard Worker {
89*2d543d20SAndroid Build Coastguard Worker return POLICYDB_VERSION_MIN;
90*2d543d20SAndroid Build Coastguard Worker }
91*2d543d20SAndroid Build Coastguard Worker
sepol_policy_kern_vers_max(void)92*2d543d20SAndroid Build Coastguard Worker int sepol_policy_kern_vers_max(void)
93*2d543d20SAndroid Build Coastguard Worker {
94*2d543d20SAndroid Build Coastguard Worker return POLICYDB_VERSION_MAX;
95*2d543d20SAndroid Build Coastguard Worker }
96*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_set_typevers(sepol_policydb_t * sp,unsigned int type)97*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_set_typevers(sepol_policydb_t * sp, unsigned int type)
98*2d543d20SAndroid Build Coastguard Worker {
99*2d543d20SAndroid Build Coastguard Worker struct policydb *p = &sp->p;
100*2d543d20SAndroid Build Coastguard Worker switch (type) {
101*2d543d20SAndroid Build Coastguard Worker case POLICY_KERN:
102*2d543d20SAndroid Build Coastguard Worker p->policyvers = POLICYDB_VERSION_MAX;
103*2d543d20SAndroid Build Coastguard Worker break;
104*2d543d20SAndroid Build Coastguard Worker case POLICY_BASE:
105*2d543d20SAndroid Build Coastguard Worker case POLICY_MOD:
106*2d543d20SAndroid Build Coastguard Worker p->policyvers = MOD_POLICYDB_VERSION_MAX;
107*2d543d20SAndroid Build Coastguard Worker break;
108*2d543d20SAndroid Build Coastguard Worker default:
109*2d543d20SAndroid Build Coastguard Worker return -1;
110*2d543d20SAndroid Build Coastguard Worker }
111*2d543d20SAndroid Build Coastguard Worker p->policy_type = type;
112*2d543d20SAndroid Build Coastguard Worker return 0;
113*2d543d20SAndroid Build Coastguard Worker }
114*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_set_vers(sepol_policydb_t * sp,unsigned int vers)115*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_set_vers(sepol_policydb_t * sp, unsigned int vers)
116*2d543d20SAndroid Build Coastguard Worker {
117*2d543d20SAndroid Build Coastguard Worker struct policydb *p = &sp->p;
118*2d543d20SAndroid Build Coastguard Worker switch (p->policy_type) {
119*2d543d20SAndroid Build Coastguard Worker case POLICY_KERN:
120*2d543d20SAndroid Build Coastguard Worker if (vers < POLICYDB_VERSION_MIN || vers > POLICYDB_VERSION_MAX)
121*2d543d20SAndroid Build Coastguard Worker return -1;
122*2d543d20SAndroid Build Coastguard Worker break;
123*2d543d20SAndroid Build Coastguard Worker case POLICY_BASE:
124*2d543d20SAndroid Build Coastguard Worker case POLICY_MOD:
125*2d543d20SAndroid Build Coastguard Worker if (vers < MOD_POLICYDB_VERSION_MIN
126*2d543d20SAndroid Build Coastguard Worker || vers > MOD_POLICYDB_VERSION_MAX)
127*2d543d20SAndroid Build Coastguard Worker return -1;
128*2d543d20SAndroid Build Coastguard Worker break;
129*2d543d20SAndroid Build Coastguard Worker default:
130*2d543d20SAndroid Build Coastguard Worker return -1;
131*2d543d20SAndroid Build Coastguard Worker }
132*2d543d20SAndroid Build Coastguard Worker p->policyvers = vers;
133*2d543d20SAndroid Build Coastguard Worker return 0;
134*2d543d20SAndroid Build Coastguard Worker }
135*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,unsigned int handle_unknown)136*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_set_handle_unknown(sepol_policydb_t * sp,
137*2d543d20SAndroid Build Coastguard Worker unsigned int handle_unknown)
138*2d543d20SAndroid Build Coastguard Worker {
139*2d543d20SAndroid Build Coastguard Worker struct policydb *p = &sp->p;
140*2d543d20SAndroid Build Coastguard Worker
141*2d543d20SAndroid Build Coastguard Worker switch (handle_unknown) {
142*2d543d20SAndroid Build Coastguard Worker case SEPOL_DENY_UNKNOWN:
143*2d543d20SAndroid Build Coastguard Worker case SEPOL_REJECT_UNKNOWN:
144*2d543d20SAndroid Build Coastguard Worker case SEPOL_ALLOW_UNKNOWN:
145*2d543d20SAndroid Build Coastguard Worker break;
146*2d543d20SAndroid Build Coastguard Worker default:
147*2d543d20SAndroid Build Coastguard Worker return -1;
148*2d543d20SAndroid Build Coastguard Worker }
149*2d543d20SAndroid Build Coastguard Worker
150*2d543d20SAndroid Build Coastguard Worker p->handle_unknown = handle_unknown;
151*2d543d20SAndroid Build Coastguard Worker return 0;
152*2d543d20SAndroid Build Coastguard Worker }
153*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_set_target_platform(sepol_policydb_t * sp,int target_platform)154*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_set_target_platform(sepol_policydb_t * sp,
155*2d543d20SAndroid Build Coastguard Worker int target_platform)
156*2d543d20SAndroid Build Coastguard Worker {
157*2d543d20SAndroid Build Coastguard Worker struct policydb *p = &sp->p;
158*2d543d20SAndroid Build Coastguard Worker
159*2d543d20SAndroid Build Coastguard Worker switch (target_platform) {
160*2d543d20SAndroid Build Coastguard Worker case SEPOL_TARGET_SELINUX:
161*2d543d20SAndroid Build Coastguard Worker case SEPOL_TARGET_XEN:
162*2d543d20SAndroid Build Coastguard Worker break;
163*2d543d20SAndroid Build Coastguard Worker default:
164*2d543d20SAndroid Build Coastguard Worker return -1;
165*2d543d20SAndroid Build Coastguard Worker }
166*2d543d20SAndroid Build Coastguard Worker
167*2d543d20SAndroid Build Coastguard Worker p->target_platform = target_platform;
168*2d543d20SAndroid Build Coastguard Worker return 0;
169*2d543d20SAndroid Build Coastguard Worker }
170*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_optimize(sepol_policydb_t * p)171*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_optimize(sepol_policydb_t * p)
172*2d543d20SAndroid Build Coastguard Worker {
173*2d543d20SAndroid Build Coastguard Worker return policydb_optimize(&p->p);
174*2d543d20SAndroid Build Coastguard Worker }
175*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_read(sepol_policydb_t * p,sepol_policy_file_t * pf)176*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
177*2d543d20SAndroid Build Coastguard Worker {
178*2d543d20SAndroid Build Coastguard Worker return policydb_read(&p->p, &pf->pf, 0);
179*2d543d20SAndroid Build Coastguard Worker }
180*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_write(sepol_policydb_t * p,sepol_policy_file_t * pf)181*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf)
182*2d543d20SAndroid Build Coastguard Worker {
183*2d543d20SAndroid Build Coastguard Worker return policydb_write(&p->p, &pf->pf);
184*2d543d20SAndroid Build Coastguard Worker }
185*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_from_image(sepol_handle_t * handle,void * data,size_t len,sepol_policydb_t * p)186*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_from_image(sepol_handle_t * handle,
187*2d543d20SAndroid Build Coastguard Worker void *data, size_t len, sepol_policydb_t * p)
188*2d543d20SAndroid Build Coastguard Worker {
189*2d543d20SAndroid Build Coastguard Worker return policydb_from_image(handle, data, len, &p->p);
190*2d543d20SAndroid Build Coastguard Worker }
191*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_to_image(sepol_handle_t * handle,sepol_policydb_t * p,void ** newdata,size_t * newlen)192*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_to_image(sepol_handle_t * handle,
193*2d543d20SAndroid Build Coastguard Worker sepol_policydb_t * p, void **newdata,
194*2d543d20SAndroid Build Coastguard Worker size_t * newlen)
195*2d543d20SAndroid Build Coastguard Worker {
196*2d543d20SAndroid Build Coastguard Worker return policydb_to_image(handle, &p->p, newdata, newlen);
197*2d543d20SAndroid Build Coastguard Worker }
198*2d543d20SAndroid Build Coastguard Worker
sepol_policydb_mls_enabled(const sepol_policydb_t * p)199*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_mls_enabled(const sepol_policydb_t * p)
200*2d543d20SAndroid Build Coastguard Worker {
201*2d543d20SAndroid Build Coastguard Worker
202*2d543d20SAndroid Build Coastguard Worker return p->p.mls;
203*2d543d20SAndroid Build Coastguard Worker }
204*2d543d20SAndroid Build Coastguard Worker
205*2d543d20SAndroid Build Coastguard Worker /*
206*2d543d20SAndroid Build Coastguard Worker * Enable compatibility mode for SELinux network checks iff
207*2d543d20SAndroid Build Coastguard Worker * the packet class is not defined in the policy.
208*2d543d20SAndroid Build Coastguard Worker */
209*2d543d20SAndroid Build Coastguard Worker #define PACKET_CLASS_NAME "packet"
sepol_policydb_compat_net(const sepol_policydb_t * p)210*2d543d20SAndroid Build Coastguard Worker int sepol_policydb_compat_net(const sepol_policydb_t * p)
211*2d543d20SAndroid Build Coastguard Worker {
212*2d543d20SAndroid Build Coastguard Worker return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) ==
213*2d543d20SAndroid Build Coastguard Worker NULL);
214*2d543d20SAndroid Build Coastguard Worker }
215