1*ee3b7b62SAndroid Build Coastguard Worker /* 2*ee3b7b62SAndroid Build Coastguard Worker * Copyright (C) 2017 The Android Open Source Project 3*ee3b7b62SAndroid Build Coastguard Worker * 4*ee3b7b62SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*ee3b7b62SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*ee3b7b62SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*ee3b7b62SAndroid Build Coastguard Worker * 8*ee3b7b62SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*ee3b7b62SAndroid Build Coastguard Worker * 10*ee3b7b62SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*ee3b7b62SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*ee3b7b62SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*ee3b7b62SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*ee3b7b62SAndroid Build Coastguard Worker * limitations under the License. 15*ee3b7b62SAndroid Build Coastguard Worker */ 16*ee3b7b62SAndroid Build Coastguard Worker 17*ee3b7b62SAndroid Build Coastguard Worker #pragma once 18*ee3b7b62SAndroid Build Coastguard Worker 19*ee3b7b62SAndroid Build Coastguard Worker #include <string> 20*ee3b7b62SAndroid Build Coastguard Worker 21*ee3b7b62SAndroid Build Coastguard Worker #include <selinux/android.h> 22*ee3b7b62SAndroid Build Coastguard Worker #include <selinux/avc.h> 23*ee3b7b62SAndroid Build Coastguard Worker 24*ee3b7b62SAndroid Build Coastguard Worker namespace android { 25*ee3b7b62SAndroid Build Coastguard Worker 26*ee3b7b62SAndroid Build Coastguard Worker class AccessControl { 27*ee3b7b62SAndroid Build Coastguard Worker public: 28*ee3b7b62SAndroid Build Coastguard Worker AccessControl(); 29*ee3b7b62SAndroid Build Coastguard Worker 30*ee3b7b62SAndroid Build Coastguard Worker struct CallingContext { 31*ee3b7b62SAndroid Build Coastguard Worker bool sidPresent; 32*ee3b7b62SAndroid Build Coastguard Worker std::string sid; 33*ee3b7b62SAndroid Build Coastguard Worker pid_t pid; 34*ee3b7b62SAndroid Build Coastguard Worker }; 35*ee3b7b62SAndroid Build Coastguard Worker static CallingContext getCallingContext(pid_t sourcePid); 36*ee3b7b62SAndroid Build Coastguard Worker 37*ee3b7b62SAndroid Build Coastguard Worker bool canAdd(const std::string& fqName, const CallingContext& callingContext); 38*ee3b7b62SAndroid Build Coastguard Worker bool canGet(const std::string& fqName, const CallingContext& callingContext); 39*ee3b7b62SAndroid Build Coastguard Worker bool canList(const CallingContext& callingContext); 40*ee3b7b62SAndroid Build Coastguard Worker 41*ee3b7b62SAndroid Build Coastguard Worker private: 42*ee3b7b62SAndroid Build Coastguard Worker 43*ee3b7b62SAndroid Build Coastguard Worker bool checkPermission(const CallingContext& source, const char *targetContext, const char *perm, const char *interface); 44*ee3b7b62SAndroid Build Coastguard Worker bool checkPermission(const CallingContext& source, const char *perm, const char *interface); 45*ee3b7b62SAndroid Build Coastguard Worker 46*ee3b7b62SAndroid Build Coastguard Worker static int auditCallback(void *data, security_class_t cls, char *buf, size_t len); 47*ee3b7b62SAndroid Build Coastguard Worker 48*ee3b7b62SAndroid Build Coastguard Worker char* mSeContext; 49*ee3b7b62SAndroid Build Coastguard Worker struct selabel_handle* mSeHandle; 50*ee3b7b62SAndroid Build Coastguard Worker union selinux_callback mSeCallbacks; 51*ee3b7b62SAndroid Build Coastguard Worker }; 52*ee3b7b62SAndroid Build Coastguard Worker 53*ee3b7b62SAndroid Build Coastguard Worker } // namespace android 54