|
Packit Service |
102278 |
/* Author: Joshua Brindle <jbrindle@tresys.com>
|
|
Packit Service |
102278 |
* Jason Tang <jtang@tresys.com>
|
|
Packit Service |
102278 |
* Ivan Gyurdiev <ivg2@cornell.edu>
|
|
Packit Service |
102278 |
*
|
|
Packit Service |
102278 |
* Copyright (C) 2005 Tresys Technology, LLC
|
|
Packit Service |
102278 |
* Copyright (C) 2005 Red Hat Inc.
|
|
Packit Service |
102278 |
*
|
|
Packit Service |
102278 |
* This library is free software; you can redistribute it and/or
|
|
Packit Service |
102278 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit Service |
102278 |
* License as published by the Free Software Foundation; either
|
|
Packit Service |
102278 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit Service |
102278 |
*
|
|
Packit Service |
102278 |
* This library is distributed in the hope that it will be useful,
|
|
Packit Service |
102278 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
102278 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
102278 |
* Lesser General Public License for more details.
|
|
Packit Service |
102278 |
*
|
|
Packit Service |
102278 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit Service |
102278 |
* License along with this library; if not, write to the Free Software
|
|
Packit Service |
102278 |
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit Service |
102278 |
*/
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
#ifndef _SEMANAGE_INTERNAL_HANDLE_H_
|
|
Packit Service |
102278 |
#define _SEMANAGE_INTERNAL_HANDLE_H_
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
#include <stdint.h>
|
|
Packit Service |
102278 |
#include <stddef.h>
|
|
Packit Service |
102278 |
#include "handle_internal.h"
|
|
Packit Service |
102278 |
#include <sepol/handle.h>
|
|
Packit Service |
102278 |
#include "modules.h"
|
|
Packit Service |
102278 |
#include "semanage_conf.h"
|
|
Packit Service |
102278 |
#include "database.h"
|
|
Packit Service |
102278 |
#include "direct_api.h"
|
|
Packit Service |
102278 |
#include "policy.h"
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
struct semanage_handle {
|
|
Packit Service |
102278 |
int con_id; /* Connection ID */
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Error handling */
|
|
Packit Service |
102278 |
int msg_level;
|
|
Packit Service |
102278 |
const char *msg_channel;
|
|
Packit Service |
102278 |
const char *msg_fname;
|
|
Packit Service |
102278 |
#ifdef __GNUC__
|
|
Packit Service |
102278 |
__attribute__ ((format(printf, 3, 4)))
|
|
Packit Service |
102278 |
#endif
|
|
Packit Service |
102278 |
void (*msg_callback) (void *varg,
|
|
Packit Service |
102278 |
semanage_handle_t * handle, const char *fmt, ...);
|
|
Packit Service |
102278 |
void *msg_callback_arg;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Direct vs Server specific handle */
|
|
Packit Service |
102278 |
union {
|
|
Packit Service |
102278 |
struct semanage_direct_handle direct;
|
|
Packit Service |
102278 |
} u;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Libsepol handle */
|
|
Packit Service |
102278 |
sepol_handle_t *sepolh;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
semanage_conf_t *conf;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
uint16_t priority;
|
|
Packit Service |
102278 |
int is_connected;
|
|
Packit Service |
102278 |
int is_in_transaction;
|
|
Packit Service |
102278 |
int do_reload; /* whether to reload policy after commit */
|
|
Packit Service |
102278 |
int do_rebuild; /* whether to rebuild policy if there were no changes */
|
|
Packit Service |
102278 |
int commit_err; /* set by semanage_direct_commit() if there are
|
|
Packit Service |
102278 |
* any errors when building or committing the
|
|
Packit Service |
102278 |
* sandbox to kernel policy at /etc/selinux
|
|
Packit Service |
102278 |
*/
|
|
Packit Service |
102278 |
int modules_modified;
|
|
Packit Service |
102278 |
int create_store; /* whether to create the store if it does not exist
|
|
Packit Service |
102278 |
* this will only have an effect on direct connections */
|
|
Packit Service |
102278 |
int do_check_contexts; /* whether to run setfiles check the file contexts file */
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* This timeout is used for transactions and waiting for lock
|
|
Packit Service |
102278 |
-1 means wait indefinetely
|
|
Packit Service |
102278 |
0 means return immediately
|
|
Packit Service |
102278 |
>0 means wait that many seconds */
|
|
Packit Service |
102278 |
int timeout;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* these function pointers will point to the appropriate
|
|
Packit Service |
102278 |
* routine given the connection type. think of these as
|
|
Packit Service |
102278 |
* simulating polymorphism for non-OO languages. */
|
|
Packit Service |
102278 |
struct semanage_policy_table *funcs;
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Object databases */
|
|
Packit Service |
102278 |
#define DBASE_COUNT 24
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Local modifications */
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_USERS_BASE 0
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_USERS_EXTRA 1
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_USERS 2
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_PORTS 3
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_INTERFACES 4
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_BOOLEANS 5
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_FCONTEXTS 6
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_SEUSERS 7
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_NODES 8
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_IBPKEYS 9
|
|
Packit Service |
102278 |
#define DBASE_LOCAL_IBENDPORTS 10
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Policy + Local modifications */
|
|
Packit Service |
102278 |
#define DBASE_POLICY_USERS_BASE 11
|
|
Packit Service |
102278 |
#define DBASE_POLICY_USERS_EXTRA 12
|
|
Packit Service |
102278 |
#define DBASE_POLICY_USERS 13
|
|
Packit Service |
102278 |
#define DBASE_POLICY_PORTS 14
|
|
Packit Service |
102278 |
#define DBASE_POLICY_INTERFACES 15
|
|
Packit Service |
102278 |
#define DBASE_POLICY_BOOLEANS 16
|
|
Packit Service |
102278 |
#define DBASE_POLICY_FCONTEXTS 17
|
|
Packit Service |
102278 |
#define DBASE_POLICY_FCONTEXTS_H 18
|
|
Packit Service |
102278 |
#define DBASE_POLICY_SEUSERS 19
|
|
Packit Service |
102278 |
#define DBASE_POLICY_NODES 20
|
|
Packit Service |
102278 |
#define DBASE_POLICY_IBPKEYS 21
|
|
Packit Service |
102278 |
#define DBASE_POLICY_IBENDPORTS 22
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* Active kernel policy */
|
|
Packit Service |
102278 |
#define DBASE_ACTIVE_BOOLEANS 23
|
|
Packit Service |
102278 |
dbase_config_t dbase[DBASE_COUNT];
|
|
Packit Service |
102278 |
};
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* === Local modifications === */
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_base_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_USERS_BASE];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_extra_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_USERS_EXTRA];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_USERS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_port_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_PORTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_ibpkey_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_IBPKEYS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_ibendport_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_IBENDPORTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_INTERFACES];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_bool_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_BOOLEANS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_fcontext_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_FCONTEXTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_seuser_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_SEUSERS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_node_dbase_local(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_LOCAL_NODES];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* === Policy + Local modifications === */
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_base_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_USERS_BASE];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_extra_dbase_policy(semanage_handle_t *
|
|
Packit Service |
102278 |
handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_USERS_EXTRA];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_user_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_USERS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_port_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_PORTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_ibpkey_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_IBPKEYS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_ibendport_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_IBENDPORTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_INTERFACES];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_bool_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_BOOLEANS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_fcontext_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_FCONTEXTS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_SEUSERS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_node_dbase_policy(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_POLICY_NODES];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
/* === Active kernel policy === */
|
|
Packit Service |
102278 |
static inline
|
|
Packit Service |
102278 |
dbase_config_t * semanage_bool_dbase_active(semanage_handle_t * handle)
|
|
Packit Service |
102278 |
{
|
|
Packit Service |
102278 |
return &handle->dbase[DBASE_ACTIVE_BOOLEANS];
|
|
Packit Service |
102278 |
}
|
|
Packit Service |
102278 |
|
|
Packit Service |
102278 |
#endif
|