16cd6a6acSopenharmony_ci/* 26cd6a6acSopenharmony_ci * This file describes the internal interface used by the labeler 36cd6a6acSopenharmony_ci * for calling the user-supplied memory allocation, validation, 46cd6a6acSopenharmony_ci * and locking routine. 56cd6a6acSopenharmony_ci * 66cd6a6acSopenharmony_ci * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> 76cd6a6acSopenharmony_ci */ 86cd6a6acSopenharmony_ci#ifndef _SELABEL_INTERNAL_H_ 96cd6a6acSopenharmony_ci#define _SELABEL_INTERNAL_H_ 106cd6a6acSopenharmony_ci 116cd6a6acSopenharmony_ci#include <stdlib.h> 126cd6a6acSopenharmony_ci#include <stdarg.h> 136cd6a6acSopenharmony_ci#include <stdio.h> 146cd6a6acSopenharmony_ci#include <selinux/selinux.h> 156cd6a6acSopenharmony_ci#include <selinux/label.h> 166cd6a6acSopenharmony_ci#include "sha1.h" 176cd6a6acSopenharmony_ci 186cd6a6acSopenharmony_ci#if defined(ANDROID) || defined(__APPLE__) 196cd6a6acSopenharmony_ci// Android and Mac do not have fgets_unlocked() 206cd6a6acSopenharmony_ci#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp) 216cd6a6acSopenharmony_ci#endif 226cd6a6acSopenharmony_ci 236cd6a6acSopenharmony_ci/* 246cd6a6acSopenharmony_ci * Installed backends 256cd6a6acSopenharmony_ci */ 266cd6a6acSopenharmony_ciint selabel_file_init(struct selabel_handle *rec, 276cd6a6acSopenharmony_ci const struct selinux_opt *opts, 286cd6a6acSopenharmony_ci unsigned nopts) ; 296cd6a6acSopenharmony_ciint selabel_media_init(struct selabel_handle *rec, 306cd6a6acSopenharmony_ci const struct selinux_opt *opts, 316cd6a6acSopenharmony_ci unsigned nopts) ; 326cd6a6acSopenharmony_ciint selabel_x_init(struct selabel_handle *rec, 336cd6a6acSopenharmony_ci const struct selinux_opt *opts, 346cd6a6acSopenharmony_ci unsigned nopts) ; 356cd6a6acSopenharmony_ciint selabel_db_init(struct selabel_handle *rec, 366cd6a6acSopenharmony_ci const struct selinux_opt *opts, 376cd6a6acSopenharmony_ci unsigned nopts) ; 386cd6a6acSopenharmony_ciint selabel_property_init(struct selabel_handle *rec, 396cd6a6acSopenharmony_ci const struct selinux_opt *opts, 406cd6a6acSopenharmony_ci unsigned nopts) ; 416cd6a6acSopenharmony_ciint selabel_service_init(struct selabel_handle *rec, 426cd6a6acSopenharmony_ci const struct selinux_opt *opts, 436cd6a6acSopenharmony_ci unsigned nopts) ; 446cd6a6acSopenharmony_ci 456cd6a6acSopenharmony_ci/* 466cd6a6acSopenharmony_ci * Labeling internal structures 476cd6a6acSopenharmony_ci */ 486cd6a6acSopenharmony_ci 496cd6a6acSopenharmony_ci/* 506cd6a6acSopenharmony_ci * Calculate an SHA1 hash of all the files used to build the specs. 516cd6a6acSopenharmony_ci * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To 526cd6a6acSopenharmony_ci * calculate the hash the hashbuf will hold a concatenation of all the files 536cd6a6acSopenharmony_ci * used. This is released once the value has been calculated. 546cd6a6acSopenharmony_ci */ 556cd6a6acSopenharmony_ci#define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE 566cd6a6acSopenharmony_ci#define DIGEST_FILES_MAX 8 576cd6a6acSopenharmony_cistruct selabel_digest { 586cd6a6acSopenharmony_ci unsigned char *digest; /* SHA1 digest of specfiles */ 596cd6a6acSopenharmony_ci unsigned char *hashbuf; /* buffer to hold specfiles */ 606cd6a6acSopenharmony_ci size_t hashbuf_size; /* buffer size */ 616cd6a6acSopenharmony_ci size_t specfile_cnt; /* how many specfiles processed */ 626cd6a6acSopenharmony_ci char **specfile_list; /* and their names */ 636cd6a6acSopenharmony_ci}; 646cd6a6acSopenharmony_ci 656cd6a6acSopenharmony_ciextern int digest_add_specfile(struct selabel_digest *digest, FILE *fp, 666cd6a6acSopenharmony_ci char *from_addr, 676cd6a6acSopenharmony_ci size_t buf_len, 686cd6a6acSopenharmony_ci const char *path); 696cd6a6acSopenharmony_ciextern void digest_gen_hash(struct selabel_digest *digest); 706cd6a6acSopenharmony_ci 716cd6a6acSopenharmony_cistruct selabel_lookup_rec { 726cd6a6acSopenharmony_ci char * ctx_raw; 736cd6a6acSopenharmony_ci char * ctx_trans; 746cd6a6acSopenharmony_ci int validated; 756cd6a6acSopenharmony_ci unsigned lineno; 766cd6a6acSopenharmony_ci}; 776cd6a6acSopenharmony_ci 786cd6a6acSopenharmony_cistruct selabel_handle { 796cd6a6acSopenharmony_ci /* arguments that were passed to selabel_open */ 806cd6a6acSopenharmony_ci unsigned int backend; 816cd6a6acSopenharmony_ci int validating; 826cd6a6acSopenharmony_ci 836cd6a6acSopenharmony_ci /* labeling operations */ 846cd6a6acSopenharmony_ci struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h, 856cd6a6acSopenharmony_ci const char *key, int type); 866cd6a6acSopenharmony_ci void (*func_close) (struct selabel_handle *h); 876cd6a6acSopenharmony_ci void (*func_stats) (struct selabel_handle *h); 886cd6a6acSopenharmony_ci bool (*func_partial_match) (struct selabel_handle *h, const char *key); 896cd6a6acSopenharmony_ci bool (*func_get_digests_all_partial_matches) (struct selabel_handle *h, 906cd6a6acSopenharmony_ci const char *key, 916cd6a6acSopenharmony_ci uint8_t **calculated_digest, 926cd6a6acSopenharmony_ci uint8_t **xattr_digest, 936cd6a6acSopenharmony_ci size_t *digest_len); 946cd6a6acSopenharmony_ci bool (*func_hash_all_partial_matches) (struct selabel_handle *h, 956cd6a6acSopenharmony_ci const char *key, uint8_t *digest); 966cd6a6acSopenharmony_ci struct selabel_lookup_rec *(*func_lookup_best_match) 976cd6a6acSopenharmony_ci (struct selabel_handle *h, 986cd6a6acSopenharmony_ci const char *key, 996cd6a6acSopenharmony_ci const char **aliases, 1006cd6a6acSopenharmony_ci int type); 1016cd6a6acSopenharmony_ci enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1, 1026cd6a6acSopenharmony_ci struct selabel_handle *h2); 1036cd6a6acSopenharmony_ci 1046cd6a6acSopenharmony_ci /* supports backend-specific state information */ 1056cd6a6acSopenharmony_ci void *data; 1066cd6a6acSopenharmony_ci 1076cd6a6acSopenharmony_ci /* 1086cd6a6acSopenharmony_ci * The main spec file used. Note for file contexts the local and/or 1096cd6a6acSopenharmony_ci * homedirs could also have been used to resolve a context. 1106cd6a6acSopenharmony_ci */ 1116cd6a6acSopenharmony_ci#ifdef OHOS_FC_INIT 1126cd6a6acSopenharmony_ci char **spec_file; 1136cd6a6acSopenharmony_ci size_t spec_file_nums; 1146cd6a6acSopenharmony_ci#else 1156cd6a6acSopenharmony_ci char *spec_file; 1166cd6a6acSopenharmony_ci#endif 1176cd6a6acSopenharmony_ci 1186cd6a6acSopenharmony_ci /* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */ 1196cd6a6acSopenharmony_ci struct selabel_digest *digest; 1206cd6a6acSopenharmony_ci}; 1216cd6a6acSopenharmony_ci 1226cd6a6acSopenharmony_ci/* 1236cd6a6acSopenharmony_ci * Validation function 1246cd6a6acSopenharmony_ci */ 1256cd6a6acSopenharmony_ciextern int 1266cd6a6acSopenharmony_ciselabel_validate(struct selabel_handle *rec, 1276cd6a6acSopenharmony_ci struct selabel_lookup_rec *contexts) ; 1286cd6a6acSopenharmony_ci 1296cd6a6acSopenharmony_ci/* 1306cd6a6acSopenharmony_ci * Compatibility support 1316cd6a6acSopenharmony_ci */ 1326cd6a6acSopenharmony_ciextern int myprintf_compat; 1336cd6a6acSopenharmony_ciextern void __attribute__ ((format(printf, 1, 2))) 1346cd6a6acSopenharmony_ci(*myprintf) (const char *fmt, ...) ; 1356cd6a6acSopenharmony_ci 1366cd6a6acSopenharmony_ci#define COMPAT_LOG(type, fmt...) do { \ 1376cd6a6acSopenharmony_ci if (myprintf_compat) \ 1386cd6a6acSopenharmony_ci myprintf(fmt); \ 1396cd6a6acSopenharmony_ci else \ 1406cd6a6acSopenharmony_ci selinux_log(type, fmt); \ 1416cd6a6acSopenharmony_ci } while (0) 1426cd6a6acSopenharmony_ci 1436cd6a6acSopenharmony_ciextern int 1446cd6a6acSopenharmony_cicompat_validate(struct selabel_handle *rec, 1456cd6a6acSopenharmony_ci struct selabel_lookup_rec *contexts, 1466cd6a6acSopenharmony_ci const char *path, unsigned lineno) ; 1476cd6a6acSopenharmony_ci 1486cd6a6acSopenharmony_ci/* 1496cd6a6acSopenharmony_ci * The read_spec_entries function may be used to 1506cd6a6acSopenharmony_ci * replace sscanf to read entries from spec files. 1516cd6a6acSopenharmony_ci */ 1526cd6a6acSopenharmony_ciextern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...); 1536cd6a6acSopenharmony_ci 1546cd6a6acSopenharmony_ci#endif /* _SELABEL_INTERNAL_H_ */ 155