1/*
2 * This file describes the internal interface used by the labeler
3 * for calling the user-supplied memory allocation, validation,
4 * and locking routine.
5 *
6 * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
7 */
8#ifndef _SELABEL_INTERNAL_H_
9#define _SELABEL_INTERNAL_H_
10
11#include <stdlib.h>
12#include <stdarg.h>
13#include <stdio.h>
14#include <selinux/selinux.h>
15#include <selinux/label.h>
16#include "sha1.h"
17
18#if defined(ANDROID) || defined(__APPLE__)
19// Android and Mac do not have fgets_unlocked()
20#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
21#endif
22
23/*
24 * Installed backends
25 */
26int selabel_file_init(struct selabel_handle *rec,
27			    const struct selinux_opt *opts,
28			    unsigned nopts) ;
29int selabel_media_init(struct selabel_handle *rec,
30			    const struct selinux_opt *opts,
31			    unsigned nopts) ;
32int selabel_x_init(struct selabel_handle *rec,
33			    const struct selinux_opt *opts,
34			    unsigned nopts) ;
35int selabel_db_init(struct selabel_handle *rec,
36			    const struct selinux_opt *opts,
37			    unsigned nopts) ;
38int selabel_property_init(struct selabel_handle *rec,
39			    const struct selinux_opt *opts,
40			    unsigned nopts) ;
41int selabel_service_init(struct selabel_handle *rec,
42			    const struct selinux_opt *opts,
43			    unsigned nopts) ;
44
45/*
46 * Labeling internal structures
47 */
48
49/*
50 * Calculate an SHA1 hash of all the files used to build the specs.
51 * The hash value is held in rec->digest if SELABEL_OPT_DIGEST set. To
52 * calculate the hash the hashbuf will hold a concatenation of all the files
53 * used. This is released once the value has been calculated.
54 */
55#define DIGEST_SPECFILE_SIZE SHA1_HASH_SIZE
56#define DIGEST_FILES_MAX 8
57struct selabel_digest {
58	unsigned char *digest;	/* SHA1 digest of specfiles */
59	unsigned char *hashbuf;	/* buffer to hold specfiles */
60	size_t hashbuf_size;	/* buffer size */
61	size_t specfile_cnt;	/* how many specfiles processed */
62	char **specfile_list;	/* and their names */
63};
64
65extern int digest_add_specfile(struct selabel_digest *digest, FILE *fp,
66						    char *from_addr,
67						    size_t buf_len,
68						    const char *path);
69extern void digest_gen_hash(struct selabel_digest *digest);
70
71struct selabel_lookup_rec {
72	char * ctx_raw;
73	char * ctx_trans;
74	int validated;
75	unsigned lineno;
76};
77
78struct selabel_handle {
79	/* arguments that were passed to selabel_open */
80	unsigned int backend;
81	int validating;
82
83	/* labeling operations */
84	struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
85						   const char *key, int type);
86	void (*func_close) (struct selabel_handle *h);
87	void (*func_stats) (struct selabel_handle *h);
88	bool (*func_partial_match) (struct selabel_handle *h, const char *key);
89	bool (*func_get_digests_all_partial_matches) (struct selabel_handle *h,
90						      const char *key,
91						      uint8_t **calculated_digest,
92						      uint8_t **xattr_digest,
93						      size_t *digest_len);
94	bool (*func_hash_all_partial_matches) (struct selabel_handle *h,
95	                                       const char *key, uint8_t *digest);
96	struct selabel_lookup_rec *(*func_lookup_best_match)
97						    (struct selabel_handle *h,
98						    const char *key,
99						    const char **aliases,
100						    int type);
101	enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
102					    struct selabel_handle *h2);
103
104	/* supports backend-specific state information */
105	void *data;
106
107	/*
108	 * The main spec file used. Note for file contexts the local and/or
109	 * homedirs could also have been used to resolve a context.
110	 */
111#ifdef OHOS_FC_INIT
112	char **spec_file;
113	size_t spec_file_nums;
114#else
115	char *spec_file;
116#endif
117
118	/* ptr to SHA1 hash information if SELABEL_OPT_DIGEST set */
119	struct selabel_digest *digest;
120};
121
122/*
123 * Validation function
124 */
125extern int
126selabel_validate(struct selabel_handle *rec,
127		 struct selabel_lookup_rec *contexts) ;
128
129/*
130 * Compatibility support
131 */
132extern int myprintf_compat;
133extern void __attribute__ ((format(printf, 1, 2)))
134(*myprintf) (const char *fmt, ...) ;
135
136#define COMPAT_LOG(type, fmt...) do {			\
137	if (myprintf_compat)				\
138		myprintf(fmt);				\
139	else						\
140		selinux_log(type, fmt);			\
141	} while (0)
142
143extern int
144compat_validate(struct selabel_handle *rec,
145		struct selabel_lookup_rec *contexts,
146		const char *path, unsigned lineno) ;
147
148/*
149 * The read_spec_entries function may be used to
150 * replace sscanf to read entries from spec files.
151 */
152extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
153
154#endif				/* _SELABEL_INTERNAL_H_ */
155