16cd6a6acSopenharmony_ci#ifndef _SEPOL_POLICYDB_H_
26cd6a6acSopenharmony_ci#define _SEPOL_POLICYDB_H_
36cd6a6acSopenharmony_ci
46cd6a6acSopenharmony_ci#include <stddef.h>
56cd6a6acSopenharmony_ci#include <stdio.h>
66cd6a6acSopenharmony_ci
76cd6a6acSopenharmony_ci#include <sepol/handle.h>
86cd6a6acSopenharmony_ci
96cd6a6acSopenharmony_ci#ifdef __cplusplus
106cd6a6acSopenharmony_ciextern "C" {
116cd6a6acSopenharmony_ci#endif
126cd6a6acSopenharmony_ci
136cd6a6acSopenharmony_cistruct sepol_policy_file;
146cd6a6acSopenharmony_citypedef struct sepol_policy_file sepol_policy_file_t;
156cd6a6acSopenharmony_ci
166cd6a6acSopenharmony_cistruct sepol_policydb;
176cd6a6acSopenharmony_citypedef struct sepol_policydb sepol_policydb_t;
186cd6a6acSopenharmony_ci
196cd6a6acSopenharmony_ci/* Policy file public interfaces. */
206cd6a6acSopenharmony_ci
216cd6a6acSopenharmony_ci/* Create and free memory associated with a policy file. */
226cd6a6acSopenharmony_ciextern int sepol_policy_file_create(sepol_policy_file_t ** pf);
236cd6a6acSopenharmony_ciextern void sepol_policy_file_free(sepol_policy_file_t * pf);
246cd6a6acSopenharmony_ci
256cd6a6acSopenharmony_ci/*
266cd6a6acSopenharmony_ci * Set the policy file to represent a binary policy memory image.
276cd6a6acSopenharmony_ci * Subsequent operations using the policy file will read and write
286cd6a6acSopenharmony_ci * the image located at the specified address with the specified length.
296cd6a6acSopenharmony_ci * If 'len' is 0, then merely compute the necessary length upon
306cd6a6acSopenharmony_ci * subsequent policydb write operations in order to determine the
316cd6a6acSopenharmony_ci * necessary buffer size to allocate.
326cd6a6acSopenharmony_ci */
336cd6a6acSopenharmony_ciextern void sepol_policy_file_set_mem(sepol_policy_file_t * pf,
346cd6a6acSopenharmony_ci				      char *data, size_t len);
356cd6a6acSopenharmony_ci
366cd6a6acSopenharmony_ci/*
376cd6a6acSopenharmony_ci * Get the size of the buffer needed to store a policydb write
386cd6a6acSopenharmony_ci * previously done on this policy file.
396cd6a6acSopenharmony_ci */
406cd6a6acSopenharmony_ciextern int sepol_policy_file_get_len(sepol_policy_file_t * pf, size_t * len);
416cd6a6acSopenharmony_ci
426cd6a6acSopenharmony_ci/*
436cd6a6acSopenharmony_ci * Set the policy file to represent a FILE.
446cd6a6acSopenharmony_ci * Subsequent operations using the policy file will read and write
456cd6a6acSopenharmony_ci * to the FILE.
466cd6a6acSopenharmony_ci */
476cd6a6acSopenharmony_ciextern void sepol_policy_file_set_fp(sepol_policy_file_t * pf, FILE * fp);
486cd6a6acSopenharmony_ci
496cd6a6acSopenharmony_ci/*
506cd6a6acSopenharmony_ci * Associate a handle with a policy file, for use in
516cd6a6acSopenharmony_ci * error reporting from subsequent calls that take the
526cd6a6acSopenharmony_ci * policy file as an argument.
536cd6a6acSopenharmony_ci */
546cd6a6acSopenharmony_ciextern void sepol_policy_file_set_handle(sepol_policy_file_t * pf,
556cd6a6acSopenharmony_ci					 sepol_handle_t * handle);
566cd6a6acSopenharmony_ci
576cd6a6acSopenharmony_ci/* Policydb public interfaces. */
586cd6a6acSopenharmony_ci
596cd6a6acSopenharmony_ci/* Create and free memory associated with a policydb. */
606cd6a6acSopenharmony_ciextern int sepol_policydb_create(sepol_policydb_t ** p);
616cd6a6acSopenharmony_ciextern void sepol_policydb_free(sepol_policydb_t * p);
626cd6a6acSopenharmony_ci
636cd6a6acSopenharmony_ci/* Legal types of policies that the policydb can represent. */
646cd6a6acSopenharmony_ci#define SEPOL_POLICY_KERN	0
656cd6a6acSopenharmony_ci#define SEPOL_POLICY_BASE	1
666cd6a6acSopenharmony_ci#define SEPOL_POLICY_MOD	2
676cd6a6acSopenharmony_ci
686cd6a6acSopenharmony_ci/*
696cd6a6acSopenharmony_ci * Range of policy versions for the kernel policy type supported
706cd6a6acSopenharmony_ci * by this library.
716cd6a6acSopenharmony_ci */
726cd6a6acSopenharmony_ciextern int sepol_policy_kern_vers_min(void);
736cd6a6acSopenharmony_ciextern int sepol_policy_kern_vers_max(void);
746cd6a6acSopenharmony_ci
756cd6a6acSopenharmony_ci/*
766cd6a6acSopenharmony_ci * Set the policy type as specified, and automatically initialize the
776cd6a6acSopenharmony_ci * policy version accordingly to the maximum version supported for the
786cd6a6acSopenharmony_ci * policy type.
796cd6a6acSopenharmony_ci * Returns -1 if the policy type is not legal.
806cd6a6acSopenharmony_ci */
816cd6a6acSopenharmony_ciextern int sepol_policydb_set_typevers(sepol_policydb_t * p, unsigned int type);
826cd6a6acSopenharmony_ci
836cd6a6acSopenharmony_ci/*
846cd6a6acSopenharmony_ci * Set the policy version to a different value.
856cd6a6acSopenharmony_ci * Returns -1 if the policy version is not in the supported range for
866cd6a6acSopenharmony_ci * the (previously set) policy type.
876cd6a6acSopenharmony_ci */
886cd6a6acSopenharmony_ciextern int sepol_policydb_set_vers(sepol_policydb_t * p, unsigned int vers);
896cd6a6acSopenharmony_ci
906cd6a6acSopenharmony_ci/* Set how to handle unknown class/perms. */
916cd6a6acSopenharmony_ci#define SEPOL_DENY_UNKNOWN	    0
926cd6a6acSopenharmony_ci#define SEPOL_REJECT_UNKNOWN	    2
936cd6a6acSopenharmony_ci#define SEPOL_ALLOW_UNKNOWN	    4
946cd6a6acSopenharmony_ciextern int sepol_policydb_set_handle_unknown(sepol_policydb_t * p,
956cd6a6acSopenharmony_ci					     unsigned int handle_unknown);
966cd6a6acSopenharmony_ci
976cd6a6acSopenharmony_ci/* Set the target platform */
986cd6a6acSopenharmony_ci#define SEPOL_TARGET_SELINUX 0
996cd6a6acSopenharmony_ci#define SEPOL_TARGET_XEN     1
1006cd6a6acSopenharmony_ciextern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
1016cd6a6acSopenharmony_ci					     int target_platform);
1026cd6a6acSopenharmony_ci
1036cd6a6acSopenharmony_ci/*
1046cd6a6acSopenharmony_ci * Optimize the policy by removing redundant rules.
1056cd6a6acSopenharmony_ci */
1066cd6a6acSopenharmony_ciextern int sepol_policydb_optimize(sepol_policydb_t * p);
1076cd6a6acSopenharmony_ci
1086cd6a6acSopenharmony_ci/*
1096cd6a6acSopenharmony_ci * Read a policydb from a policy file.
1106cd6a6acSopenharmony_ci * This automatically sets the type and version based on the
1116cd6a6acSopenharmony_ci * image contents.
1126cd6a6acSopenharmony_ci */
1136cd6a6acSopenharmony_ciextern int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf);
1146cd6a6acSopenharmony_ci
1156cd6a6acSopenharmony_ci/*
1166cd6a6acSopenharmony_ci * Write a policydb to a policy file.
1176cd6a6acSopenharmony_ci * The generated image will be in the binary format corresponding
1186cd6a6acSopenharmony_ci * to the policy version associated with the policydb.
1196cd6a6acSopenharmony_ci */
1206cd6a6acSopenharmony_ciextern int sepol_policydb_write(sepol_policydb_t * p, sepol_policy_file_t * pf);
1216cd6a6acSopenharmony_ci
1226cd6a6acSopenharmony_ci/*
1236cd6a6acSopenharmony_ci * Extract a policydb from a binary policy memory image.
1246cd6a6acSopenharmony_ci * This is equivalent to sepol_policydb_read with a policy file
1256cd6a6acSopenharmony_ci * set to refer to memory.
1266cd6a6acSopenharmony_ci */
1276cd6a6acSopenharmony_ciextern int sepol_policydb_from_image(sepol_handle_t * handle,
1286cd6a6acSopenharmony_ci				     void *data, size_t len,
1296cd6a6acSopenharmony_ci				     sepol_policydb_t * p);
1306cd6a6acSopenharmony_ci
1316cd6a6acSopenharmony_ci/*
1326cd6a6acSopenharmony_ci * Generate a binary policy memory image from a policydb.
1336cd6a6acSopenharmony_ci * This is equivalent to sepol_policydb_write with a policy file
1346cd6a6acSopenharmony_ci * set to refer to memory, but internally handles computing the
1356cd6a6acSopenharmony_ci * necessary length and allocating an appropriately sized memory
1366cd6a6acSopenharmony_ci * buffer for the caller.
1376cd6a6acSopenharmony_ci */
1386cd6a6acSopenharmony_ciextern int sepol_policydb_to_image(sepol_handle_t * handle,
1396cd6a6acSopenharmony_ci				   sepol_policydb_t * p,
1406cd6a6acSopenharmony_ci				   void **newdata, size_t * newlen);
1416cd6a6acSopenharmony_ci
1426cd6a6acSopenharmony_ci/*
1436cd6a6acSopenharmony_ci * Check whether the policydb has MLS enabled.
1446cd6a6acSopenharmony_ci */
1456cd6a6acSopenharmony_ciextern int sepol_policydb_mls_enabled(const sepol_policydb_t * p);
1466cd6a6acSopenharmony_ci
1476cd6a6acSopenharmony_ci/*
1486cd6a6acSopenharmony_ci * Check whether the compatibility mode for SELinux network
1496cd6a6acSopenharmony_ci * checks should be enabled when using this policy.
1506cd6a6acSopenharmony_ci */
1516cd6a6acSopenharmony_ciextern int sepol_policydb_compat_net(const sepol_policydb_t * p);
1526cd6a6acSopenharmony_ci
1536cd6a6acSopenharmony_ci#ifdef __cplusplus
1546cd6a6acSopenharmony_ci}
1556cd6a6acSopenharmony_ci#endif
1566cd6a6acSopenharmony_ci
1576cd6a6acSopenharmony_ci#endif
158