diff options
Diffstat (limited to 'libapol/include/apol/policy.h')
-rw-r--r-- | libapol/include/apol/policy.h | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/libapol/include/apol/policy.h b/libapol/include/apol/policy.h new file mode 100644 index 0000000..7b26af8 --- /dev/null +++ b/libapol/include/apol/policy.h @@ -0,0 +1,166 @@ +/** + * @file + * + * Public interface for SELinux policies. This function declares + * apol_policy, a structure that groups a qpol_policy with other + * structures needed by libapol. Almost all setools files will need + * to #include this header. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2006-2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef APOL_POLICY_H +#define APOL_POLICY_H + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include "policy-path.h" +#include <stdarg.h> +#include <qpol/policy.h> + + typedef struct apol_policy apol_policy_t; + + typedef void (*apol_callback_fn_t) (void *varg, const apol_policy_t * p, int level, const char *fmt, va_list argp); + +/** + * When creating an apol_policy, load all components except rules + * (both AV and TE rules). For modular policies, this affects both + * the base policy and subsequent modules. + * @deprecated use QPOL_POLICY_OPTION_NO_RULES instead + */ +#define APOL_POLICY_OPTION_NO_RULES QPOL_POLICY_OPTION_NO_RULES + +/** + * Create a new apol_policy initialized from one or more policy files. + * + * @param path Policy path object specifying which policy file or + * files to load. + * @param options Bitfield specifying options for the returned policy. + * Valid options are QPOL_POLICY_OPTION_* from <qpol/policy.h>. + * @param msg_callback Callback to invoke as errors/warnings are + * generated. If NULL, then write messages to standard error. + * @param varg Value to be passed as the first parameter to the + * callback function. + * + * @return A newly allocated policy that may be used for analysis, or + * NULL upon error. The caller is responsible for calling + * apol_policy_destroy() upon the returned value afterwards. + */ + extern apol_policy_t *apol_policy_create_from_policy_path(const apol_policy_path_t * path, const int options, + apol_callback_fn_t msg_callback, void *varg); + +/** + * Deallocate all memory associated with a policy, including all + * auxillary data structures, and then set it to NULL. Does nothing + * if the pointer is already NULL. + * + * @param policy Policy to destroy, if not already NULL. + */ + extern void apol_policy_destroy(apol_policy_t ** policy); + +/** + * Given a policy, return the policy type. This will be one of + * QPOL_POLICY_KERNEL_SOURCE, QPOL_POLICY_KERNEL_BINARY, or + * QPOL_POLICY_MODULE_BINARY. (You will need to #include + * <qpol/policy.h> to get these definitions.) + * + * @param policy Policy to which check. + * + * @return The policy type, or < 0 upon error. + */ + extern int apol_policy_get_policy_type(const apol_policy_t * policy); + +/** + * Given a policy, return a pointer to the underlying qpol_policy. + * This is needed, for example, to access details of particulary qpol + * components. + * + * @param policy Policy containing qpol policy. + * + * @return Pointer to underlying qpol policy, or NULL on error. Do + * not free() or otherwise destroy this pointer. + */ + extern qpol_policy_t *apol_policy_get_qpol(const apol_policy_t * policy); + +/** + * Given a policy, return 1 if the policy within is MLS, 0 if not. If + * it cannot be determined or upon error, return < 0. + * + * @param p Policy to which check. + * @return 1 if policy is MLS, 0 if not, < 0 upon error. + */ + extern int apol_policy_is_mls(const apol_policy_t * p); + +/** + * Given a policy, allocate and return a string that describes the + * policy (policy version, source/binary, mls/non-mls). + * + * @param p Policy to check. + * @return String that describes policy, or NULL upon error. The + * caller must free() this afterwards. + */ + extern char *apol_policy_get_version_type_mls_str(const apol_policy_t * p); + +#define APOL_MSG_ERR 1 +#define APOL_MSG_WARN 2 +#define APOL_MSG_INFO 3 + +/** + * Write a message to the callback stored within an apol error + * handler. If the msg_callback field is empty, then the default + * message callback will be used. + * + * @param p Error reporting handler. If NULL then write message to + * stderr. + * @param level Severity of message, one of APOL_MSG_ERR, + * APOL_MSG_WARN, or APOL_MSG_INFO. + * @param fmt Format string to print, using syntax of printf(3). + */ + extern void apol_handle_msg(const apol_policy_t * p, int level, const char *fmt, ...); + + __attribute__ ((format(printf, 3, 4))) extern void apol_handle_msg(const apol_policy_t * p, int level, const char *fmt, + ...); + +/** + * Invoke a apol_policy_t's callback for an error, passing it a format + * string and arguments. + */ +#define ERR(p, format, ...) apol_handle_msg(p, APOL_MSG_ERR, format, __VA_ARGS__) + +/** + * Invoke a apol_policy_t's callback for a warning, passing it a + * format string and arguments. + */ +#define WARN(p, format, ...) apol_handle_msg(p, APOL_MSG_WARN, format, __VA_ARGS__) + +/** + * Invoke a apol_policy_t's callback for an informational messag, + * passing it a format string and arguments. + */ +#define INFO(p, format, ...) apol_handle_msg(p, APOL_MSG_INFO, format, __VA_ARGS__) + +#ifdef __cplusplus +} +#endif + +#endif |