From 47be9ff57e72906660bb62a515222f482131e1fb Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 11 Apr 2014 09:37:53 +0200 Subject: Create setools-3.3.7 git repo --- libsefs/include/sefs/filesystem.hh | 181 +++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 libsefs/include/sefs/filesystem.hh (limited to 'libsefs/include/sefs/filesystem.hh') diff --git a/libsefs/include/sefs/filesystem.hh b/libsefs/include/sefs/filesystem.hh new file mode 100644 index 0000000..1d2c9ed --- /dev/null +++ b/libsefs/include/sefs/filesystem.hh @@ -0,0 +1,181 @@ +/** + * @file + * Defines the public interface for the filesystem fc list object. + * + * @author Jeremy A. Mowery jmowery@tresys.com + * @author Jason Tang jtang@tresys.com + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#ifndef SEFS_FILESYSTEM_H +#define SEFS_FILESYSTEM_H + +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + +#include + +#ifdef __cplusplus +} + +#include + +/** + * This class represents the SELinux file contexts on a local on-disk + * filesystem. Be aware that the object will recurse beginning from + * the root directory, so if there are circular mounts (e.g., via + * something mounted with the 'bind' option) then queries against the + * filesystem will never terminate. + */ +class sefs_filesystem:public sefs_fclist +{ +#ifndef SWIG_FRIENDS + // private functions -- do not call these directly from + // outside of the library + friend struct sefs_context_node *filesystem_get_context(sefs_filesystem *, security_context_t) throw(std::bad_alloc); + friend sefs_entry *filesystem_get_entry(sefs_filesystem *, const struct sefs_context_node *, uint32_t, + const char *, ino64_t, const char *) throw(std::bad_alloc); + friend bool filesystem_is_query_match(sefs_filesystem *, const sefs_query *, const char *, const char *, + const struct stat64 *, apol_vector_t *, apol_mls_range_t *) throw(std::runtime_error); +#endif + + public: + + /** + * Allocate and return a new sefs filesystem structure + * representing the filesystem rooted at directory \a root. + * Be aware that the constructor is not thread-safe. + * @param new_root Directory to use as the root of the + * filesystem. This object represents this directory and all + * subdirectories, including other mounted filesystems. + * @param msg_callback Callback to invoke as errors/warnings + * are generated. If NULL, write messages to standard error. + * @param varg Value to be passed as the first parameter to + * the callback function. + * @exception bad_alloc Out of memory. + * @exception invalid_argument Root directory does not exist. + * @exception runtime_error Could not open root directory or + * /etc/mtab. + */ + sefs_filesystem(const char *new_root, sefs_callback_fn_t msg_callback, void *varg) throw(std::bad_alloc, + std::invalid_argument, + std::runtime_error); + + ~sefs_filesystem(); + + /** + * Perform a sefs query on this filesystem object, and then + * invoke a callback upon each matching entry. Mapping is in + * pre-order (i.e., directories will be mapped prior to files + * and subdirectories they contain.) + * @param query Query object containing search parameters. If + * NULL, invoke the callback on all entries. + * @param fn Function to invoke upon matching entries. This + * function will be called with three parameters: a pointer to + * this filesystem, pointer to a matching entry, and an + * arbitrary data pointer. It should return a non-negative + * value upon success, negative value upon error and to abort + * the mapping. + * @param data Arbitrary pointer to be passed into \fn as a + * third parameter. + * @return Last value returned by fn() (i.e., >= on success, < + * 0 on failure). If the filesystem has no entries then + * return 0. + * @exception std::runtime_error Error while reading contexts + * from the filesystem. + * @exception std::invalid_argument One or more query arguments + * is invalid. + */ + int runQueryMap(sefs_query * query, sefs_fclist_map_fn_t fn, void *data) throw(std::runtime_error, std::invalid_argument); + + /** + * Determine if the contexts stored in this filesystem contain + * MLS fields. + * @return \a true if MLS fields are present, \a false if not + * or undeterminable. + */ + bool isMLS() const; + + /** + * Get the root directory of a sefs filesystem structure. + * @return The root directory of the filesystem or NULL on + * error. Do not free() this string. + */ + const char *root() const; + + /** + * Look up the given device number on the currently running + * system, and convert it to its device name. + * @param dev Device number to look up. + * @return Name of the device, or NULL if the device number + * was not found. Do not free() this pointer. + * @exception std::runtime_error Error while querying system. + */ + const char *getDevName(const dev_t dev) throw(std::runtime_error); + + private: + apol_vector_t * buildDevMap(void) throw(std::runtime_error); + bool isQueryMatch(const sefs_query * query, const char *path, const char *dev, const struct stat64 *sb, + apol_vector_t * type_list, apol_mls_range_t * range) throw(std::runtime_error); + sefs_entry *getEntry(const struct sefs_context_node *context, uint32_t objectClass, const char *path, ino64_t ino, + const char *dev_name) throw(std::bad_alloc); + char *_root; + bool _rw, _mls; +}; + +extern "C" +{ +#endif + +//we do not want to wrap two copies of everything so have SWIG ignore +//the compatibility section. +#ifndef SWIG + + typedef struct sefs_filesystem sefs_filesystem_t; + +/** + * Allocate and return a new sefs filesystem structure representing + * the filesystem rooted at directory \a root. + * @see sefs_filesystem::sefs_filesystem() + */ + extern sefs_filesystem_t *sefs_filesystem_create(const char *root, sefs_callback_fn_t msg_callback, void *varg); + +/** + * Get the root directory of a sefs filesystem structure. + * @see sefs_filesystem::root() + */ + extern const char *sefs_filesystem_get_root(const sefs_filesystem_t * fs); + +/** + * Look up the given device number on the currently running + * system, and convert it to its device name. + * @see sefs_filesystem::ged_dev_name() + */ + extern const char *sefs_filesystem_get_dev_name(sefs_filesystem_t * fs, const dev_t dev); + +#endif /* SWIG */ + +#ifdef __cplusplus +} +#endif + +#endif /* SEFS_FILESYSTEM_H */ -- cgit