Seperate external shared libraries
This commit is contained in:
parent
0dcfaaf5ff
commit
f3b68e6543
@ -10,9 +10,8 @@ LOCAL_C_INCLUDES := \
|
|||||||
$(LOCAL_PATH)/daemon \
|
$(LOCAL_PATH)/daemon \
|
||||||
$(LOCAL_PATH)/resetprop \
|
$(LOCAL_PATH)/resetprop \
|
||||||
$(LOCAL_PATH)/magiskpolicy \
|
$(LOCAL_PATH)/magiskpolicy \
|
||||||
$(LOCAL_PATH)/selinux/libselinux/include \
|
$(LOCAL_PATH)/external \
|
||||||
$(LOCAL_PATH)/selinux/libsepol/include \
|
$(LOCAL_PATH)/selinux/libsepol/include
|
||||||
$(LOCAL_PATH)/sqlite3
|
|
||||||
|
|
||||||
LOCAL_SRC_FILES := \
|
LOCAL_SRC_FILES := \
|
||||||
main.c \
|
main.c \
|
||||||
@ -48,14 +47,15 @@ LOCAL_LDLIBS := -llog
|
|||||||
|
|
||||||
include $(BUILD_EXECUTABLE)
|
include $(BUILD_EXECUTABLE)
|
||||||
|
|
||||||
# Libraries
|
# External shared libraries, build stub libraries for linking
|
||||||
include jni/selinux/libselinux/Android.mk
|
include jni/external/Android.mk
|
||||||
|
|
||||||
|
# libsepol, static library
|
||||||
include jni/selinux/libsepol/Android.mk
|
include jni/selinux/libsepol/Android.mk
|
||||||
include jni/sqlite3/Android.mk
|
|
||||||
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# In order to build separate binaries, please comment out everything
|
# In order to build separate binaries, please comment out everything
|
||||||
# starting from line 3 (including the 3 lines for libraries)
|
# above (including the lines for libraries)
|
||||||
# Then, uncomment the line you want below
|
# Then, uncomment the line you want below
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# include jni/resetprop/Android.mk
|
# include jni/resetprop/Android.mk
|
||||||
|
@ -1,10 +1,13 @@
|
|||||||
LOCAL_PATH:= $(call my-dir)
|
LOCAL_PATH:= $(call my-dir)
|
||||||
|
|
||||||
##
|
|
||||||
# libsqlite.so (stub)
|
# libsqlite.so (stub)
|
||||||
#
|
|
||||||
|
|
||||||
include $(CLEAR_VARS)
|
include $(CLEAR_VARS)
|
||||||
LOCAL_MODULE:= libsqlite
|
LOCAL_MODULE:= libsqlite
|
||||||
LOCAL_SRC_FILES := sqlite3_stub.c
|
LOCAL_SRC_FILES := sqlite3_stub.c
|
||||||
include $(BUILD_SHARED_LIBRARY)
|
include $(BUILD_SHARED_LIBRARY)
|
||||||
|
|
||||||
|
# libselinux.so (stub)
|
||||||
|
include $(CLEAR_VARS)
|
||||||
|
LOCAL_MODULE:= libselinux
|
||||||
|
LOCAL_SRC_FILES := selinux_stub.c
|
||||||
|
include $(BUILD_SHARED_LIBRARY)
|
1029
jni/external/selinux/av_permissions.h
vendored
Normal file
1029
jni/external/selinux/av_permissions.h
vendored
Normal file
File diff suppressed because it is too large
Load Diff
511
jni/external/selinux/avc.h
vendored
Normal file
511
jni/external/selinux/avc.h
vendored
Normal file
@ -0,0 +1,511 @@
|
|||||||
|
/*
|
||||||
|
* Access vector cache interface for object managers.
|
||||||
|
*
|
||||||
|
* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
|
||||||
|
*/
|
||||||
|
#ifndef _SELINUX_AVC_H_
|
||||||
|
#define _SELINUX_AVC_H_
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
#include <errno.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* SID format and operations
|
||||||
|
*/
|
||||||
|
struct security_id {
|
||||||
|
char * ctx;
|
||||||
|
unsigned int refcnt;
|
||||||
|
};
|
||||||
|
typedef struct security_id *security_id_t;
|
||||||
|
|
||||||
|
#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_sid_to_context - get copy of context corresponding to SID.
|
||||||
|
* @sid: input SID
|
||||||
|
* @ctx: pointer to context reference
|
||||||
|
*
|
||||||
|
* Return a copy of the security context corresponding to the input
|
||||||
|
* @sid in the memory referenced by @ctx. The caller is expected to
|
||||||
|
* free the context with freecon(). Return %0 on success, -%1 on
|
||||||
|
* failure, with @errno set to %ENOMEM if insufficient memory was
|
||||||
|
* available to make the copy, or %EINVAL if the input SID is invalid.
|
||||||
|
*/
|
||||||
|
int avc_sid_to_context(security_id_t sid, char ** ctx);
|
||||||
|
int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_context_to_sid - get SID for context.
|
||||||
|
* @ctx: input security context
|
||||||
|
* @sid: pointer to SID reference
|
||||||
|
*
|
||||||
|
* Look up security context @ctx in SID table, making
|
||||||
|
* a new entry if @ctx is not found. Increment the
|
||||||
|
* reference counter for the SID. Store a pointer
|
||||||
|
* to the SID structure into the memory referenced by @sid,
|
||||||
|
* returning %0 on success or -%1 on error with @errno set.
|
||||||
|
*/
|
||||||
|
int avc_context_to_sid(const char * ctx, security_id_t * sid);
|
||||||
|
int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sidget - increment SID reference counter.
|
||||||
|
* @sid: SID reference
|
||||||
|
*
|
||||||
|
* Increment the reference counter for @sid, indicating that
|
||||||
|
* @sid is in use by an (additional) object. Return the
|
||||||
|
* new reference count, or zero if @sid is invalid (has zero
|
||||||
|
* reference count). Note that avc_context_to_sid() also
|
||||||
|
* increments reference counts.
|
||||||
|
*/
|
||||||
|
int sidget(security_id_t sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* sidput - decrement SID reference counter.
|
||||||
|
* @sid: SID reference
|
||||||
|
*
|
||||||
|
* Decrement the reference counter for @sid, indicating that
|
||||||
|
* a reference to @sid is no longer in use. Return the
|
||||||
|
* new reference count. When the reference count reaches
|
||||||
|
* zero, the SID is invalid, and avc_context_to_sid() must
|
||||||
|
* be called to obtain a new SID for the security context.
|
||||||
|
*/
|
||||||
|
int sidput(security_id_t sid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_get_initial_sid - get SID for an initial kernel security identifier
|
||||||
|
* @name: input name of initial kernel security identifier
|
||||||
|
* @sid: pointer to a SID reference
|
||||||
|
*
|
||||||
|
* Get the context for an initial kernel security identifier specified by
|
||||||
|
* @name using security_get_initial_context() and then call
|
||||||
|
* avc_context_to_sid() to get the corresponding SID.
|
||||||
|
*/
|
||||||
|
int avc_get_initial_sid(const char *name, security_id_t * sid);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* AVC entry
|
||||||
|
*/
|
||||||
|
struct avc_entry;
|
||||||
|
struct avc_entry_ref {
|
||||||
|
struct avc_entry *ae;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_entry_ref_init - initialize an AVC entry reference.
|
||||||
|
* @aeref: pointer to avc entry reference structure
|
||||||
|
*
|
||||||
|
* Use this macro to initialize an avc entry reference structure
|
||||||
|
* before first use. These structures are passed to avc_has_perm(),
|
||||||
|
* which stores cache entry references in them. They can increase
|
||||||
|
* performance on repeated queries.
|
||||||
|
*/
|
||||||
|
#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
|
||||||
|
|
||||||
|
/*
|
||||||
|
* User-provided callbacks for memory, auditing, and locking
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* These structures are passed by reference to avc_init(). Passing
|
||||||
|
* a NULL reference will cause the AVC to use a default. The default
|
||||||
|
* memory callbacks are malloc() and free(). The default logging method
|
||||||
|
* is to print on stderr. If no thread callbacks are passed, a separate
|
||||||
|
* listening thread won't be started for kernel policy change messages.
|
||||||
|
* If no locking callbacks are passed, no locking will take place.
|
||||||
|
*/
|
||||||
|
struct avc_memory_callback {
|
||||||
|
/* malloc() equivalent. */
|
||||||
|
void *(*func_malloc) (size_t size);
|
||||||
|
/* free() equivalent. */
|
||||||
|
void (*func_free) (void *ptr);
|
||||||
|
/* Note that these functions should set errno on failure.
|
||||||
|
If not, some avc routines may return -1 without errno set. */
|
||||||
|
};
|
||||||
|
|
||||||
|
struct avc_log_callback {
|
||||||
|
/* log the printf-style format and arguments. */
|
||||||
|
void
|
||||||
|
#ifdef __GNUC__
|
||||||
|
__attribute__ ((format(printf, 1, 2)))
|
||||||
|
#endif
|
||||||
|
(*func_log) (const char *fmt, ...);
|
||||||
|
/* store a string representation of auditdata (corresponding
|
||||||
|
to the given security class) into msgbuf. */
|
||||||
|
void (*func_audit) (void *auditdata, security_class_t cls,
|
||||||
|
char *msgbuf, size_t msgbufsize);
|
||||||
|
};
|
||||||
|
|
||||||
|
struct avc_thread_callback {
|
||||||
|
/* create and start a thread, returning an opaque pointer to it;
|
||||||
|
the thread should run the given function. */
|
||||||
|
void *(*func_create_thread) (void (*run) (void));
|
||||||
|
/* cancel a given thread and free its resources. */
|
||||||
|
void (*func_stop_thread) (void *thread);
|
||||||
|
};
|
||||||
|
|
||||||
|
struct avc_lock_callback {
|
||||||
|
/* create a lock and return an opaque pointer to it. */
|
||||||
|
void *(*func_alloc_lock) (void);
|
||||||
|
/* obtain a given lock, blocking if necessary. */
|
||||||
|
void (*func_get_lock) (void *lock);
|
||||||
|
/* release a given lock. */
|
||||||
|
void (*func_release_lock) (void *lock);
|
||||||
|
/* destroy a given lock (free memory, etc.) */
|
||||||
|
void (*func_free_lock) (void *lock);
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Available options
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* no-op option, useful for unused slots in an array of options */
|
||||||
|
#define AVC_OPT_UNUSED 0
|
||||||
|
/* override kernel enforcing mode (boolean value) */
|
||||||
|
#define AVC_OPT_SETENFORCE 1
|
||||||
|
|
||||||
|
/*
|
||||||
|
* AVC operations
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_init - Initialize the AVC.
|
||||||
|
* @msgprefix: prefix for log messages
|
||||||
|
* @mem_callbacks: user-supplied memory callbacks
|
||||||
|
* @log_callbacks: user-supplied logging callbacks
|
||||||
|
* @thread_callbacks: user-supplied threading callbacks
|
||||||
|
* @lock_callbacks: user-supplied locking callbacks
|
||||||
|
*
|
||||||
|
* Initialize the access vector cache. Return %0 on
|
||||||
|
* success or -%1 with @errno set on failure.
|
||||||
|
* If @msgprefix is NULL, use "uavc". If any callback
|
||||||
|
* structure references are NULL, use default methods
|
||||||
|
* for those callbacks (see the definition of the callback
|
||||||
|
* structures above).
|
||||||
|
*/
|
||||||
|
int avc_init(const char *msgprefix,
|
||||||
|
const struct avc_memory_callback *mem_callbacks,
|
||||||
|
const struct avc_log_callback *log_callbacks,
|
||||||
|
const struct avc_thread_callback *thread_callbacks,
|
||||||
|
const struct avc_lock_callback *lock_callbacks);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_open - Initialize the AVC.
|
||||||
|
* @opts: array of selabel_opt structures specifying AVC options or NULL.
|
||||||
|
* @nopts: number of elements in opts array or zero for no options.
|
||||||
|
*
|
||||||
|
* This function is identical to avc_init(), except the message prefix
|
||||||
|
* is set to "avc" and any callbacks desired should be specified via
|
||||||
|
* selinux_set_callback(). Available options are listed above.
|
||||||
|
*/
|
||||||
|
int avc_open(struct selinux_opt *opts, unsigned nopts);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_cleanup - Remove unused SIDs and AVC entries.
|
||||||
|
*
|
||||||
|
* Search the SID table for SID structures with zero
|
||||||
|
* reference counts, and remove them along with all
|
||||||
|
* AVC entries that reference them. This can be used
|
||||||
|
* to return memory to the system.
|
||||||
|
*/
|
||||||
|
void avc_cleanup(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_reset - Flush the cache and reset statistics.
|
||||||
|
*
|
||||||
|
* Remove all entries from the cache and reset all access
|
||||||
|
* statistics (as returned by avc_cache_stats()) to zero.
|
||||||
|
* The SID mapping is not affected. Return %0 on success,
|
||||||
|
* -%1 with @errno set on error.
|
||||||
|
*/
|
||||||
|
int avc_reset(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_destroy - Free all AVC structures.
|
||||||
|
*
|
||||||
|
* Destroy all AVC structures and free all allocated
|
||||||
|
* memory. User-supplied locking, memory, and audit
|
||||||
|
* callbacks will be retained, but security-event
|
||||||
|
* callbacks will not. All SID's will be invalidated.
|
||||||
|
* User must call avc_init() if further use of AVC is desired.
|
||||||
|
*/
|
||||||
|
void avc_destroy(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_has_perm_noaudit - Check permissions but perform no auditing.
|
||||||
|
* @ssid: source security identifier
|
||||||
|
* @tsid: target security identifier
|
||||||
|
* @tclass: target security class
|
||||||
|
* @requested: requested permissions, interpreted based on @tclass
|
||||||
|
* @aeref: AVC entry reference
|
||||||
|
* @avd: access vector decisions
|
||||||
|
*
|
||||||
|
* Check the AVC to determine whether the @requested permissions are granted
|
||||||
|
* for the SID pair (@ssid, @tsid), interpreting the permissions
|
||||||
|
* based on @tclass, and call the security server on a cache miss to obtain
|
||||||
|
* a new decision and add it to the cache. Update @aeref to refer to an AVC
|
||||||
|
* entry with the resulting decisions, and return a copy of the decisions
|
||||||
|
* in @avd. Return %0 if all @requested permissions are granted, -%1 with
|
||||||
|
* @errno set to %EACCES if any permissions are denied, or to another value
|
||||||
|
* upon other errors. This function is typically called by avc_has_perm(),
|
||||||
|
* but may also be called directly to separate permission checking from
|
||||||
|
* auditing, e.g. in cases where a lock must be held for the check but
|
||||||
|
* should be released for the auditing.
|
||||||
|
*/
|
||||||
|
int avc_has_perm_noaudit(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct avc_entry_ref *aeref, struct av_decision *avd);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_has_perm - Check permissions and perform any appropriate auditing.
|
||||||
|
* @ssid: source security identifier
|
||||||
|
* @tsid: target security identifier
|
||||||
|
* @tclass: target security class
|
||||||
|
* @requested: requested permissions, interpreted based on @tclass
|
||||||
|
* @aeref: AVC entry reference
|
||||||
|
* @auditdata: auxiliary audit data
|
||||||
|
*
|
||||||
|
* Check the AVC to determine whether the @requested permissions are granted
|
||||||
|
* for the SID pair (@ssid, @tsid), interpreting the permissions
|
||||||
|
* based on @tclass, and call the security server on a cache miss to obtain
|
||||||
|
* a new decision and add it to the cache. Update @aeref to refer to an AVC
|
||||||
|
* entry with the resulting decisions. Audit the granting or denial of
|
||||||
|
* permissions in accordance with the policy. Return %0 if all @requested
|
||||||
|
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
|
||||||
|
* are denied or to another value upon other errors.
|
||||||
|
*/
|
||||||
|
int avc_has_perm(security_id_t ssid, security_id_t tsid,
|
||||||
|
security_class_t tclass, access_vector_t requested,
|
||||||
|
struct avc_entry_ref *aeref, void *auditdata);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_audit - Audit the granting or denial of permissions.
|
||||||
|
* @ssid: source security identifier
|
||||||
|
* @tsid: target security identifier
|
||||||
|
* @tclass: target security class
|
||||||
|
* @requested: requested permissions
|
||||||
|
* @avd: access vector decisions
|
||||||
|
* @result: result from avc_has_perm_noaudit
|
||||||
|
* @auditdata: auxiliary audit data
|
||||||
|
*
|
||||||
|
* Audit the granting or denial of permissions in accordance
|
||||||
|
* with the policy. This function is typically called by
|
||||||
|
* avc_has_perm() after a permission check, but can also be
|
||||||
|
* called directly by callers who use avc_has_perm_noaudit()
|
||||||
|
* in order to separate the permission check from the auditing.
|
||||||
|
* For example, this separation is useful when the permission check must
|
||||||
|
* be performed under a lock, to allow the lock to be released
|
||||||
|
* before calling the auditing code.
|
||||||
|
*/
|
||||||
|
void avc_audit(security_id_t ssid, security_id_t tsid,
|
||||||
|
security_class_t tclass, access_vector_t requested,
|
||||||
|
struct av_decision *avd, int result, void *auditdata);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_compute_create - Compute SID for labeling a new object.
|
||||||
|
* @ssid: source security identifier
|
||||||
|
* @tsid: target security identifier
|
||||||
|
* @tclass: target security class
|
||||||
|
* @newsid: pointer to SID reference
|
||||||
|
*
|
||||||
|
* Call the security server to obtain a context for labeling a
|
||||||
|
* new object. Look up the context in the SID table, making
|
||||||
|
* a new entry if not found. Increment the reference counter
|
||||||
|
* for the SID. Store a pointer to the SID structure into the
|
||||||
|
* memory referenced by @newsid, returning %0 on success or -%1 on
|
||||||
|
* error with @errno set.
|
||||||
|
*/
|
||||||
|
int avc_compute_create(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass, security_id_t * newsid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_compute_member - Compute SID for polyinstantation.
|
||||||
|
* @ssid: source security identifier
|
||||||
|
* @tsid: target security identifier
|
||||||
|
* @tclass: target security class
|
||||||
|
* @newsid: pointer to SID reference
|
||||||
|
*
|
||||||
|
* Call the security server to obtain a context for labeling an
|
||||||
|
* object instance. Look up the context in the SID table, making
|
||||||
|
* a new entry if not found. Increment the reference counter
|
||||||
|
* for the SID. Store a pointer to the SID structure into the
|
||||||
|
* memory referenced by @newsid, returning %0 on success or -%1 on
|
||||||
|
* error with @errno set.
|
||||||
|
*/
|
||||||
|
int avc_compute_member(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass, security_id_t * newsid);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* security event callback facility
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* security events */
|
||||||
|
#define AVC_CALLBACK_GRANT 1
|
||||||
|
#define AVC_CALLBACK_TRY_REVOKE 2
|
||||||
|
#define AVC_CALLBACK_REVOKE 4
|
||||||
|
#define AVC_CALLBACK_RESET 8
|
||||||
|
#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
|
||||||
|
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
|
||||||
|
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
|
||||||
|
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_add_callback - Register a callback for security events.
|
||||||
|
* @callback: callback function
|
||||||
|
* @events: bitwise OR of desired security events
|
||||||
|
* @ssid: source security identifier or %SECSID_WILD
|
||||||
|
* @tsid: target security identifier or %SECSID_WILD
|
||||||
|
* @tclass: target security class
|
||||||
|
* @perms: permissions
|
||||||
|
*
|
||||||
|
* Register a callback function for events in the set @events
|
||||||
|
* related to the SID pair (@ssid, @tsid) and
|
||||||
|
* and the permissions @perms, interpreting
|
||||||
|
* @perms based on @tclass. Returns %0 on success or
|
||||||
|
* -%1 if insufficient memory exists to add the callback.
|
||||||
|
*/
|
||||||
|
int avc_add_callback(int (*callback)
|
||||||
|
(uint32_t event, security_id_t ssid,
|
||||||
|
security_id_t tsid, security_class_t tclass,
|
||||||
|
access_vector_t perms,
|
||||||
|
access_vector_t * out_retained),
|
||||||
|
uint32_t events, security_id_t ssid,
|
||||||
|
security_id_t tsid, security_class_t tclass,
|
||||||
|
access_vector_t perms);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* AVC statistics
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* If set, cache statistics are tracked. This may
|
||||||
|
* become a compile-time option in the future.
|
||||||
|
*/
|
||||||
|
#define AVC_CACHE_STATS 1
|
||||||
|
|
||||||
|
struct avc_cache_stats {
|
||||||
|
unsigned entry_lookups;
|
||||||
|
unsigned entry_hits;
|
||||||
|
unsigned entry_misses;
|
||||||
|
unsigned entry_discards;
|
||||||
|
unsigned cav_lookups;
|
||||||
|
unsigned cav_hits;
|
||||||
|
unsigned cav_probes;
|
||||||
|
unsigned cav_misses;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_cache_stats - get cache access statistics.
|
||||||
|
* @stats: reference to statistics structure
|
||||||
|
*
|
||||||
|
* Fill the supplied structure with information about AVC
|
||||||
|
* activity since the last call to avc_init() or
|
||||||
|
* avc_reset(). See the structure definition for
|
||||||
|
* details.
|
||||||
|
*/
|
||||||
|
void avc_cache_stats(struct avc_cache_stats *stats);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_av_stats - log av table statistics.
|
||||||
|
*
|
||||||
|
* Log a message with information about the size and
|
||||||
|
* distribution of the access vector table. The audit
|
||||||
|
* callback is used to print the message.
|
||||||
|
*/
|
||||||
|
void avc_av_stats(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_sid_stats - log SID table statistics.
|
||||||
|
*
|
||||||
|
* Log a message with information about the size and
|
||||||
|
* distribution of the SID table. The audit callback
|
||||||
|
* is used to print the message.
|
||||||
|
*/
|
||||||
|
void avc_sid_stats(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_open - Create a netlink socket and connect to the kernel.
|
||||||
|
*/
|
||||||
|
int avc_netlink_open(int blocking);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_loop - Wait for netlink messages from the kernel
|
||||||
|
*/
|
||||||
|
void avc_netlink_loop(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_close - Close the netlink socket
|
||||||
|
*/
|
||||||
|
void avc_netlink_close(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_acquire_fd - Acquire netlink socket fd.
|
||||||
|
*
|
||||||
|
* Allows the application to manage messages from the netlink socket in
|
||||||
|
* its own main loop.
|
||||||
|
*/
|
||||||
|
int avc_netlink_acquire_fd(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_release_fd - Release netlink socket fd.
|
||||||
|
*
|
||||||
|
* Returns ownership of the netlink socket to the library.
|
||||||
|
*/
|
||||||
|
void avc_netlink_release_fd(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* avc_netlink_check_nb - Check netlink socket for new messages.
|
||||||
|
*
|
||||||
|
* Called by the application when using avc_netlink_acquire_fd() to
|
||||||
|
* process kernel netlink events.
|
||||||
|
*/
|
||||||
|
int avc_netlink_check_nb(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_open - Open and map SELinux kernel status page
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int selinux_status_open(int fallback);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_close - Unmap and close SELinux kernel status page
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
void selinux_status_close(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_updated - Inform us whether the kernel status has been updated
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int selinux_status_updated(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_getenforce - Get the enforce flag value
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int selinux_status_getenforce(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_policyload - Get the number of policy reloaded
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int selinux_status_policyload(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
int selinux_status_deny_unknown(void);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif /* _SELINUX_AVC_H_ */
|
50
jni/external/selinux/context.h
vendored
Normal file
50
jni/external/selinux/context.h
vendored
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
#ifndef _SELINUX_CONTEXT_H_
|
||||||
|
#define _SELINUX_CONTEXT_H_
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Functions to deal with security contexts in user space.
|
||||||
|
*/
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
void *ptr;
|
||||||
|
} context_s_t;
|
||||||
|
|
||||||
|
typedef context_s_t *context_t;
|
||||||
|
|
||||||
|
/* Return a new context initialized to a context string */
|
||||||
|
|
||||||
|
extern context_t context_new(const char *);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Return a pointer to the string value of the context_t
|
||||||
|
* Valid until the next call to context_str or context_free
|
||||||
|
* for the same context_t*
|
||||||
|
*/
|
||||||
|
|
||||||
|
extern char *context_str(context_t);
|
||||||
|
|
||||||
|
/* Free the storage used by a context */
|
||||||
|
extern void context_free(context_t);
|
||||||
|
|
||||||
|
/* Get a pointer to the string value of a context component */
|
||||||
|
|
||||||
|
extern const char *context_type_get(context_t);
|
||||||
|
extern const char *context_range_get(context_t);
|
||||||
|
extern const char *context_role_get(context_t);
|
||||||
|
extern const char *context_user_get(context_t);
|
||||||
|
|
||||||
|
/* Set a context component. Returns nonzero if unsuccessful */
|
||||||
|
|
||||||
|
extern int context_type_set(context_t, const char *);
|
||||||
|
extern int context_range_set(context_t, const char *);
|
||||||
|
extern int context_role_set(context_t, const char *);
|
||||||
|
extern int context_user_set(context_t, const char *);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif
|
118
jni/external/selinux/flask.h
vendored
Normal file
118
jni/external/selinux/flask.h
vendored
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
/* This file is automatically generated. Do not edit. */
|
||||||
|
#ifndef _SELINUX_FLASK_H_
|
||||||
|
#define _SELINUX_FLASK_H_
|
||||||
|
|
||||||
|
#warning "Please remove any #include's of this header in your source code."
|
||||||
|
#warning "Instead, use string_to_security_class() to map the class name to a value."
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Security object class definitions
|
||||||
|
*/
|
||||||
|
#define SECCLASS_SECURITY 1
|
||||||
|
#define SECCLASS_PROCESS 2
|
||||||
|
#define SECCLASS_SYSTEM 3
|
||||||
|
#define SECCLASS_CAPABILITY 4
|
||||||
|
#define SECCLASS_FILESYSTEM 5
|
||||||
|
#define SECCLASS_FILE 6
|
||||||
|
#define SECCLASS_DIR 7
|
||||||
|
#define SECCLASS_FD 8
|
||||||
|
#define SECCLASS_LNK_FILE 9
|
||||||
|
#define SECCLASS_CHR_FILE 10
|
||||||
|
#define SECCLASS_BLK_FILE 11
|
||||||
|
#define SECCLASS_SOCK_FILE 12
|
||||||
|
#define SECCLASS_FIFO_FILE 13
|
||||||
|
#define SECCLASS_SOCKET 14
|
||||||
|
#define SECCLASS_TCP_SOCKET 15
|
||||||
|
#define SECCLASS_UDP_SOCKET 16
|
||||||
|
#define SECCLASS_RAWIP_SOCKET 17
|
||||||
|
#define SECCLASS_NODE 18
|
||||||
|
#define SECCLASS_NETIF 19
|
||||||
|
#define SECCLASS_NETLINK_SOCKET 20
|
||||||
|
#define SECCLASS_PACKET_SOCKET 21
|
||||||
|
#define SECCLASS_KEY_SOCKET 22
|
||||||
|
#define SECCLASS_UNIX_STREAM_SOCKET 23
|
||||||
|
#define SECCLASS_UNIX_DGRAM_SOCKET 24
|
||||||
|
#define SECCLASS_SEM 25
|
||||||
|
#define SECCLASS_MSG 26
|
||||||
|
#define SECCLASS_MSGQ 27
|
||||||
|
#define SECCLASS_SHM 28
|
||||||
|
#define SECCLASS_IPC 29
|
||||||
|
#define SECCLASS_PASSWD 30
|
||||||
|
#define SECCLASS_X_DRAWABLE 31
|
||||||
|
#define SECCLASS_X_SCREEN 32
|
||||||
|
#define SECCLASS_X_GC 33
|
||||||
|
#define SECCLASS_X_FONT 34
|
||||||
|
#define SECCLASS_X_COLORMAP 35
|
||||||
|
#define SECCLASS_X_PROPERTY 36
|
||||||
|
#define SECCLASS_X_SELECTION 37
|
||||||
|
#define SECCLASS_X_CURSOR 38
|
||||||
|
#define SECCLASS_X_CLIENT 39
|
||||||
|
#define SECCLASS_X_DEVICE 40
|
||||||
|
#define SECCLASS_X_SERVER 41
|
||||||
|
#define SECCLASS_X_EXTENSION 42
|
||||||
|
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
|
||||||
|
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
|
||||||
|
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
|
||||||
|
#define SECCLASS_NETLINK_NFLOG_SOCKET 46
|
||||||
|
#define SECCLASS_NETLINK_XFRM_SOCKET 47
|
||||||
|
#define SECCLASS_NETLINK_SELINUX_SOCKET 48
|
||||||
|
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
|
||||||
|
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
|
||||||
|
#define SECCLASS_NETLINK_DNRT_SOCKET 51
|
||||||
|
#define SECCLASS_DBUS 52
|
||||||
|
#define SECCLASS_NSCD 53
|
||||||
|
#define SECCLASS_ASSOCIATION 54
|
||||||
|
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
|
||||||
|
#define SECCLASS_APPLETALK_SOCKET 56
|
||||||
|
#define SECCLASS_PACKET 57
|
||||||
|
#define SECCLASS_KEY 58
|
||||||
|
#define SECCLASS_CONTEXT 59
|
||||||
|
#define SECCLASS_DCCP_SOCKET 60
|
||||||
|
#define SECCLASS_MEMPROTECT 61
|
||||||
|
#define SECCLASS_DB_DATABASE 62
|
||||||
|
#define SECCLASS_DB_TABLE 63
|
||||||
|
#define SECCLASS_DB_PROCEDURE 64
|
||||||
|
#define SECCLASS_DB_COLUMN 65
|
||||||
|
#define SECCLASS_DB_TUPLE 66
|
||||||
|
#define SECCLASS_DB_BLOB 67
|
||||||
|
#define SECCLASS_PEER 68
|
||||||
|
#define SECCLASS_CAPABILITY2 69
|
||||||
|
#define SECCLASS_X_RESOURCE 70
|
||||||
|
#define SECCLASS_X_EVENT 71
|
||||||
|
#define SECCLASS_X_SYNTHETIC_EVENT 72
|
||||||
|
#define SECCLASS_X_APPLICATION_DATA 73
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Security identifier indices for initial entities
|
||||||
|
*/
|
||||||
|
#define SECINITSID_KERNEL 1
|
||||||
|
#define SECINITSID_SECURITY 2
|
||||||
|
#define SECINITSID_UNLABELED 3
|
||||||
|
#define SECINITSID_FS 4
|
||||||
|
#define SECINITSID_FILE 5
|
||||||
|
#define SECINITSID_FILE_LABELS 6
|
||||||
|
#define SECINITSID_INIT 7
|
||||||
|
#define SECINITSID_ANY_SOCKET 8
|
||||||
|
#define SECINITSID_PORT 9
|
||||||
|
#define SECINITSID_NETIF 10
|
||||||
|
#define SECINITSID_NETMSG 11
|
||||||
|
#define SECINITSID_NODE 12
|
||||||
|
#define SECINITSID_IGMP_PACKET 13
|
||||||
|
#define SECINITSID_ICMP_SOCKET 14
|
||||||
|
#define SECINITSID_TCP_SOCKET 15
|
||||||
|
#define SECINITSID_SYSCTL_MODPROBE 16
|
||||||
|
#define SECINITSID_SYSCTL 17
|
||||||
|
#define SECINITSID_SYSCTL_FS 18
|
||||||
|
#define SECINITSID_SYSCTL_KERNEL 19
|
||||||
|
#define SECINITSID_SYSCTL_NET 20
|
||||||
|
#define SECINITSID_SYSCTL_NET_UNIX 21
|
||||||
|
#define SECINITSID_SYSCTL_VM 22
|
||||||
|
#define SECINITSID_SYSCTL_DEV 23
|
||||||
|
#define SECINITSID_KMOD 24
|
||||||
|
#define SECINITSID_POLICY 25
|
||||||
|
#define SECINITSID_SCMP_PACKET 26
|
||||||
|
#define SECINITSID_DEVNULL 27
|
||||||
|
|
||||||
|
#define SECINITSID_NUM 27
|
||||||
|
|
||||||
|
#endif
|
82
jni/external/selinux/get_context_list.h
vendored
Normal file
82
jni/external/selinux/get_context_list.h
vendored
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
#ifndef _SELINUX_GET_SID_LIST_H_
|
||||||
|
#define _SELINUX_GET_SID_LIST_H_
|
||||||
|
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define SELINUX_DEFAULTUSER "user_u"
|
||||||
|
|
||||||
|
/* Get an ordered list of authorized security contexts for a user session
|
||||||
|
for 'user' spawned by 'fromcon' and set *conary to refer to the
|
||||||
|
NULL-terminated array of contexts. Every entry in the list will
|
||||||
|
be authorized by the policy, but the ordering is subject to user
|
||||||
|
customizable preferences. Returns number of entries in *conary.
|
||||||
|
If 'fromcon' is NULL, defaults to current context.
|
||||||
|
Caller must free via freeconary. */
|
||||||
|
extern int get_ordered_context_list(const char *user,
|
||||||
|
char * fromcon,
|
||||||
|
char *** list);
|
||||||
|
|
||||||
|
/* As above, but use the provided MLS level rather than the
|
||||||
|
default level for the user. */
|
||||||
|
int get_ordered_context_list_with_level(const char *user,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char *** list);
|
||||||
|
|
||||||
|
/* Get the default security context for a user session for 'user'
|
||||||
|
spawned by 'fromcon' and set *newcon to refer to it. The context
|
||||||
|
will be one of those authorized by the policy, but the selection
|
||||||
|
of a default is subject to user customizable preferences.
|
||||||
|
If 'fromcon' is NULL, defaults to current context.
|
||||||
|
Returns 0 on success or -1 otherwise.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int get_default_context(const char *user,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* As above, but use the provided MLS level rather than the
|
||||||
|
default level for the user. */
|
||||||
|
int get_default_context_with_level(const char *user,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Same as get_default_context, but only return a context
|
||||||
|
that has the specified role. If no reachable context exists
|
||||||
|
for the user with that role, then return -1. */
|
||||||
|
int get_default_context_with_role(const char *user,
|
||||||
|
const char *role,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Same as get_default_context, but only return a context
|
||||||
|
that has the specified role and level. If no reachable context exists
|
||||||
|
for the user with that role, then return -1. */
|
||||||
|
int get_default_context_with_rolelevel(const char *user,
|
||||||
|
const char *role,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Given a list of authorized security contexts for the user,
|
||||||
|
query the user to select one and set *newcon to refer to it.
|
||||||
|
Caller must free via freecon.
|
||||||
|
Returns 0 on sucess or -1 otherwise. */
|
||||||
|
extern int query_user_context(char ** list,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Allow the user to manually enter a context as a fallback
|
||||||
|
if a list of authorized contexts could not be obtained.
|
||||||
|
Caller must free via freecon.
|
||||||
|
Returns 0 on success or -1 otherwise. */
|
||||||
|
extern int manual_user_enter_context(const char *user,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif
|
23
jni/external/selinux/get_default_type.h
vendored
Normal file
23
jni/external/selinux/get_default_type.h
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
/* get_default_type.h - contains header information and function prototypes
|
||||||
|
* for functions to get the default type for a role
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
|
||||||
|
#define _SELINUX_GET_DEFAULT_TYPE_H_
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Return path to default type file. */
|
||||||
|
const char *selinux_default_type_path(void);
|
||||||
|
|
||||||
|
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
|
||||||
|
Caller must free via free().
|
||||||
|
Return 0 on success or -1 otherwise. */
|
||||||
|
int get_default_type(const char *role, char **type);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
|
190
jni/external/selinux/label.h
vendored
Normal file
190
jni/external/selinux/label.h
vendored
Normal file
@ -0,0 +1,190 @@
|
|||||||
|
/*
|
||||||
|
* Labeling interface for userspace object managers and others.
|
||||||
|
*
|
||||||
|
* Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
|
||||||
|
*/
|
||||||
|
#ifndef _SELABEL_H_
|
||||||
|
#define _SELABEL_H_
|
||||||
|
|
||||||
|
#include <stdbool.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Opaque type used for all label handles.
|
||||||
|
*/
|
||||||
|
|
||||||
|
struct selabel_handle;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Available backends.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* file contexts */
|
||||||
|
#define SELABEL_CTX_FILE 0
|
||||||
|
/* media contexts */
|
||||||
|
#define SELABEL_CTX_MEDIA 1
|
||||||
|
/* x contexts */
|
||||||
|
#define SELABEL_CTX_X 2
|
||||||
|
/* db objects */
|
||||||
|
#define SELABEL_CTX_DB 3
|
||||||
|
/* Android property service contexts */
|
||||||
|
#define SELABEL_CTX_ANDROID_PROP 4
|
||||||
|
/* Android service contexts */
|
||||||
|
#define SELABEL_CTX_ANDROID_SERVICE 5
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Available options
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* no-op option, useful for unused slots in an array of options */
|
||||||
|
#define SELABEL_OPT_UNUSED 0
|
||||||
|
/* validate contexts before returning them (boolean value) */
|
||||||
|
#define SELABEL_OPT_VALIDATE 1
|
||||||
|
/* don't use local customizations to backend data (boolean value) */
|
||||||
|
#define SELABEL_OPT_BASEONLY 2
|
||||||
|
/* specify an alternate path to use when loading backend data */
|
||||||
|
#define SELABEL_OPT_PATH 3
|
||||||
|
/* select a subset of the search space as an optimization (file backend) */
|
||||||
|
#define SELABEL_OPT_SUBSET 4
|
||||||
|
/* require a hash calculation on spec files */
|
||||||
|
#define SELABEL_OPT_DIGEST 5
|
||||||
|
/* total number of options */
|
||||||
|
#define SELABEL_NOPT 6
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Label operations
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_open - Create a labeling handle.
|
||||||
|
* @backend: one of the constants specifying a supported labeling backend.
|
||||||
|
* @opts: array of selabel_opt structures specifying label options or NULL.
|
||||||
|
* @nopts: number of elements in opts array or zero for no options.
|
||||||
|
*
|
||||||
|
* Open a labeling backend for use. The available backend identifiers are
|
||||||
|
* listed above. Options may be provided via the opts parameter; available
|
||||||
|
* options are listed above. Not all options may be supported by every
|
||||||
|
* backend. Return value is the created handle on success or NULL with
|
||||||
|
* @errno set on failure.
|
||||||
|
*/
|
||||||
|
struct selabel_handle *selabel_open(unsigned int backend,
|
||||||
|
const struct selinux_opt *opts,
|
||||||
|
unsigned nopts);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_close - Close a labeling handle.
|
||||||
|
* @handle: specifies handle to close
|
||||||
|
*
|
||||||
|
* Destroy the specified handle, closing files, freeing allocated memory,
|
||||||
|
* etc. The handle may not be further used after it has been closed.
|
||||||
|
*/
|
||||||
|
void selabel_close(struct selabel_handle *handle);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_lookup - Perform labeling lookup operation.
|
||||||
|
* @handle: specifies backend instance to query
|
||||||
|
* @con: returns the appropriate context with which to label the object
|
||||||
|
* @key: string input to lookup operation
|
||||||
|
* @type: numeric input to the lookup operation
|
||||||
|
*
|
||||||
|
* Perform a labeling lookup operation. Return %0 on success, -%1 with
|
||||||
|
* @errno set on failure. The key and type arguments are the inputs to the
|
||||||
|
* lookup operation; appropriate values are dictated by the backend in use.
|
||||||
|
* The result is returned in the memory pointed to by @con and must be freed
|
||||||
|
* by the user with freecon().
|
||||||
|
*/
|
||||||
|
int selabel_lookup(struct selabel_handle *handle, char **con,
|
||||||
|
const char *key, int type);
|
||||||
|
int selabel_lookup_raw(struct selabel_handle *handle, char **con,
|
||||||
|
const char *key, int type);
|
||||||
|
|
||||||
|
bool selabel_partial_match(struct selabel_handle *handle, const char *key);
|
||||||
|
|
||||||
|
int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
|
||||||
|
const char *key, const char **aliases, int type);
|
||||||
|
int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
|
||||||
|
const char *key, const char **aliases, int type);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
|
||||||
|
* generate the digest. The SELABEL_OPT_DIGEST option must
|
||||||
|
* be set in selabel_open() to initiate the digest generation.
|
||||||
|
* @handle: specifies backend instance to query
|
||||||
|
* @digest: returns a pointer to the SHA1 digest.
|
||||||
|
* @digest_len: returns length of digest in bytes.
|
||||||
|
* @specfiles: a list of specfiles used in the SHA1 digest generation.
|
||||||
|
* The list is NULL terminated and will hold @num_specfiles entries.
|
||||||
|
* @num_specfiles: number of specfiles in the list.
|
||||||
|
*
|
||||||
|
* Return %0 on success, -%1 with @errno set on failure.
|
||||||
|
*/
|
||||||
|
int selabel_digest(struct selabel_handle *rec,
|
||||||
|
unsigned char **digest, size_t *digest_len,
|
||||||
|
char ***specfiles, size_t *num_specfiles);
|
||||||
|
|
||||||
|
enum selabel_cmp_result {
|
||||||
|
SELABEL_SUBSET,
|
||||||
|
SELABEL_EQUAL,
|
||||||
|
SELABEL_SUPERSET,
|
||||||
|
SELABEL_INCOMPARABLE
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_cmp - Compare two label configurations.
|
||||||
|
* @h1: handle for the first label configuration
|
||||||
|
* @h2: handle for the first label configuration
|
||||||
|
*
|
||||||
|
* Compare two label configurations.
|
||||||
|
* Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL
|
||||||
|
* if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
|
||||||
|
* of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
|
||||||
|
*/
|
||||||
|
enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
|
||||||
|
struct selabel_handle *h2);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selabel_stats - log labeling operation statistics.
|
||||||
|
* @handle: specifies backend instance to query
|
||||||
|
*
|
||||||
|
* Log a message with information about the number of queries performed,
|
||||||
|
* number of unused matching entries, or other operational statistics.
|
||||||
|
* Message is backend-specific, some backends may not output a message.
|
||||||
|
*/
|
||||||
|
void selabel_stats(struct selabel_handle *handle);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Type codes used by specific backends
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* X backend */
|
||||||
|
#define SELABEL_X_PROP 1
|
||||||
|
#define SELABEL_X_EXT 2
|
||||||
|
#define SELABEL_X_CLIENT 3
|
||||||
|
#define SELABEL_X_EVENT 4
|
||||||
|
#define SELABEL_X_SELN 5
|
||||||
|
#define SELABEL_X_POLYPROP 6
|
||||||
|
#define SELABEL_X_POLYSELN 7
|
||||||
|
|
||||||
|
/* DB backend */
|
||||||
|
#define SELABEL_DB_DATABASE 1
|
||||||
|
#define SELABEL_DB_SCHEMA 2
|
||||||
|
#define SELABEL_DB_TABLE 3
|
||||||
|
#define SELABEL_DB_COLUMN 4
|
||||||
|
#define SELABEL_DB_SEQUENCE 5
|
||||||
|
#define SELABEL_DB_VIEW 6
|
||||||
|
#define SELABEL_DB_PROCEDURE 7
|
||||||
|
#define SELABEL_DB_BLOB 8
|
||||||
|
#define SELABEL_DB_TUPLE 9
|
||||||
|
#define SELABEL_DB_LANGUAGE 10
|
||||||
|
#define SELABEL_DB_EXCEPTION 11
|
||||||
|
#define SELABEL_DB_DATATYPE 12
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif /* _SELABEL_H_ */
|
187
jni/external/selinux/restorecon.h
vendored
Normal file
187
jni/external/selinux/restorecon.h
vendored
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
#ifndef _RESTORECON_H_
|
||||||
|
#define _RESTORECON_H_
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon - Relabel files.
|
||||||
|
* @pathname: specifies file/directory to relabel.
|
||||||
|
* @restorecon_flags: specifies the actions to be performed when relabeling.
|
||||||
|
*
|
||||||
|
* selinux_restorecon(3) will automatically call
|
||||||
|
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
|
||||||
|
* first time through to set the selabel_open(3) parameters to use the
|
||||||
|
* currently loaded policy file_contexts and request their computed digest.
|
||||||
|
*
|
||||||
|
* Should other selabel_open(3) parameters be required see
|
||||||
|
* selinux_restorecon_set_sehandle(3).
|
||||||
|
*/
|
||||||
|
extern int selinux_restorecon(const char *pathname,
|
||||||
|
unsigned int restorecon_flags);
|
||||||
|
/*
|
||||||
|
* restorecon_flags options
|
||||||
|
*/
|
||||||
|
/*
|
||||||
|
* Force the checking of labels even if the stored SHA1
|
||||||
|
* digest matches the specfiles SHA1 digest.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_IGNORE_DIGEST 0x0001
|
||||||
|
/*
|
||||||
|
* Do not change file labels.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_NOCHANGE 0x0002
|
||||||
|
/*
|
||||||
|
* If set set change file label to that in spec file.
|
||||||
|
* If not only change type component to that in spec file.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_SET_SPECFILE_CTX 0x0004
|
||||||
|
/*
|
||||||
|
* Recursively descend directories.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_RECURSE 0x0008
|
||||||
|
/*
|
||||||
|
* Log changes to selinux log. Note that if VERBOSE and
|
||||||
|
* PROGRESS are set, then PROGRESS will take precedence.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_VERBOSE 0x0010
|
||||||
|
/*
|
||||||
|
* If SELINUX_RESTORECON_PROGRESS is true and
|
||||||
|
* SELINUX_RESTORECON_MASS_RELABEL is true, then output approx % complete,
|
||||||
|
* else output the number of files in 1k blocks processed to stdout.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_PROGRESS 0x0020
|
||||||
|
/*
|
||||||
|
* Convert passed-in pathname to canonical pathname.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_REALPATH 0x0040
|
||||||
|
/*
|
||||||
|
* Prevent descending into directories that have a different
|
||||||
|
* device number than the pathname from which the descent began.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_XDEV 0x0080
|
||||||
|
/*
|
||||||
|
* Attempt to add an association between an inode and a specification.
|
||||||
|
* If there is already an association for the inode and it conflicts
|
||||||
|
* with the specification, then use the last matching specification.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_ADD_ASSOC 0x0100
|
||||||
|
/*
|
||||||
|
* Abort on errors during the file tree walk.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_ABORT_ON_ERROR 0x0200
|
||||||
|
/*
|
||||||
|
* Log any label changes to syslog.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_SYSLOG_CHANGES 0x0400
|
||||||
|
/*
|
||||||
|
* Log what spec matched each file.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_LOG_MATCHES 0x0800
|
||||||
|
/*
|
||||||
|
* Ignore files that do not exist.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_IGNORE_NOENTRY 0x1000
|
||||||
|
/*
|
||||||
|
* Do not read /proc/mounts to obtain a list of non-seclabel
|
||||||
|
* mounts to be excluded from relabeling checks.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_IGNORE_MOUNTS 0x2000
|
||||||
|
/*
|
||||||
|
* Set if there is a mass relabel required.
|
||||||
|
* See SELINUX_RESTORECON_PROGRESS flag for details.
|
||||||
|
*/
|
||||||
|
#define SELINUX_RESTORECON_MASS_RELABEL 0x4000
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon_set_sehandle - Set the global fc handle.
|
||||||
|
* @hndl: specifies handle to set as the global fc handle.
|
||||||
|
*
|
||||||
|
* Called by a process that has already called selabel_open(3) with it's
|
||||||
|
* required parameters, or if selinux_restorecon_default_handle(3) has been
|
||||||
|
* called to set the default selabel_open(3) parameters.
|
||||||
|
*/
|
||||||
|
// extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon_default_handle - Sets default selabel_open(3) parameters
|
||||||
|
* to use the currently loaded policy and
|
||||||
|
* file_contexts, also requests the digest.
|
||||||
|
*
|
||||||
|
* Return value is the created handle on success or NULL with @errno set on
|
||||||
|
* failure.
|
||||||
|
*/
|
||||||
|
extern struct selabel_handle *selinux_restorecon_default_handle(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon_set_exclude_list - Add a list of directories that are
|
||||||
|
* to be excluded from relabeling.
|
||||||
|
* @exclude_list: containing a NULL terminated list of one or more
|
||||||
|
* directories not to be relabeled.
|
||||||
|
*/
|
||||||
|
extern void selinux_restorecon_set_exclude_list(const char **exclude_list);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon_set_alt_rootpath - Use alternate rootpath.
|
||||||
|
* @alt_rootpath: containing the alternate rootpath to be used.
|
||||||
|
*
|
||||||
|
* Return %0 on success, -%1 with @errno set on failure.
|
||||||
|
*/
|
||||||
|
extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries.
|
||||||
|
* @pathname: specifies directory path to check.
|
||||||
|
* @xattr_flags: specifies the actions to be performed.
|
||||||
|
* @xattr_list: a linked list of struct dir_xattr structures containing
|
||||||
|
* the directory, digest and result of the action on the
|
||||||
|
* RESTORECON_LAST entry.
|
||||||
|
*
|
||||||
|
* selinux_restorecon_xattr(3) will automatically call
|
||||||
|
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
|
||||||
|
* first time through to set the selabel_open(3) parameters to use the
|
||||||
|
* currently loaded policy file_contexts and request their computed digest.
|
||||||
|
*
|
||||||
|
* Should other selabel_open(3) parameters be required see
|
||||||
|
* selinux_restorecon_set_sehandle(3), however note that a file_contexts
|
||||||
|
* computed digest is required for selinux_restorecon_xattr().
|
||||||
|
*/
|
||||||
|
enum digest_result {
|
||||||
|
MATCH = 0,
|
||||||
|
NOMATCH,
|
||||||
|
DELETED_MATCH,
|
||||||
|
DELETED_NOMATCH,
|
||||||
|
ERROR
|
||||||
|
};
|
||||||
|
|
||||||
|
struct dir_xattr {
|
||||||
|
char *directory;
|
||||||
|
char *digest; /* A hex encoded string that can be printed. */
|
||||||
|
enum digest_result result;
|
||||||
|
struct dir_xattr *next;
|
||||||
|
};
|
||||||
|
|
||||||
|
extern int selinux_restorecon_xattr(const char *pathname,
|
||||||
|
unsigned int xattr_flags,
|
||||||
|
struct dir_xattr ***xattr_list);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* xattr_flags options
|
||||||
|
*/
|
||||||
|
/* Recursively descend directories. */
|
||||||
|
#define SELINUX_RESTORECON_XATTR_RECURSE 0x0001
|
||||||
|
/* Delete non-matching digests from each directory in pathname. */
|
||||||
|
#define SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS 0x0002
|
||||||
|
/* Delete all digests found in pathname. */
|
||||||
|
#define SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS 0x0004
|
||||||
|
/* Do not read /proc/mounts. */
|
||||||
|
#define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS 0x0008
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif
|
673
jni/external/selinux/selinux.h
vendored
Normal file
673
jni/external/selinux/selinux.h
vendored
Normal file
@ -0,0 +1,673 @@
|
|||||||
|
#ifndef _SELINUX_H_
|
||||||
|
#define _SELINUX_H_
|
||||||
|
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
|
||||||
|
extern int is_selinux_enabled(void);
|
||||||
|
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
|
||||||
|
extern int is_selinux_mls_enabled(void);
|
||||||
|
|
||||||
|
/* No longer used; here for compatibility with legacy callers. */
|
||||||
|
typedef char *security_context_t;
|
||||||
|
|
||||||
|
/* Free the memory allocated for a context by any of the below get* calls. */
|
||||||
|
extern void freecon(char * con);
|
||||||
|
|
||||||
|
/* Free the memory allocated for a context array by security_compute_user. */
|
||||||
|
extern void freeconary(char ** con);
|
||||||
|
|
||||||
|
/* Wrappers for the /proc/pid/attr API. */
|
||||||
|
|
||||||
|
/* Get current context, and set *con to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int getcon(char ** con);
|
||||||
|
extern int getcon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Set the current security context to con.
|
||||||
|
Note that use of this function requires that the entire application
|
||||||
|
be trusted to maintain any desired separation between the old and new
|
||||||
|
security contexts, unlike exec-based transitions performed via setexeccon.
|
||||||
|
When possible, decompose your application and use setexeccon()+execve()
|
||||||
|
instead. Note that the application may lose access to its open descriptors
|
||||||
|
as a result of a setcon() unless policy allows it to use descriptors opened
|
||||||
|
by the old context. */
|
||||||
|
extern int setcon(const char * con);
|
||||||
|
extern int setcon_raw(const char * con);
|
||||||
|
|
||||||
|
/* Get context of process identified by pid, and
|
||||||
|
set *con to refer to it. Caller must free via freecon. */
|
||||||
|
extern int getpidcon(pid_t pid, char ** con);
|
||||||
|
extern int getpidcon_raw(pid_t pid, char ** con);
|
||||||
|
|
||||||
|
/* Get previous context (prior to last exec), and set *con to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int getprevcon(char ** con);
|
||||||
|
extern int getprevcon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Get exec context, and set *con to refer to it.
|
||||||
|
Sets *con to NULL if no exec context has been set, i.e. using default.
|
||||||
|
If non-NULL, caller must free via freecon. */
|
||||||
|
extern int getexeccon(char ** con);
|
||||||
|
extern int getexeccon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Set exec security context for the next execve.
|
||||||
|
Call with NULL if you want to reset to the default. */
|
||||||
|
extern int setexeccon(const char * con);
|
||||||
|
extern int setexeccon_raw(const char * con);
|
||||||
|
|
||||||
|
/* Get fscreate context, and set *con to refer to it.
|
||||||
|
Sets *con to NULL if no fs create context has been set, i.e. using default.
|
||||||
|
If non-NULL, caller must free via freecon. */
|
||||||
|
extern int getfscreatecon(char ** con);
|
||||||
|
extern int getfscreatecon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Set the fscreate security context for subsequent file creations.
|
||||||
|
Call with NULL if you want to reset to the default. */
|
||||||
|
extern int setfscreatecon(const char * context);
|
||||||
|
extern int setfscreatecon_raw(const char * context);
|
||||||
|
|
||||||
|
/* Get keycreate context, and set *con to refer to it.
|
||||||
|
Sets *con to NULL if no key create context has been set, i.e. using default.
|
||||||
|
If non-NULL, caller must free via freecon. */
|
||||||
|
extern int getkeycreatecon(char ** con);
|
||||||
|
extern int getkeycreatecon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Set the keycreate security context for subsequent key creations.
|
||||||
|
Call with NULL if you want to reset to the default. */
|
||||||
|
extern int setkeycreatecon(const char * context);
|
||||||
|
extern int setkeycreatecon_raw(const char * context);
|
||||||
|
|
||||||
|
/* Get sockcreate context, and set *con to refer to it.
|
||||||
|
Sets *con to NULL if no socket create context has been set, i.e. using default.
|
||||||
|
If non-NULL, caller must free via freecon. */
|
||||||
|
extern int getsockcreatecon(char ** con);
|
||||||
|
extern int getsockcreatecon_raw(char ** con);
|
||||||
|
|
||||||
|
/* Set the sockcreate security context for subsequent socket creations.
|
||||||
|
Call with NULL if you want to reset to the default. */
|
||||||
|
extern int setsockcreatecon(const char * context);
|
||||||
|
extern int setsockcreatecon_raw(const char * context);
|
||||||
|
|
||||||
|
/* Wrappers for the xattr API. */
|
||||||
|
|
||||||
|
/* Get file context, and set *con to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int getfilecon(const char *path, char ** con);
|
||||||
|
extern int getfilecon_raw(const char *path, char ** con);
|
||||||
|
extern int lgetfilecon(const char *path, char ** con);
|
||||||
|
extern int lgetfilecon_raw(const char *path, char ** con);
|
||||||
|
extern int fgetfilecon(int fd, char ** con);
|
||||||
|
extern int fgetfilecon_raw(int fd, char ** con);
|
||||||
|
|
||||||
|
/* Set file context */
|
||||||
|
extern int setfilecon(const char *path, const char * con);
|
||||||
|
extern int setfilecon_raw(const char *path, const char * con);
|
||||||
|
extern int lsetfilecon(const char *path, const char * con);
|
||||||
|
extern int lsetfilecon_raw(const char *path, const char * con);
|
||||||
|
extern int fsetfilecon(int fd, const char * con);
|
||||||
|
extern int fsetfilecon_raw(int fd, const char * con);
|
||||||
|
|
||||||
|
/* Wrappers for the socket API */
|
||||||
|
|
||||||
|
/* Get context of peer socket, and set *con to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int getpeercon(int fd, char ** con);
|
||||||
|
extern int getpeercon_raw(int fd, char ** con);
|
||||||
|
|
||||||
|
/* Wrappers for the selinuxfs (policy) API. */
|
||||||
|
|
||||||
|
typedef unsigned int access_vector_t;
|
||||||
|
typedef unsigned short security_class_t;
|
||||||
|
|
||||||
|
struct av_decision {
|
||||||
|
access_vector_t allowed;
|
||||||
|
access_vector_t decided;
|
||||||
|
access_vector_t auditallow;
|
||||||
|
access_vector_t auditdeny;
|
||||||
|
unsigned int seqno;
|
||||||
|
unsigned int flags;
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Definitions of av_decision.flags */
|
||||||
|
#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
|
||||||
|
|
||||||
|
/* Structure for passing options, used by AVC and label subsystems */
|
||||||
|
struct selinux_opt {
|
||||||
|
int type;
|
||||||
|
const char *value;
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Callback facilities */
|
||||||
|
union selinux_callback {
|
||||||
|
/* log the printf-style format and arguments,
|
||||||
|
with the type code indicating the type of message */
|
||||||
|
int
|
||||||
|
#ifdef __GNUC__
|
||||||
|
__attribute__ ((format(printf, 2, 3)))
|
||||||
|
#endif
|
||||||
|
(*func_log) (int type, const char *fmt, ...);
|
||||||
|
/* store a string representation of auditdata (corresponding
|
||||||
|
to the given security class) into msgbuf. */
|
||||||
|
int (*func_audit) (void *auditdata, security_class_t cls,
|
||||||
|
char *msgbuf, size_t msgbufsize);
|
||||||
|
/* validate the supplied context, modifying if necessary */
|
||||||
|
int (*func_validate) (char **ctx);
|
||||||
|
/* netlink callback for setenforce message */
|
||||||
|
int (*func_setenforce) (int enforcing);
|
||||||
|
/* netlink callback for policyload message */
|
||||||
|
int (*func_policyload) (int seqno);
|
||||||
|
};
|
||||||
|
|
||||||
|
#define SELINUX_CB_LOG 0
|
||||||
|
#define SELINUX_CB_AUDIT 1
|
||||||
|
#define SELINUX_CB_VALIDATE 2
|
||||||
|
#define SELINUX_CB_SETENFORCE 3
|
||||||
|
#define SELINUX_CB_POLICYLOAD 4
|
||||||
|
|
||||||
|
extern union selinux_callback selinux_get_callback(int type);
|
||||||
|
extern void selinux_set_callback(int type, union selinux_callback cb);
|
||||||
|
|
||||||
|
/* Logging type codes, passed to the logging callback */
|
||||||
|
#define SELINUX_ERROR 0
|
||||||
|
#define SELINUX_WARNING 1
|
||||||
|
#define SELINUX_INFO 2
|
||||||
|
#define SELINUX_AVC 3
|
||||||
|
#define SELINUX_TRANS_DIR "/var/run/setrans"
|
||||||
|
|
||||||
|
/* Compute an access decision. */
|
||||||
|
extern int security_compute_av(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd);
|
||||||
|
extern int security_compute_av_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd);
|
||||||
|
|
||||||
|
extern int security_compute_av_flags(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd);
|
||||||
|
extern int security_compute_av_flags_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd);
|
||||||
|
|
||||||
|
/* Compute a labeling decision and set *newcon to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int security_compute_create(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
extern int security_compute_create_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
extern int security_compute_create_name(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
const char *objname,
|
||||||
|
char ** newcon);
|
||||||
|
extern int security_compute_create_name_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
const char *objname,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Compute a relabeling decision and set *newcon to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int security_compute_relabel(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
extern int security_compute_relabel_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
|
||||||
|
Caller must free via freecon. */
|
||||||
|
extern int security_compute_member(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
extern int security_compute_member_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon);
|
||||||
|
|
||||||
|
/* Compute the set of reachable user contexts and set *con to refer to
|
||||||
|
the NULL-terminated array of contexts. Caller must free via freeconary. */
|
||||||
|
extern int security_compute_user(const char * scon,
|
||||||
|
const char *username,
|
||||||
|
char *** con);
|
||||||
|
extern int security_compute_user_raw(const char * scon,
|
||||||
|
const char *username,
|
||||||
|
char *** con);
|
||||||
|
|
||||||
|
/* Load a policy configuration. */
|
||||||
|
extern int security_load_policy(void *data, size_t len);
|
||||||
|
|
||||||
|
/* Get the context of an initial kernel security identifier by name.
|
||||||
|
Caller must free via freecon */
|
||||||
|
extern int security_get_initial_context(const char *name,
|
||||||
|
char ** con);
|
||||||
|
extern int security_get_initial_context_raw(const char *name,
|
||||||
|
char ** con);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Make a policy image and load it.
|
||||||
|
* This function provides a higher level interface for loading policy
|
||||||
|
* than security_load_policy, internally determining the right policy
|
||||||
|
* version, locating and opening the policy file, mapping it into memory,
|
||||||
|
* manipulating it as needed for current boolean settings and/or local
|
||||||
|
* definitions, and then calling security_load_policy to load it.
|
||||||
|
*
|
||||||
|
* 'preservebools' is a boolean flag indicating whether current
|
||||||
|
* policy boolean values should be preserved into the new policy (if 1)
|
||||||
|
* or reset to the saved policy settings (if 0). The former case is the
|
||||||
|
* default for policy reloads, while the latter case is an option for policy
|
||||||
|
* reloads but is primarily for the initial policy load.
|
||||||
|
*/
|
||||||
|
extern int selinux_mkload_policy(int preservebools);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Perform the initial policy load.
|
||||||
|
* This function determines the desired enforcing mode, sets the
|
||||||
|
* the *enforce argument accordingly for the caller to use, sets the
|
||||||
|
* SELinux kernel enforcing status to match it, and loads the policy.
|
||||||
|
* It also internally handles the initial selinuxfs mount required to
|
||||||
|
* perform these actions.
|
||||||
|
*
|
||||||
|
* The function returns 0 if everything including the policy load succeeds.
|
||||||
|
* In this case, init is expected to re-exec itself in order to transition
|
||||||
|
* to the proper security context.
|
||||||
|
* Otherwise, the function returns -1, and init must check *enforce to
|
||||||
|
* determine how to proceed. If enforcing (*enforce > 0), then init should
|
||||||
|
* halt the system. Otherwise, init may proceed normally without a re-exec.
|
||||||
|
*/
|
||||||
|
extern int selinux_init_load_policy(int *enforce);
|
||||||
|
|
||||||
|
/* Translate boolean strict to name value pair. */
|
||||||
|
typedef struct {
|
||||||
|
char *name;
|
||||||
|
int value;
|
||||||
|
} SELboolean;
|
||||||
|
/* save a list of booleans in a single transaction. */
|
||||||
|
extern int security_set_boolean_list(size_t boolcnt,
|
||||||
|
SELboolean * boollist, int permanent);
|
||||||
|
|
||||||
|
/* Load policy boolean settings.
|
||||||
|
Path may be NULL, in which case the booleans are loaded from
|
||||||
|
the active policy boolean configuration file. */
|
||||||
|
extern int security_load_booleans(char *path);
|
||||||
|
|
||||||
|
/* Check the validity of a security context. */
|
||||||
|
extern int security_check_context(const char * con);
|
||||||
|
extern int security_check_context_raw(const char * con);
|
||||||
|
|
||||||
|
/* Canonicalize a security context. */
|
||||||
|
extern int security_canonicalize_context(const char * con,
|
||||||
|
char ** canoncon);
|
||||||
|
extern int security_canonicalize_context_raw(const char * con,
|
||||||
|
char ** canoncon);
|
||||||
|
|
||||||
|
/* Get the enforce flag value. */
|
||||||
|
extern int security_getenforce(void);
|
||||||
|
|
||||||
|
/* Set the enforce flag value. */
|
||||||
|
extern int security_setenforce(int value);
|
||||||
|
|
||||||
|
/* Get the behavior for undefined classes/permissions */
|
||||||
|
extern int security_deny_unknown(void);
|
||||||
|
|
||||||
|
/* Disable SELinux at runtime (must be done prior to initial policy load). */
|
||||||
|
extern int security_disable(void);
|
||||||
|
|
||||||
|
/* Get the policy version number. */
|
||||||
|
extern int security_policyvers(void);
|
||||||
|
|
||||||
|
/* Get the boolean names */
|
||||||
|
extern int security_get_boolean_names(char ***names, int *len);
|
||||||
|
|
||||||
|
/* Get the pending value for the boolean */
|
||||||
|
extern int security_get_boolean_pending(const char *name);
|
||||||
|
|
||||||
|
/* Get the active value for the boolean */
|
||||||
|
extern int security_get_boolean_active(const char *name);
|
||||||
|
|
||||||
|
/* Set the pending value for the boolean */
|
||||||
|
extern int security_set_boolean(const char *name, int value);
|
||||||
|
|
||||||
|
/* Commit the pending values for the booleans */
|
||||||
|
extern int security_commit_booleans(void);
|
||||||
|
|
||||||
|
/* Userspace class mapping support */
|
||||||
|
struct security_class_mapping {
|
||||||
|
const char *name;
|
||||||
|
const char *perms[sizeof(access_vector_t) * 8 + 1];
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names
|
||||||
|
* @map: array of security_class_mapping structures
|
||||||
|
*
|
||||||
|
* The core avc_has_perm() API uses integers to represent security
|
||||||
|
* classes; previous to the introduction of this function, it was
|
||||||
|
* common for userspace object managers to be compiled using generated
|
||||||
|
* offsets for a particular policy. However, that strongly ties the build of the userspace components to a particular policy.
|
||||||
|
*
|
||||||
|
* By using this function to map between integer offsets and security
|
||||||
|
* class names, it's possible to replace a system policies that have
|
||||||
|
* at least the same set of security class names as used by the
|
||||||
|
* userspace object managers.
|
||||||
|
*
|
||||||
|
* To correctly use this function, you should override the generated
|
||||||
|
* security class defines from the system policy in a local header,
|
||||||
|
* starting at 1, and have one security_class_mapping structure entry
|
||||||
|
* per define.
|
||||||
|
*/
|
||||||
|
extern int selinux_set_mapping(struct security_class_mapping *map);
|
||||||
|
|
||||||
|
/* Common helpers */
|
||||||
|
|
||||||
|
/* Convert between mode and security class values */
|
||||||
|
extern security_class_t mode_to_security_class(mode_t mode);
|
||||||
|
/* Convert between security class values and string names */
|
||||||
|
extern security_class_t string_to_security_class(const char *name);
|
||||||
|
extern const char *security_class_to_string(security_class_t cls);
|
||||||
|
|
||||||
|
/* Convert between individual access vector permissions and string names */
|
||||||
|
extern const char *security_av_perm_to_string(security_class_t tclass,
|
||||||
|
access_vector_t perm);
|
||||||
|
extern access_vector_t string_to_av_perm(security_class_t tclass,
|
||||||
|
const char *name);
|
||||||
|
|
||||||
|
/* Returns an access vector in a string representation. User must free the
|
||||||
|
* returned string via free(). */
|
||||||
|
extern int security_av_string(security_class_t tclass,
|
||||||
|
access_vector_t av, char **result);
|
||||||
|
|
||||||
|
/* Display an access vector in a string representation. */
|
||||||
|
extern void print_access_vector(security_class_t tclass, access_vector_t av);
|
||||||
|
|
||||||
|
/* Set the function used by matchpathcon_init when displaying
|
||||||
|
errors about the file_contexts configuration. If not set,
|
||||||
|
then this defaults to fprintf(stderr, fmt, ...). */
|
||||||
|
extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
|
||||||
|
|
||||||
|
/* Set the function used by matchpathcon_init when checking the
|
||||||
|
validity of a context in the file contexts configuration. If not set,
|
||||||
|
then this defaults to a test based on security_check_context().
|
||||||
|
The function is also responsible for reporting any such error, and
|
||||||
|
may include the 'path' and 'lineno' in such error messages. */
|
||||||
|
extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
|
||||||
|
unsigned lineno,
|
||||||
|
char *context));
|
||||||
|
|
||||||
|
/* Same as above, but also allows canonicalization of the context,
|
||||||
|
by changing *context to refer to the canonical form. If not set,
|
||||||
|
and invalidcon is also not set, then this defaults to calling
|
||||||
|
security_canonicalize_context(). */
|
||||||
|
extern void set_matchpathcon_canoncon(int (*f) (const char *path,
|
||||||
|
unsigned lineno,
|
||||||
|
char **context));
|
||||||
|
|
||||||
|
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
|
||||||
|
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
|
||||||
|
#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
|
||||||
|
#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
|
||||||
|
extern void set_matchpathcon_flags(unsigned int flags);
|
||||||
|
|
||||||
|
/* Load the file contexts configuration specified by 'path'
|
||||||
|
into memory for use by subsequent matchpathcon calls.
|
||||||
|
If 'path' is NULL, then load the active file contexts configuration,
|
||||||
|
i.e. the path returned by selinux_file_context_path().
|
||||||
|
Unless the MATCHPATHCON_BASEONLY flag has been set, this
|
||||||
|
function also checks for a 'path'.homedirs file and
|
||||||
|
a 'path'.local file and loads additional specifications
|
||||||
|
from them if present. */
|
||||||
|
extern int matchpathcon_init(const char *path);
|
||||||
|
|
||||||
|
/* Same as matchpathcon_init, but only load entries with
|
||||||
|
regexes that have stems that are prefixes of 'prefix'. */
|
||||||
|
extern int matchpathcon_init_prefix(const char *path, const char *prefix);
|
||||||
|
|
||||||
|
/* Free the memory allocated by matchpathcon_init. */
|
||||||
|
extern void matchpathcon_fini(void);
|
||||||
|
|
||||||
|
/* Resolve all of the symlinks and relative portions of a pathname, but NOT
|
||||||
|
* the final component (same a realpath() unless the final component is a
|
||||||
|
* symlink. Resolved path must be a path of size PATH_MAX + 1 */
|
||||||
|
extern int realpath_not_final(const char *name, char *resolved_path);
|
||||||
|
|
||||||
|
/* Match the specified pathname and mode against the file contexts
|
||||||
|
configuration and set *con to refer to the resulting context.
|
||||||
|
'mode' can be 0 to disable mode matching.
|
||||||
|
Caller must free via freecon.
|
||||||
|
If matchpathcon_init has not already been called, then this function
|
||||||
|
will call it upon its first invocation with a NULL path. */
|
||||||
|
extern int matchpathcon(const char *path,
|
||||||
|
mode_t mode, char ** con);
|
||||||
|
|
||||||
|
/* Same as above, but return a specification index for
|
||||||
|
later use in a matchpathcon_filespec_add() call - see below. */
|
||||||
|
extern int matchpathcon_index(const char *path,
|
||||||
|
mode_t mode, char ** con);
|
||||||
|
|
||||||
|
/* Maintain an association between an inode and a specification index,
|
||||||
|
and check whether a conflicting specification is already associated
|
||||||
|
with the same inode (e.g. due to multiple hard links). If so, then
|
||||||
|
use the latter of the two specifications based on their order in the
|
||||||
|
file contexts configuration. Return the used specification index. */
|
||||||
|
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
|
||||||
|
|
||||||
|
/* Destroy any inode associations that have been added, e.g. to restart
|
||||||
|
for a new filesystem. */
|
||||||
|
extern void matchpathcon_filespec_destroy(void);
|
||||||
|
|
||||||
|
/* Display statistics on the hash table usage for the associations. */
|
||||||
|
extern void matchpathcon_filespec_eval(void);
|
||||||
|
|
||||||
|
/* Check to see whether any specifications had no matches and report them.
|
||||||
|
The 'str' is used as a prefix for any warning messages. */
|
||||||
|
extern void matchpathcon_checkmatches(char *str);
|
||||||
|
|
||||||
|
/* Match the specified media and against the media contexts
|
||||||
|
configuration and set *con to refer to the resulting context.
|
||||||
|
Caller must free con via freecon. */
|
||||||
|
extern int matchmediacon(const char *media, char ** con);
|
||||||
|
|
||||||
|
/*
|
||||||
|
selinux_getenforcemode reads the /etc/selinux/config file and determines
|
||||||
|
whether the machine should be started in enforcing (1), permissive (0) or
|
||||||
|
disabled (-1) mode.
|
||||||
|
*/
|
||||||
|
extern int selinux_getenforcemode(int *enforce);
|
||||||
|
|
||||||
|
/*
|
||||||
|
selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file
|
||||||
|
looking for a record with boolean_name. If a record exists selinux_boolean_sub
|
||||||
|
returns the translated name otherwise it returns the original name.
|
||||||
|
The returned value needs to be freed. On failure NULL will be returned.
|
||||||
|
*/
|
||||||
|
extern char *selinux_boolean_sub(const char *boolean_name);
|
||||||
|
|
||||||
|
/*
|
||||||
|
selinux_getpolicytype reads the /etc/selinux/config file and determines
|
||||||
|
what the default policy for the machine is. Calling application must
|
||||||
|
free policytype.
|
||||||
|
*/
|
||||||
|
extern int selinux_getpolicytype(char **policytype);
|
||||||
|
|
||||||
|
/*
|
||||||
|
selinux_policy_root reads the /etc/selinux/config file and returns
|
||||||
|
the directory path under which the compiled policy file and context
|
||||||
|
configuration files exist.
|
||||||
|
*/
|
||||||
|
extern const char *selinux_policy_root(void);
|
||||||
|
|
||||||
|
/*
|
||||||
|
selinux_set_policy_root sets an alternate policy root directory path under
|
||||||
|
which the compiled policy file and context configuration files exist.
|
||||||
|
*/
|
||||||
|
extern int selinux_set_policy_root(const char *rootpath);
|
||||||
|
|
||||||
|
/* These functions return the paths to specific files under the
|
||||||
|
policy root directory. */
|
||||||
|
extern const char *selinux_current_policy_path(void);
|
||||||
|
extern const char *selinux_binary_policy_path(void);
|
||||||
|
extern const char *selinux_failsafe_context_path(void);
|
||||||
|
extern const char *selinux_removable_context_path(void);
|
||||||
|
extern const char *selinux_default_context_path(void);
|
||||||
|
extern const char *selinux_user_contexts_path(void);
|
||||||
|
extern const char *selinux_file_context_path(void);
|
||||||
|
extern const char *selinux_file_context_homedir_path(void);
|
||||||
|
extern const char *selinux_file_context_local_path(void);
|
||||||
|
extern const char *selinux_file_context_subs_path(void);
|
||||||
|
extern const char *selinux_file_context_subs_dist_path(void);
|
||||||
|
extern const char *selinux_homedir_context_path(void);
|
||||||
|
extern const char *selinux_media_context_path(void);
|
||||||
|
extern const char *selinux_virtual_domain_context_path(void);
|
||||||
|
extern const char *selinux_virtual_image_context_path(void);
|
||||||
|
extern const char *selinux_lxc_contexts_path(void);
|
||||||
|
extern const char *selinux_x_context_path(void);
|
||||||
|
extern const char *selinux_sepgsql_context_path(void);
|
||||||
|
extern const char *selinux_openrc_contexts_path(void);
|
||||||
|
extern const char *selinux_openssh_contexts_path(void);
|
||||||
|
extern const char *selinux_snapperd_contexts_path(void);
|
||||||
|
extern const char *selinux_systemd_contexts_path(void);
|
||||||
|
extern const char *selinux_contexts_path(void);
|
||||||
|
extern const char *selinux_securetty_types_path(void);
|
||||||
|
extern const char *selinux_booleans_subs_path(void);
|
||||||
|
extern const char *selinux_booleans_path(void);
|
||||||
|
extern const char *selinux_customizable_types_path(void);
|
||||||
|
extern const char *selinux_users_path(void);
|
||||||
|
extern const char *selinux_usersconf_path(void);
|
||||||
|
extern const char *selinux_translations_path(void);
|
||||||
|
extern const char *selinux_colors_path(void);
|
||||||
|
extern const char *selinux_netfilter_context_path(void);
|
||||||
|
extern const char *selinux_path(void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* selinux_check_access - Check permissions and perform appropriate auditing.
|
||||||
|
* @scon: source security context
|
||||||
|
* @tcon: target security context
|
||||||
|
* @tclass: target security class string
|
||||||
|
* @perm: requested permissions string, interpreted based on @tclass
|
||||||
|
* @auditdata: auxiliary audit data
|
||||||
|
*
|
||||||
|
* Check the AVC to determine whether the @perm permissions are granted
|
||||||
|
* for the SID pair (@scon, @tcon), interpreting the permissions
|
||||||
|
* based on @tclass.
|
||||||
|
* Return %0 if all @perm permissions are granted, -%1 with
|
||||||
|
* @errno set to %EACCES if any permissions are denied or to another
|
||||||
|
* value upon other errors.
|
||||||
|
* If auditing or logging is configured the appropriate callbacks will be called
|
||||||
|
* and passed the auditdata field
|
||||||
|
*/
|
||||||
|
extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata);
|
||||||
|
|
||||||
|
/* Check a permission in the passwd class.
|
||||||
|
Return 0 if granted or -1 otherwise. */
|
||||||
|
extern int selinux_check_passwd_access(access_vector_t requested);
|
||||||
|
extern int checkPasswdAccess(access_vector_t requested);
|
||||||
|
|
||||||
|
/* Check if the tty_context is defined as a securetty
|
||||||
|
Return 0 if secure, < 0 otherwise. */
|
||||||
|
extern int selinux_check_securetty_context(const char * tty_context);
|
||||||
|
|
||||||
|
/* Set the path to the selinuxfs mount point explicitly.
|
||||||
|
Normally, this is determined automatically during libselinux
|
||||||
|
initialization, but this is not always possible, e.g. for /sbin/init
|
||||||
|
which performs the initial mount of selinuxfs. */
|
||||||
|
void set_selinuxmnt(const char *mnt);
|
||||||
|
|
||||||
|
/* Check if selinuxfs exists as a kernel filesystem */
|
||||||
|
int selinuxfs_exists(void);
|
||||||
|
|
||||||
|
/* clear selinuxmnt variable and free allocated memory */
|
||||||
|
void fini_selinuxmnt(void);
|
||||||
|
|
||||||
|
/* Set an appropriate security context based on the filename of a helper
|
||||||
|
* program, falling back to a new context with the specified type. */
|
||||||
|
extern int setexecfilecon(const char *filename, const char *fallback_type);
|
||||||
|
|
||||||
|
#ifndef DISABLE_RPM
|
||||||
|
/* Execute a helper for rpm in an appropriate security context. */
|
||||||
|
extern int rpm_execcon(unsigned int verified,
|
||||||
|
const char *filename,
|
||||||
|
char *const argv[], char *const envp[]);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Returns whether a file context is customizable, and should not
|
||||||
|
be relabeled . */
|
||||||
|
extern int is_context_customizable(const char * scontext);
|
||||||
|
|
||||||
|
/* Perform context translation between the human-readable format
|
||||||
|
("translated") and the internal system format ("raw").
|
||||||
|
Caller must free the resulting context via freecon.
|
||||||
|
Returns -1 upon an error or 0 otherwise.
|
||||||
|
If passed NULL, sets the returned context to NULL and returns 0. */
|
||||||
|
extern int selinux_trans_to_raw_context(const char * trans,
|
||||||
|
char ** rawp);
|
||||||
|
extern int selinux_raw_to_trans_context(const char * raw,
|
||||||
|
char ** transp);
|
||||||
|
|
||||||
|
/* Perform context translation between security contexts
|
||||||
|
and display colors. Returns a space-separated list of ten
|
||||||
|
ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
|
||||||
|
Caller must free the resulting string via free.
|
||||||
|
Returns -1 upon an error or 0 otherwise. */
|
||||||
|
extern int selinux_raw_context_to_color(const char * raw,
|
||||||
|
char **color_str);
|
||||||
|
|
||||||
|
/* Get the SELinux username and level to use for a given Linux username.
|
||||||
|
These values may then be passed into the get_ordered_context_list*
|
||||||
|
and get_default_context* functions to obtain a context for the user.
|
||||||
|
Returns 0 on success or -1 otherwise.
|
||||||
|
Caller must free the returned strings via free. */
|
||||||
|
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
|
||||||
|
|
||||||
|
/* Get the SELinux username and level to use for a given Linux username and service.
|
||||||
|
These values may then be passed into the get_ordered_context_list*
|
||||||
|
and get_default_context* functions to obtain a context for the user.
|
||||||
|
Returns 0 on success or -1 otherwise.
|
||||||
|
Caller must free the returned strings via free. */
|
||||||
|
extern int getseuser(const char *username, const char *service,
|
||||||
|
char **r_seuser, char **r_level);
|
||||||
|
|
||||||
|
/* Compare two file contexts, return 0 if equivalent. */
|
||||||
|
extern int selinux_file_context_cmp(const char * a,
|
||||||
|
const char * b);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verify the context of the file 'path' against policy.
|
||||||
|
* Return 1 if match, 0 if not and -1 on error.
|
||||||
|
*/
|
||||||
|
extern int selinux_file_context_verify(const char *path, mode_t mode);
|
||||||
|
|
||||||
|
/* This function sets the file context on to the system defaults returns 0 on success */
|
||||||
|
extern int selinux_lsetfilecon_default(const char *path);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Force a reset of the loaded configuration
|
||||||
|
* WARNING: This is not thread safe. Be very sure that no other threads
|
||||||
|
* are calling into libselinux when this is called.
|
||||||
|
*/
|
||||||
|
extern void selinux_reset_config(void);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
#endif
|
357
jni/external/selinux_stub.c
vendored
Normal file
357
jni/external/selinux_stub.c
vendored
Normal file
@ -0,0 +1,357 @@
|
|||||||
|
#include <sys/types.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
#include "selinux/avc.h"
|
||||||
|
#include "selinux/context.h"
|
||||||
|
#include "selinux/get_context_list.h"
|
||||||
|
#include "selinux/get_default_type.h"
|
||||||
|
#include "selinux/restorecon.h"
|
||||||
|
#include "selinux/selinux.h"
|
||||||
|
int is_selinux_enabled(void) { return 0; }
|
||||||
|
int is_selinux_mls_enabled(void) { return 0; }
|
||||||
|
void freecon(char * con) { }
|
||||||
|
void freeconary(char ** con) { }
|
||||||
|
int getcon(char ** con) { return 0; }
|
||||||
|
int getcon_raw(char ** con) { return 0; }
|
||||||
|
int setcon(const char * con) { return 0; }
|
||||||
|
int setcon_raw(const char * con) { return 0; }
|
||||||
|
int getpidcon(pid_t pid, char ** con) { return 0; }
|
||||||
|
int getpidcon_raw(pid_t pid, char ** con) { return 0; }
|
||||||
|
int getprevcon(char ** con) { return 0; }
|
||||||
|
int getprevcon_raw(char ** con) { return 0; }
|
||||||
|
int getexeccon(char ** con) { return 0; }
|
||||||
|
int getexeccon_raw(char ** con) { return 0; }
|
||||||
|
int setexeccon(const char * con) { return 0; }
|
||||||
|
int setexeccon_raw(const char * con) { return 0; }
|
||||||
|
int getfscreatecon(char ** con) { return 0; }
|
||||||
|
int getfscreatecon_raw(char ** con) { return 0; }
|
||||||
|
int setfscreatecon(const char * context) { return 0; }
|
||||||
|
int setfscreatecon_raw(const char * context) { return 0; }
|
||||||
|
int getkeycreatecon(char ** con) { return 0; }
|
||||||
|
int getkeycreatecon_raw(char ** con) { return 0; }
|
||||||
|
int setkeycreatecon(const char * context) { return 0; }
|
||||||
|
int setkeycreatecon_raw(const char * context) { return 0; }
|
||||||
|
int getsockcreatecon(char ** con) { return 0; }
|
||||||
|
int getsockcreatecon_raw(char ** con) { return 0; }
|
||||||
|
int setsockcreatecon(const char * context) { return 0; }
|
||||||
|
int setsockcreatecon_raw(const char * context) { return 0; }
|
||||||
|
int getfilecon(const char *path, char ** con) { return 0; }
|
||||||
|
int getfilecon_raw(const char *path, char ** con) { return 0; }
|
||||||
|
int lgetfilecon(const char *path, char ** con) { return 0; }
|
||||||
|
int lgetfilecon_raw(const char *path, char ** con) { return 0; }
|
||||||
|
int fgetfilecon(int fd, char ** con) { return 0; }
|
||||||
|
int fgetfilecon_raw(int fd, char ** con) { return 0; }
|
||||||
|
int setfilecon(const char *path, const char * con) { return 0; }
|
||||||
|
int setfilecon_raw(const char *path, const char * con) { return 0; }
|
||||||
|
int lsetfilecon(const char *path, const char * con) { return 0; }
|
||||||
|
int lsetfilecon_raw(const char *path, const char * con) { return 0; }
|
||||||
|
int fsetfilecon(int fd, const char * con) { return 0; }
|
||||||
|
int fsetfilecon_raw(int fd, const char * con) { return 0; }
|
||||||
|
int getpeercon(int fd, char ** con) { return 0; }
|
||||||
|
int getpeercon_raw(int fd, char ** con) { return 0; }
|
||||||
|
void selinux_set_callback(int type, union selinux_callback cb) { }
|
||||||
|
int security_compute_av(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd) { return 0; }
|
||||||
|
int security_compute_av_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd) { return 0; }
|
||||||
|
int security_compute_av_flags(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd) { return 0; }
|
||||||
|
int security_compute_av_flags_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct av_decision *avd) { return 0; }
|
||||||
|
int security_compute_create(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_create_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_create_name(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
const char *objname,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_create_name_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
const char *objname,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_relabel(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_relabel_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_member(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_member_raw(const char * scon,
|
||||||
|
const char * tcon,
|
||||||
|
security_class_t tclass,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int security_compute_user(const char * scon,
|
||||||
|
const char *username,
|
||||||
|
char *** con) { return 0; }
|
||||||
|
int security_compute_user_raw(const char * scon,
|
||||||
|
const char *username,
|
||||||
|
char *** con) { return 0; }
|
||||||
|
int security_load_policy(void *data, size_t len) { return 0; }
|
||||||
|
int security_get_initial_context(const char *name,
|
||||||
|
char ** con) { return 0; }
|
||||||
|
int security_get_initial_context_raw(const char *name,
|
||||||
|
char ** con) { return 0; }
|
||||||
|
int selinux_mkload_policy(int preservebools) { return 0; }
|
||||||
|
int selinux_init_load_policy(int *enforce) { return 0; }
|
||||||
|
int security_set_boolean_list(size_t boolcnt,
|
||||||
|
SELboolean * boollist, int permanent) { return 0; }
|
||||||
|
int security_load_booleans(char *path) { return 0; }
|
||||||
|
int security_check_context(const char * con) { return 0; }
|
||||||
|
int security_check_context_raw(const char * con) { return 0; }
|
||||||
|
int security_canonicalize_context(const char * con,
|
||||||
|
char ** canoncon) { return 0; }
|
||||||
|
int security_canonicalize_context_raw(const char * con,
|
||||||
|
char ** canoncon) { return 0; }
|
||||||
|
int security_getenforce(void) { return 0; }
|
||||||
|
int security_setenforce(int value) { return 0; }
|
||||||
|
int security_deny_unknown(void) { return 0; }
|
||||||
|
int security_disable(void) { return 0; }
|
||||||
|
int security_policyvers(void) { return 0; }
|
||||||
|
int security_get_boolean_names(char ***names, int *len) { return 0; }
|
||||||
|
int security_get_boolean_pending(const char *name) { return 0; }
|
||||||
|
int security_get_boolean_active(const char *name) { return 0; }
|
||||||
|
int security_set_boolean(const char *name, int value) { return 0; }
|
||||||
|
int security_commit_booleans(void) { return 0; }
|
||||||
|
int selinux_set_mapping(struct security_class_mapping *map) { return 0; }
|
||||||
|
security_class_t mode_to_security_class(mode_t mode) { return 0; }
|
||||||
|
security_class_t string_to_security_class(const char *name) { return 0; }
|
||||||
|
const char *security_class_to_string(security_class_t cls) { return 0; }
|
||||||
|
const char *security_av_perm_to_string(security_class_t tclass,
|
||||||
|
access_vector_t perm) { return 0; }
|
||||||
|
access_vector_t string_to_av_perm(security_class_t tclass,
|
||||||
|
const char *name) { return 0; }
|
||||||
|
int security_av_string(security_class_t tclass,
|
||||||
|
access_vector_t av, char **result) { return 0; }
|
||||||
|
void print_access_vector(security_class_t tclass, access_vector_t av) { }
|
||||||
|
void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) { }
|
||||||
|
void set_matchpathcon_invalidcon(int (*f) (const char *path,
|
||||||
|
unsigned lineno,
|
||||||
|
char *context)) { }
|
||||||
|
void set_matchpathcon_canoncon(int (*f) (const char *path,
|
||||||
|
unsigned lineno,
|
||||||
|
char **context)) { }
|
||||||
|
void set_matchpathcon_flags(unsigned int flags) { }
|
||||||
|
int matchpathcon_init(const char *path) { return 0; }
|
||||||
|
int matchpathcon_init_prefix(const char *path, const char *prefix) { return 0; }
|
||||||
|
void matchpathcon_fini(void) { }
|
||||||
|
int realpath_not_final(const char *name, char *resolved_path) { return 0; }
|
||||||
|
int matchpathcon(const char *path,
|
||||||
|
mode_t mode, char ** con) { return 0; }
|
||||||
|
int matchpathcon_index(const char *path,
|
||||||
|
mode_t mode, char ** con) { return 0; }
|
||||||
|
int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) { return 0; }
|
||||||
|
void matchpathcon_filespec_destroy(void) { }
|
||||||
|
void matchpathcon_filespec_eval(void) { }
|
||||||
|
void matchpathcon_checkmatches(char *str) { }
|
||||||
|
int matchmediacon(const char *media, char ** con) { return 0; }
|
||||||
|
int selinux_getenforcemode(int *enforce) { return 0; }
|
||||||
|
char *selinux_boolean_sub(const char *boolean_name) { return 0; }
|
||||||
|
int selinux_getpolicytype(char **policytype) { return 0; }
|
||||||
|
const char *selinux_policy_root(void) { return 0; }
|
||||||
|
int selinux_set_policy_root(const char *rootpath) { return 0; }
|
||||||
|
const char *selinux_current_policy_path(void) { return 0; }
|
||||||
|
const char *selinux_binary_policy_path(void) { return 0; }
|
||||||
|
const char *selinux_failsafe_context_path(void) { return 0; }
|
||||||
|
const char *selinux_removable_context_path(void) { return 0; }
|
||||||
|
const char *selinux_default_context_path(void) { return 0; }
|
||||||
|
const char *selinux_user_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_file_context_path(void) { return 0; }
|
||||||
|
const char *selinux_file_context_homedir_path(void) { return 0; }
|
||||||
|
const char *selinux_file_context_local_path(void) { return 0; }
|
||||||
|
const char *selinux_file_context_subs_path(void) { return 0; }
|
||||||
|
const char *selinux_file_context_subs_dist_path(void) { return 0; }
|
||||||
|
const char *selinux_homedir_context_path(void) { return 0; }
|
||||||
|
const char *selinux_media_context_path(void) { return 0; }
|
||||||
|
const char *selinux_virtual_domain_context_path(void) { return 0; }
|
||||||
|
const char *selinux_virtual_image_context_path(void) { return 0; }
|
||||||
|
const char *selinux_lxc_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_x_context_path(void) { return 0; }
|
||||||
|
const char *selinux_sepgsql_context_path(void) { return 0; }
|
||||||
|
const char *selinux_openrc_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_openssh_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_snapperd_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_systemd_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_contexts_path(void) { return 0; }
|
||||||
|
const char *selinux_securetty_types_path(void) { return 0; }
|
||||||
|
const char *selinux_booleans_subs_path(void) { return 0; }
|
||||||
|
const char *selinux_booleans_path(void) { return 0; }
|
||||||
|
const char *selinux_customizable_types_path(void) { return 0; }
|
||||||
|
const char *selinux_users_path(void) { return 0; }
|
||||||
|
const char *selinux_usersconf_path(void) { return 0; }
|
||||||
|
const char *selinux_translations_path(void) { return 0; }
|
||||||
|
const char *selinux_colors_path(void) { return 0; }
|
||||||
|
const char *selinux_netfilter_context_path(void) { return 0; }
|
||||||
|
const char *selinux_path(void) { return 0; }
|
||||||
|
int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata) { return 0; }
|
||||||
|
int selinux_check_passwd_access(access_vector_t requested) { return 0; }
|
||||||
|
int checkPasswdAccess(access_vector_t requested) { return 0; }
|
||||||
|
int selinux_check_securetty_context(const char * tty_context) { return 0; }
|
||||||
|
void set_selinuxmnt(const char *mnt) { }
|
||||||
|
int selinuxfs_exists(void) { return 0; }
|
||||||
|
void fini_selinuxmnt(void) {}
|
||||||
|
int setexecfilecon(const char *filename, const char *fallback_type) { return 0; }
|
||||||
|
#ifndef DISABLE_RPM
|
||||||
|
int rpm_execcon(unsigned int verified,
|
||||||
|
const char *filename,
|
||||||
|
char *const argv[], char *const envp[]) { return 0; }
|
||||||
|
#endif
|
||||||
|
int is_context_customizable(const char * scontext) { return 0; }
|
||||||
|
int selinux_trans_to_raw_context(const char * trans,
|
||||||
|
char ** rawp) { return 0; }
|
||||||
|
int selinux_raw_to_trans_context(const char * raw,
|
||||||
|
char ** transp) { return 0; }
|
||||||
|
int selinux_raw_context_to_color(const char * raw,
|
||||||
|
char **color_str) { return 0; }
|
||||||
|
int getseuserbyname(const char *linuxuser, char **seuser, char **level) { return 0; }
|
||||||
|
int getseuser(const char *username, const char *service,
|
||||||
|
char **r_seuser, char **r_level) { return 0; }
|
||||||
|
int selinux_file_context_cmp(const char * a,
|
||||||
|
const char * b) { return 0; }
|
||||||
|
int selinux_file_context_verify(const char *path, mode_t mode) { return 0; }
|
||||||
|
int selinux_lsetfilecon_default(const char *path) { return 0; }
|
||||||
|
void selinux_reset_config(void) { }
|
||||||
|
int avc_sid_to_context(security_id_t sid, char ** ctx) { return 0; }
|
||||||
|
int avc_sid_to_context_raw(security_id_t sid, char ** ctx) { return 0; }
|
||||||
|
int avc_context_to_sid(const char * ctx, security_id_t * sid) { return 0; }
|
||||||
|
int avc_context_to_sid_raw(const char * ctx, security_id_t * sid) { return 0; }
|
||||||
|
int sidget(security_id_t sid) { return 0; }
|
||||||
|
int sidput(security_id_t sid) { return 0; }
|
||||||
|
int avc_get_initial_sid(const char *name, security_id_t * sid) { return 0; }
|
||||||
|
int avc_init(const char *msgprefix,
|
||||||
|
const struct avc_memory_callback *mem_callbacks,
|
||||||
|
const struct avc_log_callback *log_callbacks,
|
||||||
|
const struct avc_thread_callback *thread_callbacks,
|
||||||
|
const struct avc_lock_callback *lock_callbacks) { return 0; }
|
||||||
|
int avc_open(struct selinux_opt *opts, unsigned nopts) { return 0; }
|
||||||
|
void avc_cleanup(void) { }
|
||||||
|
int avc_reset(void) { return 0; }
|
||||||
|
void avc_destroy(void) { }
|
||||||
|
int avc_has_perm_noaudit(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass,
|
||||||
|
access_vector_t requested,
|
||||||
|
struct avc_entry_ref *aeref, struct av_decision *avd) { return 0; }
|
||||||
|
int avc_has_perm(security_id_t ssid, security_id_t tsid,
|
||||||
|
security_class_t tclass, access_vector_t requested,
|
||||||
|
struct avc_entry_ref *aeref, void *auditdata) { return 0; }
|
||||||
|
void avc_audit(security_id_t ssid, security_id_t tsid,
|
||||||
|
security_class_t tclass, access_vector_t requested,
|
||||||
|
struct av_decision *avd, int result, void *auditdata) { }
|
||||||
|
int avc_compute_create(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass, security_id_t * newsid) { return 0; }
|
||||||
|
int avc_compute_member(security_id_t ssid,
|
||||||
|
security_id_t tsid,
|
||||||
|
security_class_t tclass, security_id_t * newsid) { return 0; }
|
||||||
|
int avc_add_callback(int (*callback)
|
||||||
|
(uint32_t event, security_id_t ssid,
|
||||||
|
security_id_t tsid, security_class_t tclass,
|
||||||
|
access_vector_t perms,
|
||||||
|
access_vector_t * out_retained),
|
||||||
|
uint32_t events, security_id_t ssid,
|
||||||
|
security_id_t tsid, security_class_t tclass,
|
||||||
|
access_vector_t perms) { return 0; }
|
||||||
|
void avc_cache_stats(struct avc_cache_stats *stats) { }
|
||||||
|
void avc_av_stats(void) { }
|
||||||
|
void avc_sid_stats(void) { }
|
||||||
|
int avc_netlink_open(int blocking) { return 0; }
|
||||||
|
void avc_netlink_loop(void) { }
|
||||||
|
void avc_netlink_close(void) { }
|
||||||
|
int avc_netlink_acquire_fd(void) { return 0; }
|
||||||
|
void avc_netlink_release_fd(void) { }
|
||||||
|
int avc_netlink_check_nb(void) { return 0; }
|
||||||
|
int selinux_status_open(int fallback) { return 0; }
|
||||||
|
void selinux_status_close(void) { }
|
||||||
|
int selinux_status_updated(void) { return 0; }
|
||||||
|
int selinux_status_getenforce(void) { return 0; }
|
||||||
|
int selinux_status_policyload(void) { return 0; }
|
||||||
|
int selinux_status_deny_unknown(void) { return 0; }
|
||||||
|
context_t context_new(const char *s) { return 0; }
|
||||||
|
char *context_str(context_t c) { return 0; }
|
||||||
|
void context_free(context_t c) { }
|
||||||
|
const char *context_type_get(context_t c) { return 0; }
|
||||||
|
const char *context_range_get(context_t c) { return 0; }
|
||||||
|
const char *context_role_get(context_t c) { return 0; }
|
||||||
|
const char *context_user_get(context_t c) { return 0; }
|
||||||
|
int context_type_set(context_t c, const char *s) { return 0; }
|
||||||
|
int context_range_set(context_t c, const char *s) { return 0; }
|
||||||
|
int context_role_set(context_t c, const char *s) { return 0; }
|
||||||
|
int context_user_set(context_t c, const char *s) { return 0; }
|
||||||
|
int get_ordered_context_list(const char *user,
|
||||||
|
char * fromcon,
|
||||||
|
char *** list) { return 0; }
|
||||||
|
int get_ordered_context_list_with_level(const char *user,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char *** list) { return 0; }
|
||||||
|
int get_default_context(const char *user,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int get_default_context_with_level(const char *user,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int get_default_context_with_role(const char *user,
|
||||||
|
const char *role,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int get_default_context_with_rolelevel(const char *user,
|
||||||
|
const char *role,
|
||||||
|
const char *level,
|
||||||
|
char * fromcon,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int query_user_context(char ** list,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
int manual_user_enter_context(const char *user,
|
||||||
|
char ** newcon) { return 0; }
|
||||||
|
const char *selinux_default_type_path(void) { return 0; }
|
||||||
|
int get_default_type(const char *role, char **type) { return 0; }
|
||||||
|
struct selabel_handle *selabel_open(unsigned int backend,
|
||||||
|
const struct selinux_opt *opts,
|
||||||
|
unsigned nopts) { return 0; }
|
||||||
|
void selabel_close(struct selabel_handle *handle) { }
|
||||||
|
int selabel_lookup(struct selabel_handle *handle, char **con,
|
||||||
|
const char *key, int type) { return 0; }
|
||||||
|
int selabel_lookup_raw(struct selabel_handle *handle, char **con,
|
||||||
|
const char *key, int type) { return 0; }
|
||||||
|
bool selabel_partial_match(struct selabel_handle *handle, const char *key) { return 0; }
|
||||||
|
int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
|
||||||
|
const char *key, const char **aliases, int type) { return 0; }
|
||||||
|
int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
|
||||||
|
const char *key, const char **aliases, int type) { return 0; }
|
||||||
|
int selabel_digest(struct selabel_handle *rec,
|
||||||
|
unsigned char **digest, size_t *digest_len,
|
||||||
|
char ***specfiles, size_t *num_specfiles) { return 0; }
|
||||||
|
void selabel_stats(struct selabel_handle *handle) { }
|
||||||
|
int selinux_restorecon(const char *pathname,
|
||||||
|
unsigned int restorecon_flags) { return 0; }
|
||||||
|
struct selabel_handle *selinux_restorecon_default_handle(void) { return 0; }
|
||||||
|
void selinux_restorecon_set_exclude_list(const char **exclude_list) { }
|
||||||
|
int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath) { return 0; }
|
||||||
|
int selinux_restorecon_xattr(const char *pathname,
|
||||||
|
unsigned int xattr_flags,
|
||||||
|
struct dir_xattr ***xattr_list) { return 0; }
|
Loading…
Reference in New Issue
Block a user