/* Author: Joshua Brindle <jbrindle@tresys.co
* Jason Tang <jtang@tresys.com>
*
* Copyright (C) 2004-2005 Tresys Technology, LLC
* Copyright (C) 2005 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
/* This file implements only the publicly-visible handle functions to libsemanage. */
#include <selinux/selinux.h>
#include <ctype.h>
#include <stdarg.h>
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/time.h>
#include "direct_api.h"
#include "handle.h"
#include "debug.h"
#include "semanage_conf.h"
#include "semanage_store.h"
#define SEMANAGE_COMMIT_READ_WAIT 5
static char *private_semanage_root = NULL;
int semanage_set_root(const char *root)
{
free(private_semanage_root);
private_semanage_root = strdup(root);
return 0;
}
hidden_def(semanage_set_root);
const char * semanage_root(void)
{
if (private_semanage_root == NULL) {
return "";
}
return private_semanage_root;
}
semanage_handle_t *semanage_handle_create(void)
{
semanage_handle_t *sh = NULL;
char *conf_name = NULL;
/* Allocate handle */
if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL)
goto err;
if ((conf_name = semanage_conf_path()) == NULL)
goto err;
if ((sh->conf = semanage_conf_parse(conf_name)) == NULL)
goto err;
/* Link to sepol handle */
sh->sepolh = sepol_handle_create();
if (!sh->sepolh)
goto err;
sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh);
/* Default priority is 400 */
sh->priority = 400;
/* By default do not rebuild the policy on commit
* If any changes are made, this flag is ignored */
sh->do_rebuild = 0;
/* By default always reload policy after commit if SELinux is enabled. */
sh->do_reload = (is_selinux_enabled() > 0);
/* By default always check the file contexts file. */
sh->do_check_contexts = 1;
/* By default do not create store */
sh->create_store = 0;
/* Set timeout: some default value for now, later use config */
sh->timeout = SEMANAGE_COMMIT_READ_WAIT;
/* Set callback */
sh->msg_callback = semanage_msg_default_handler;
sh->msg_callback_arg = NULL;
free(conf_name);
return sh;
err:
free(conf_name);
semanage_handle_destroy(sh);
return NULL;
}
void semanage_set_rebuild(semanage_handle_t * sh, int do_rebuild)
{
assert(sh != NULL);
sh->do_rebuild = do_rebuild;
return;
}
void semanage_set_reload(semanage_handle_t * sh, int do_reload)
{
assert(sh != NULL);
sh->do_reload = do_reload;
return;
}
int semanage_get_hll_compiler_path(semanage_handle_t *sh,
char *lang_ext,
char **compiler_path)
{
assert(sh != NULL);
assert(lang_ext != NULL);
int i;
int status = 0;
int num_printed = 0;
size_t len;
char *compiler = NULL;
char *lower_lang_ext = NULL;
lower_lang_ext = strdup(lang_ext);
if (lower_lang_ext == NULL) {
ERR(sh, "Could not create copy of lang_ext. Out of memory.\n");
status = -1;
goto cleanup;
}
/* Set lang_ext to lowercase in case a file with a mixed case extension was passed to libsemanage */
for (i = 0; lower_lang_ext[i] != '\0'; i++) {
lower_lang_ext[i] = tolower(lower_lang_ext[i]);
}
len = strlen(sh->conf->compiler_directory_path) + strlen("/") + strlen(lower_lang_ext) + 1;
compiler = malloc(len * sizeof(*compiler));
if (compiler == NULL) {
ERR(sh, "Error allocating space for compiler path.");
status = -1;
goto cleanup;
}
num_printed = snprintf(compiler, len, "%s/%s", sh->conf->compiler_directory_path, lower_lang_ext);
if (num_printed < 0 || (int)num_printed >= (int)len) {
ERR(sh, "Error creating compiler path.");
status = -1;
goto cleanup;
}
*compiler_path = compiler;
status = 0;
cleanup:
free(lower_lang_ext);
if (status != 0) {
free(compiler);
}
return status;
}
void semanage_set_create_store(semanage_handle_t * sh, int create_store)
{
assert(sh != NULL);
sh->create_store = create_store;
return;
}
int semanage_get_disable_dontaudit(semanage_handle_t * sh)
{
assert(sh != NULL);
return sepol_get_disable_dontaudit(sh->sepolh);
}
void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
{
assert(sh != NULL);
sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
return;
}
int semanage_get_preserve_tunables(semanage_handle_t * sh)
{
assert(sh != NULL);
return sepol_get_preserve_tunables(sh->sepolh);
}
void semanage_set_preserve_tunables(semanage_handle_t * sh,
int preserve_tunables)
{
assert(sh != NULL);
sepol_set_preserve_tunables(sh->sepolh, preserve_tunables);
}
int semanage_get_ignore_module_cache(semanage_handle_t *sh)
{
assert(sh != NULL);
return sh->conf->ignore_module_cache;
}
void semanage_set_ignore_module_cache(semanage_handle_t *sh,
int ignore_module_cache)
{
assert(sh != NULL);
sh->conf->ignore_module_cache = ignore_module_cache;
}
void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts)
{
assert(sh != NULL);
sh->do_check_contexts = do_check_contexts;
return;
}
uint16_t semanage_get_default_priority(semanage_handle_t *sh)
{
assert(sh != NULL);
return sh->priority;
}
int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority)
{
assert(sh != NULL);
/* Verify priority */
if (semanage_module_validate_priority(priority) < 0) {
ERR(sh, "Priority %d is invalid.", priority);
return -1;
}
sh->priority = priority;
return 0;
}
int semanage_is_connected(semanage_handle_t * sh)
{
assert(sh != NULL);
return sh->is_connected;
}
void semanage_select_store(semanage_handle_t * sh, char *storename,
enum semanage_connect_type storetype)
{
assert(sh != NULL);
/* This just sets the storename to what the user requests, no
verification of existance will be done until connect */
free(sh->conf->store_path);
sh->conf->store_path = strdup(storename);
assert(sh->conf->store_path); /* no way to return failure */
sh->conf->store_type = storetype;
return;
}
void semanage_set_store_root(semanage_handle_t *sh, const char *store_root)
{
assert(sh != NULL);
free(sh->conf->store_root_path);
sh->conf->store_root_path = strdup(store_root);
assert(sh->conf->store_root_path); /* no way to return failure */
return;
}
int semanage_is_managed(semanage_handle_t * sh)
{
assert(sh != NULL);
if (sh->is_connected) {
ERR(sh, "Already connected.");
return -1;
}
switch (sh->conf->store_type) {
case SEMANAGE_CON_DIRECT:
return semanage_direct_is_managed(sh);
default:
ERR(sh,
"The connection type specified within your semanage.conf file has not been implemented yet.");
/* fall through */
}
return -1;
}
int semanage_mls_enabled(semanage_handle_t * sh)
{
assert(sh != NULL);
switch (sh->conf->store_type) {
case SEMANAGE_CON_DIRECT:
return semanage_direct_mls_enabled(sh);
default:
ERR(sh,
"The connection type specified within your semanage.conf file has not been implemented yet.");
/* fall through */
}
return -1;
}
int semanage_connect(semanage_handle_t * sh)
{
assert(sh != NULL);
switch (sh->conf->store_type) {
case SEMANAGE_CON_DIRECT:{
if (semanage_direct_connect(sh) < 0) {
return -1;
}
break;
}
default:{
ERR(sh,
"The connection type specified within your semanage.conf file has not been implemented yet.");
return -1;
}
}
sh->is_connected = 1;
return 0;
}
int semanage_access_check(semanage_handle_t * sh)
{
assert(sh != NULL);
switch (sh->conf->store_type) {
case SEMANAGE_CON_DIRECT:
return semanage_direct_access_check(sh);
default:
return -1;
}
return -1; /* unreachable */
}
hidden_def(semanage_access_check)
int semanage_disconnect(semanage_handle_t * sh)
{
assert(sh != NULL && sh->funcs != NULL
&& sh->funcs->disconnect != NULL);
if (!sh->is_connected) {
return 0;
}
if (sh->funcs->disconnect(sh) < 0) {
return -1;
}
sh->is_in_transaction = 0;
sh->is_connected = 0;
sh->modules_modified = 0;
return 0;
}
void semanage_handle_destroy(semanage_handle_t * sh)
{
if (sh == NULL)
return;
if (sh->funcs != NULL && sh->funcs->destroy != NULL)
sh->funcs->destroy(sh);
semanage_conf_destroy(sh->conf);
sepol_handle_destroy(sh->sepolh);
free(sh);
}
hidden_def(semanage_handle_destroy)
/********************* public transaction functions *********************/
int semanage_begin_transaction(semanage_handle_t * sh)
{
assert(sh != NULL && sh->funcs != NULL
&& sh->funcs->begin_trans != NULL);
if (!sh->is_connected) {
ERR(sh, "Not connected.");
return -1;
}
if (sh->is_in_transaction) {
return 0;
}
if (sh->funcs->begin_trans(sh) < 0) {
return -1;
}
sh->is_in_transaction = 1;
return 0;
}
hidden_def(semanage_begin_transaction)
int semanage_commit(semanage_handle_t * sh)
{
int retval;
assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL);
if (!sh->is_in_transaction) {
ERR(sh,
"Will not commit because caller does not have a transaction lock yet.");
return -1;
}
retval = sh->funcs->commit(sh);
sh->is_in_transaction = 0;
sh->modules_modified = 0;
return retval;
}