diff --git a/libqpol/include/qpol/module.h b/libqpol/include/qpol/module.h deleted file mode 100644 index d684c40..0000000 --- a/libqpol/include/qpol/module.h +++ /dev/null @@ -1,125 +0,0 @@ -/** - * @file - * Defines the public interface the policy modules. - * - * @author Jeremy A. Mowery jmowery@tresys.com - * @author Jason Tang jtang@tresys.com - * - * Copyright (C) 2006-2007 Tresys Technology, LLC - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#ifndef QPOL_MODULE_H -#define QPOL_MODULE_H - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include - - typedef struct qpol_module qpol_module_t; - -#define QPOL_MODULE_UNKNOWN 0 -#define QPOL_MODULE_BASE 1 -#define QPOL_MODULE_OTHER 2 - -/** - * Create a qpol module from a policy package file. Newly created - * modules are enabled by default. - * @param path The file from which to read the module. This string - * will be duplicated. - * @param module Pointer in which to store the newly allocated - * module. The caller is responsible for calling qpol_module_destroy() - * to free memory used by this module. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *module will be NULL. - */ - extern int qpol_module_create_from_file(const char *path, qpol_module_t ** module); - -/** - * Free all memory used by a qpol module and set it to NULL. Does - * nothing if the pointer is already NULL. - * @param module Reference pointer to the module to destroy. - */ - extern void qpol_module_destroy(qpol_module_t ** module); - -/** - * Get the path of the policy package file used to create this module. - * @param module The module from which to get the path. - * @param path Pointer to the string in which to store the path. The - * caller should not free this string. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *path will be NULL. - */ - extern int qpol_module_get_path(const qpol_module_t * module, const char **path); - -/** - * Get the name of a module. - * @param module The module from which to get the name. - * @param name Pointer to the string in which to store the name. The - * caller should not free this string. If the module is a base - * module the name will be NULL. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *name will be NULL. - */ - extern int qpol_module_get_name(const qpol_module_t * module, const char **name); - -/** - * Get the version of a module. - * @param module The module from which to get the version. - * @param version Pointer to string in which to store the version. The - * caller should not free this string. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *version will be NULL. - */ - extern int qpol_module_get_version(const qpol_module_t * module, const char **version); - -/** - * Get the type of module (base or other). - * @param module The module from which to get the type. - * @param type Pointer to integer in which to store the type. Value - * will be one of QPOL_MODULE_BASE or QPOL_MODULE_OTHER. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *type will be QPOL_MODULE_UNKNOWN. - */ - extern int qpol_module_get_type(const qpol_module_t * module, int *type); - -/** - * Determine if a module is enabled. - * @param module The module from which to get the enabled state. - * @param enabled Pointer to integer in which to store the state. - * Value will be 0 if module is disabled and non-zero if enabled. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *enabled will be 0. - */ - extern int qpol_module_get_enabled(const qpol_module_t * module, int *enabled); - -/** - * Enable or disable a module. Note that the caller must still - * invoke qpol_policy_rebuild() to update the policy. - * @param module The module to enable or disable. - * @param enabled Non-zero to enable the module, zero to disable. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and the module will remain unchanged. - */ - extern int qpol_module_set_enabled(qpol_module_t * module, int enabled); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h index 7afc2b9..b28fd74 100644 --- a/libqpol/include/qpol/policy.h +++ b/libqpol/include/qpol/policy.h @@ -48,7 +48,6 @@ extern "C" #include #include #include -#include #include #include #include @@ -59,7 +58,6 @@ extern "C" #include #include #include -#include #include #include #include @@ -145,37 +143,6 @@ extern "C" */ extern int qpol_policy_open_from_file(const char *filename, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options); - -/** - * Open a policy from a passed in file path but do not load any rules. - * @param filename The name of the file to open. - * @param policy The policy to populate. The caller should not free - * this pointer. - * @param fn (Optional) If non-NULL, the callback to be used by the handle. - * @param varg (Optional) The argument needed by the handle callback. - * @return Returns one of QPOL_POLICY_* above on success and < 0 on failure; - * if the call fails, errno will be set and *policy will be NULL. - * @deprecated use qpol_policy_open_from_file() with the option QPOL_POLICY_OPTION_NO_RULES instead. - */ - extern int qpol_policy_open_from_file_no_rules(const char *filename, qpol_policy_t ** policy, qpol_callback_fn_t fn, - void *varg) __attribute__ ((deprecated)); - -/** - * Open a policy from a passed in buffer. - * @param policy The policy to populate. The caller should not free - * this pointer. - * @param filedata The policy file stored in memory . - * @param size The size of filedata - * @param fn (Optional) If non-NULL, the callback to be used by the handle. - * @param varg (Optional) The argument needed by the handle callback. - * @param options Options to control loading only portions of a policy; - * must be a bitwise-or'd set of QPOL_POLICY_OPTION_* from above. - * @return Returns 0 on success and < 0 on failure; if the call fails, - * errno will be set and *policy will be NULL. - */ - extern int qpol_policy_open_from_memory(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, - void *varg, const int options); - /** * Close a policy and deallocate its memory. Does nothing if it is * already NULL. @@ -195,47 +162,6 @@ extern "C" */ extern int qpol_policy_reevaluate_conds(qpol_policy_t * policy); -/** - * Append a module to a policy. The policy now owns the module. - * Note that the caller must still invoke qpol_policy_rebuild() - * to update the policy. - * @param policy The policy to which to add the module. - * @param module The module to append. The caller should not - * destroy this module if this function succeeds. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and both the policy and the module will - * remain unchanged. If the call fails, the caller is still - * responsible for calling qpol_module_destroy(). - */ - extern int qpol_policy_append_module(qpol_policy_t * policy, qpol_module_t * module); - -/** - * Rebuild the policy. If the options provided are the same as those - * provied to the last call to rebuild or open and the modules were not - * changed, this function does nothing; otherwise, re-link all enabled - * modules with the base and then call expand. If the syntactic rule - * table was previously built, the caller should call - * qpol_policy_build_syn_rule_table() after calling this function. - * @param policy The policy to rebuild. - * This policy will be altered by this function. - * @param options Options to control loading only portions of a policy; - * must be a bitwise-or'd set of QPOL_POLICY_OPTION_* from above. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and the policy will be reverted to its previous state. - */ - extern int qpol_policy_rebuild(qpol_policy_t * policy, const int options); - -/** - * Get an iterator of all modules in a policy. - * @param policy The policy from which to get the iterator. - * @param iter Iteraror of modules (of type qpol_module_t) returned. - * The caller should not destroy the modules returned by - * qpol_iterator_get_item(). - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *iter will be NULL. - */ - extern int qpol_policy_get_module_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter); - /** * Get the version number of the policy. * @param policy The policy for which to get the version. diff --git a/libqpol/include/qpol/syn_rule_query.h b/libqpol/include/qpol/syn_rule_query.h deleted file mode 100644 index 446efbb..0000000 --- a/libqpol/include/qpol/syn_rule_query.h +++ /dev/null @@ -1,314 +0,0 @@ -/** - * @file - * Public interface for querying syntactic rules from the extended - * policy image. - * - * @author Jeremy A. Mowery jmowery@tresys.com - * @author Jason Tang jtang@tresys.com - * - * Copyright (C) 2006-2007 Tresys Technology, LLC - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - */ - -#ifndef QPOL_SYN_RULE_QUERY_H -#define QPOL_SYN_RULE_QUERY_H - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include -#include -#include -#include - - typedef struct qpol_type_set qpol_type_set_t; - typedef struct qpol_syn_avrule qpol_syn_avrule_t; - typedef struct qpol_syn_terule qpol_syn_terule_t; - -/** - * Get an iterator of the included types in a type set. - * @param policy Policy associated with the type set. - * @param ts Type set from which to get the included types. - * @param iter Iterator over items of type qpol_type_t returned. - * The caller is responsible for calling qpol_iterator_destroy() - * to free memory used by this iterator. - * It is important to note that this iterator is only valid as long as - * the policy is unmodifed. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *iter will be NULL. - */ - extern int qpol_type_set_get_included_types_iter(const qpol_policy_t * policy, const qpol_type_set_t * ts, - qpol_iterator_t ** iter); - -/** - * Get an iterator of the subtracted types in a type set. - * @param policy Policy associated with the type set. - * @param ts Type set from which to get the subtracted types. - * @param iter Iterator over items of type qpol_type_t returned. - * The caller is responsible for calling qpol_iterator_destroy() - * to free memory used by this iterator. - * It is important to note that this iterator is only valid as long as - * the policy is unmodifed. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *iter will be NULL. - */ - extern int qpol_type_set_get_subtracted_types_iter(const qpol_policy_t * policy, const qpol_type_set_t * ts, - qpol_iterator_t ** iter); - -/** - * Determine if a type set includes '*'. - * @param policy Policy associated with the type set. - * @param ts Type set to check for '*'. - * @param is_star Pointer to integer to set. - * Will be set to 1 if ts contains '*' or 0 otherwise. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *is_star will be 0. - */ - extern int qpol_type_set_get_is_star(const qpol_policy_t * policy, const qpol_type_set_t * ts, uint32_t * is_star); - -/** - * Determine if a type set is complemented (contains '~'). - * @param policy Policy associated with the type set. - * @param ts Type set to check for complement. - * @param is_comp Pointer to integer to set. - * Will be set to 1 if ts is complemented or 0 otherwise. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *is_comp will be 0. - */ - extern int qpol_type_set_get_is_comp(const qpol_policy_t * policy, const qpol_type_set_t * ts, uint32_t * is_comp); - -/** - * Get the rule type of a syntactic avrule. - * @param policy Policy associated with the rule. - * @param rule Avrule from which to get the type. - * @param rule_type Pointer to integer to set. - * Will be one of QPOL_RULE_* (see qpol/avrule_query.h). - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *rule_type will be 0. - */ - extern int qpol_syn_avrule_get_rule_type(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - uint32_t * rule_type); - -/** - * Get the set of types specified for a syntatic rule's source field. - * @param policy Policy associated with the rule. - * @param rule Avrule from which to get the source type set. - * @param source_set Type set returned; the caller should not - * free this pointer. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *source_set will be NULL. - */ - extern int qpol_syn_avrule_get_source_type_set(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - const qpol_type_set_t ** source_set); - -/** - * Get the set of types specified for a syntactic rule's target field. - * @param policy Policy associated with the rule. - * @param rule Avrule from which to get the target type set. - * @param target_set Type set returned; the caller should not - * free this pointer. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *target_set will be NULL. - */ - extern int qpol_syn_avrule_get_target_type_set(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - const qpol_type_set_t ** target_set); - -/** - * Determine if a syntactic rule includes the self flag in the target set. - * @param policy Policy associated with the rule. - * @param rule Avrule to check for the self flag. - * @param is_self Pointer to the integer to set; if the rule includes self, - * this will be set to 1, otherwise it will be set to 0. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *is_self will be 0. - */ - extern int qpol_syn_avrule_get_is_target_self(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - uint32_t * is_self); - -/** - * Get an iterator over all classes specified in a syntactic rule. - * @param policy Policy associated with the rule. - * @param rule The rule from which to get the classes. - * @param classes Iterator over items of type qpol_class_t* returned. - * The caller is responsible for calling qpol_iterator_destroy() - * to free memory used by this iterator. - * It is important to note that this iterator is only valid as long as - * the policy is unmodifed. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *classes will be NULL. - */ - extern int qpol_syn_avrule_get_class_iter(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - qpol_iterator_t ** classes); - -/** - * Get an iterator over all permissions specified in a syntactic rule. - * @param policy Policy associated with the - * @param rule The rule from which to get the permissions. - * @param perms Iterator over items of type char* returned. - * The caller is responsible for calling qpol_iterator_destroy() - * to free memory used by this iterator. - * It is important to note that this iterator is only valid as long as - * the policy is unmodifed. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *perms will be NULL. - */ - extern int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - qpol_iterator_t ** perms); - -/** - * Get the line number of a syntactic rule. - * @param policy Policy associated with the rule - * @param rule The rule for which to get the line number. - * @param lineno Pointer to set to the line number. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_avrule_get_lineno(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, unsigned long *lineno); - -/** - * If the syntactic rule is within a conditional, then get that - * conditional and assign it to cond. Otherwise assign to cond NULL. - * @param policy Policy associated with the rule. - * @param rule The rule for which to get the conditional. - * @param cond Reference pointer to this rule's conditional - * expression, or NULL if the rule is unconditional. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_avrule_get_cond(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - const qpol_cond_t ** cond); - -/** - * Determine if the syntactic rule is enabled. Unconditional rules - * are always enabled. - * @param policy Policy associated with the rule. - * @param rule The rule for which to get the conditional. - * @param is_enabled Integer in which to store the result: set to 1 - * if enabled and 0 otherwise. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_avrule_get_is_enabled(const qpol_policy_t * policy, const qpol_syn_avrule_t * rule, - uint32_t * is_enabled); - -/** - * Get the rule type of a syntactic terule. - * @param policy Policy associated with the rule. - * @param rule Terule from which to get the type. - * @param rule_type Pointer to integer to set. - * Will be one of QPOL_RULE_TYPE_* (see qpol/terule_query.h). - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *rule_type will be 0. - */ - extern int qpol_syn_terule_get_rule_type(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - uint32_t * rule_type); - -/** - * Bet the set of types specified for a syntactic rule's source field. - * @param policy Policy associated with the rule. - * @param rule Terule from which to get the source type set. - * @param source_set Type set returned; the caller shoule not - * free this pointer. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *source_set will be NULL. - */ - extern int qpol_syn_terule_get_source_type_set(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - const qpol_type_set_t ** source_set); - -/** - * Get the set of types specified for a syntactic rule's target field. - * @param policy Policy associated with the rule. - * @param rule Terule from which to get the target types et. - * @param target_set Type set returned; ther caller should not - * free this pointer. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *target_set will be NULL. - */ - extern int qpol_syn_terule_get_target_type_set(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - const qpol_type_set_t ** target_set); - -/** - * Get an iterator over all classes specified in a syntactic rule. - * @param policy Policy associated with the rule. - * @param rule The rule from which to get the classes. - * @param classes Iterator over items of type qpol_class_t* returned. - * The caller is responsible for calling qpol_iterator_destroy() - * to free memory used by this iterator. - * It is important to note that this iterator is only valid as long as - * the policy is unmodifed. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *classes will be NULL. - */ - extern int qpol_syn_terule_get_class_iter(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - qpol_iterator_t ** classes); - -/* forward declaration */ - struct qpol_type; - -/** - * Get the default type of a syntactic terule. - * @param policy Policy associated with the rule. - * @param rule Terule from which to et the default type. - * @param dflt Reference pointer to the type to return. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *dflt will be NULL. - */ - extern int qpol_syn_terule_get_default_type(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - const struct qpol_type **dflt); - -/** - * Get the line number of a syntactic rule. - * @param policy Policy associated with the rule. - * @param rule The rule for which to get the line number. - * @param lineno Pointer to set to the line number. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_terule_get_lineno(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, unsigned long *lineno); - -/** - * If the syntactic rule is within a conditional, then get that - * conditional and assign it to cond. Otherwise assign to cond NULL. - * @param policy Policy associated with the rule. - * @param rule The rule for which to get the conditional. - * @param cond Reference pointer to this rule's conditional - * expression, or NULL if the rule is unconditional. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_terule_get_cond(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - const qpol_cond_t ** cond); - -/** - * Determine if the syntactic rule is enabled. Unconditional rules - * are always enabled. - * @param policy Policy associated with the rule. - * @param rule The rule for which to get the conditional. - * @param is_enabled Integer in which to store the result: set to 1 - * if enabled and 0 otherwise. - * @return 0 on success and < 0 on failure; if the call fails, - * errno will be set and *lineno will be 0. - */ - extern int qpol_syn_terule_get_is_enabled(const qpol_policy_t * policy, const qpol_syn_terule_t * rule, - uint32_t * is_enabled); - -#ifdef __cplusplus -} -#endif - -#endif /* QPOL_SYN_RULE_QUERY_H */ diff --git a/libqpol/policy.c b/libqpol/policy.c index f23a402..2aeaa13 100644 --- a/libqpol/policy.c +++ b/libqpol/policy.c @@ -280,8 +280,6 @@ int qpol_policy_open_from_file(const char *path, qpol_policy_t ** policy, qpol_c int error = 0, retv = -1; FILE *infile = NULL; sepol_policy_file_t *pfile = NULL; - int fd = 0; - struct stat sb; if (policy != NULL) *policy = NULL; diff --git a/libqpol/qpol_internal.h b/libqpol/qpol_internal.h index f7a86e4..72c3d59 100644 --- a/libqpol/qpol_internal.h +++ b/libqpol/qpol_internal.h @@ -42,19 +42,6 @@ extern "C" #define QPOL_MSG_WARN 2 #define QPOL_MSG_INFO 3 - struct qpol_policy; - - struct qpol_module - { - char *name; - char *path; - char *version; - int type; - struct sepol_policydb *p; - int enabled; - struct qpol_policy *parent; - }; - struct qpol_policy { struct sepol_policydb *p;