2 * This file is part of libsmack
4 * Copyright (C) 2010 Nokia Corporation
5 * Copyright (C) 2011 Intel Corporation
6 * Copyright (C) 2012 Samsung Electronics Co.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * version 2.1 as published by the Free Software Foundation.
12 * This library is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
23 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
24 * Rafal Krypa <r.krypa@samsung.com>
28 * Smack user space library
34 #include <sys/types.h>
37 * Maximum length of a smack label, excluding terminating null character.
39 #define SMACK_LABEL_LEN 255
41 enum smack_label_type {
45 SMACK_LABEL_TRANSMUTE,
51 * Handle to a in-memory representation of set of Smack rules.
53 struct smack_accesses;
60 * Creates a new empty smack_accesses instance.
62 * @param accesses created instance
63 * @return 0 on success and negative value on failure.
65 int smack_accesses_new(struct smack_accesses **accesses);
68 * Destroy a struct smack_accesses *instance.
70 * @param handle handle to a struct smack_accesses *instance
72 void smack_accesses_free(struct smack_accesses *handle);
75 * Write access rules to a given file.
77 * @param handle handle to a rules
78 * @param fd file descriptor
79 * @return 0 on success and negative value on failure.
81 int smack_accesses_save(struct smack_accesses *handle, int fd);
84 * Write rules to kernel.
86 * @param handle handle to a rules
87 * @return 0 on success and negative value on failure.
89 int smack_accesses_apply(struct smack_accesses *handle);
92 * Clear rules from kernel.
94 * @param handle handle to a rules
95 * @return 0 on success and negative value on failure.
97 int smack_accesses_clear(struct smack_accesses *handle);
100 * Add new rule to a rule set.
102 * @param handle handle to a rule set
103 * @param subject subject of the rule
104 * @param object object of the rule
105 * @param access_type access type
106 * @return Returns 0 on success.
108 int smack_accesses_add(struct smack_accesses *handle, const char *subject,
109 const char *object, const char *access_type);
112 * Add a modification rule to a rule set.
113 * The modification rule will change access permissions for a given subject and
115 * If such rule already existend (in the kernel or earlier in the rule set),
116 * it will be modified. Otherwise a new rule will be created, with permissions
117 * from access_add minus permissions from access_del.
119 * @param handle handle to a rule set
120 * @param subject subject of the rule
121 * @param object object of the rule
122 * @param access_add access type
123 * @param access_del access type
124 * @return Returns 0 on success.
126 int smack_accesses_add_modify(struct smack_accesses *handle, const char *subject,
127 const char *object, const char *access_add, const char *access_del);
130 * Add rules from file.
132 * @param accesses instance
133 * @param fd file descriptor
134 * @return 0 on success and negative value on failure.
136 int smack_accesses_add_from_file(struct smack_accesses *accesses, int fd);
139 * Check for Smack access.
141 * @param subject subject of the rule
142 * @param object object of the rule
143 * @param access_type access type
144 * @return 1 if access, 0 if no access and -1 on error.
146 int smack_have_access(const char *subject, const char *object,
147 const char *access_type);
150 * Get the label that is associated with the callers process.
151 * Caller is responsible of freeing the returned label.
153 * @param label returned label
154 * @return 0 on success and negative value on failure.
156 int smack_new_label_from_self(char **label);
159 * Get the label that is associated with a peer on the other end of an
160 * Unix socket (SO_PEERSEC). Caller is responsible of freeing the
163 * @param fd socket file descriptor
164 * @param label returned label
165 * @return 0 on success and negative value on failure.
167 int smack_new_label_from_socket(int fd, char **label);
170 * Set the label associated with the callers process.
171 * Caller must be run by privileged user to succeed.
173 * @param label to set
174 * @return 0 on success and negative value on failure.
176 int smack_set_label_for_self(const char *label);
179 * Revoke all rules for a subject label.
181 * @param subject subject to revoke
182 * @return 0 on success and negative value on failure.
184 int smack_revoke_subject(const char *subject);
187 * Get SMACK label from file.
188 * On successful call label will be stored on allocated memory.
189 * Caller should take care of freeing that memory later.
191 * @param path file system path
192 * @param label returned label
193 * @param type label type to get
194 * @return 0 on success and negative value on failure.
196 int smack_getlabel(const char *path, char** label,
197 enum smack_label_type type);
200 * Get SMACK label from file. If path points to a symbolic link, the
201 * function will return label of the link instead of file it refers to.
202 * On successful call label will be stored on allocated memory.
203 * Caller should take care of freeing that memory later.
205 * @param path file system path
206 * @param label returned label
207 * @param type label type to get
208 * @return 0 on success and negative value on failure.
210 int smack_lgetlabel(const char *path, char** label,
211 enum smack_label_type type);
214 * Get SMACK label from file descriptor.
215 * On successful call label will be stored on allocated memory.
216 * Caller should take care of freeing that memory later.
218 * @param fd file descriptor
219 * @param label returned label
220 * @param type label type to get
221 * @return 0 on success and negative value on failure.
223 int smack_fgetlabel(int fd, char** label,
224 enum smack_label_type type);
227 * Set SMACK label for file.
228 * On successful call label will be stored on allocated memory.
230 * @param path file system path
231 * @param label SMACK label to set
232 * if equal to NULL or "", label will be removed
233 * for type SMACK_LABEL_TRANSMUTE valid values are NULL, "", "0" or "1"
234 * @param type label type to get
235 * @return 0 on success and negative value on failure.
237 int smack_setlabel(const char *path, const char* label,
238 enum smack_label_type type);
241 * Set SMACK label for file. If path points to a symbolic link, the
242 * function will set label of the link instead of file it refers to.
244 * @param path file system path
245 * @param label SMACK label to set
246 * if equal to NULL or "", label will be removed
247 * for type SMACK_LABEL_TRANSMUTE valid values are NULL, "", "0" or "1"
248 * @param type label type to get
249 * @return 0 on success and negative value on failure.
251 int smack_lsetlabel(const char *path, const char* label,
252 enum smack_label_type type);
255 * Get SMACK label from file descriptor.
257 * @param fd file descriptor
258 * @param label SMACK label to set
259 * if equal to NULL or "", label will be removed
260 * for type SMACK_LABEL_TRANSMUTE valid values are NULL, "", "0" or "1"
261 * @param type label type to get
262 * @return 0 on success and negative value on failure.
264 int smack_fsetlabel(int fd, const char* label,
265 enum smack_label_type type);
271 #endif // _SYS_SMACK_H