From f3b68e65438f37e216ec682a1794b4bb6a0ab612 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Fri, 7 Jul 2017 22:11:00 +0800 Subject: [PATCH] Seperate external shared libraries --- jni/Android.mk | 14 +- jni/{sqlite3 => external}/Android.mk | 9 +- jni/external/selinux/av_permissions.h | 1029 ++++++++++++++++++++++ jni/external/selinux/avc.h | 511 +++++++++++ jni/external/selinux/context.h | 50 ++ jni/external/selinux/flask.h | 118 +++ jni/external/selinux/get_context_list.h | 82 ++ jni/external/selinux/get_default_type.h | 23 + jni/external/selinux/label.h | 190 ++++ jni/external/selinux/restorecon.h | 187 ++++ jni/external/selinux/selinux.h | 673 ++++++++++++++ jni/external/selinux_stub.c | 357 ++++++++ jni/{sqlite3 => external}/sqlite3.h | 0 jni/{sqlite3 => external}/sqlite3_stub.c | 0 14 files changed, 3233 insertions(+), 10 deletions(-) rename jni/{sqlite3 => external}/Android.mk (54%) create mode 100644 jni/external/selinux/av_permissions.h create mode 100644 jni/external/selinux/avc.h create mode 100644 jni/external/selinux/context.h create mode 100644 jni/external/selinux/flask.h create mode 100644 jni/external/selinux/get_context_list.h create mode 100644 jni/external/selinux/get_default_type.h create mode 100644 jni/external/selinux/label.h create mode 100644 jni/external/selinux/restorecon.h create mode 100644 jni/external/selinux/selinux.h create mode 100644 jni/external/selinux_stub.c rename jni/{sqlite3 => external}/sqlite3.h (100%) rename jni/{sqlite3 => external}/sqlite3_stub.c (100%) diff --git a/jni/Android.mk b/jni/Android.mk index ce1a0923b..bf9d5babd 100644 --- a/jni/Android.mk +++ b/jni/Android.mk @@ -10,9 +10,8 @@ LOCAL_C_INCLUDES := \ $(LOCAL_PATH)/daemon \ $(LOCAL_PATH)/resetprop \ $(LOCAL_PATH)/magiskpolicy \ - $(LOCAL_PATH)/selinux/libselinux/include \ - $(LOCAL_PATH)/selinux/libsepol/include \ - $(LOCAL_PATH)/sqlite3 + $(LOCAL_PATH)/external \ + $(LOCAL_PATH)/selinux/libsepol/include LOCAL_SRC_FILES := \ main.c \ @@ -48,14 +47,15 @@ LOCAL_LDLIBS := -llog include $(BUILD_EXECUTABLE) -# Libraries -include jni/selinux/libselinux/Android.mk +# External shared libraries, build stub libraries for linking +include jni/external/Android.mk + +# libsepol, static library include jni/selinux/libsepol/Android.mk -include jni/sqlite3/Android.mk ##################################################################### # In order to build separate binaries, please comment out everything -# starting from line 3 (including the 3 lines for libraries) +# above (including the lines for libraries) # Then, uncomment the line you want below ##################################################################### # include jni/resetprop/Android.mk diff --git a/jni/sqlite3/Android.mk b/jni/external/Android.mk similarity index 54% rename from jni/sqlite3/Android.mk rename to jni/external/Android.mk index f64876691..f3e2ff5a7 100644 --- a/jni/sqlite3/Android.mk +++ b/jni/external/Android.mk @@ -1,10 +1,13 @@ LOCAL_PATH:= $(call my-dir) -## # libsqlite.so (stub) -# - include $(CLEAR_VARS) LOCAL_MODULE:= libsqlite LOCAL_SRC_FILES := sqlite3_stub.c include $(BUILD_SHARED_LIBRARY) + +# libselinux.so (stub) +include $(CLEAR_VARS) +LOCAL_MODULE:= libselinux +LOCAL_SRC_FILES := selinux_stub.c +include $(BUILD_SHARED_LIBRARY) diff --git a/jni/external/selinux/av_permissions.h b/jni/external/selinux/av_permissions.h new file mode 100644 index 000000000..c1269af9b --- /dev/null +++ b/jni/external/selinux/av_permissions.h @@ -0,0 +1,1029 @@ +#warning "Please remove any #include of this header in your source code." +#warning "Instead, use string_to_av_perm() to map the permission name to a value." + +/* This file is automatically generated. Do not edit. */ +#define COMMON_FILE__IOCTL 0x00000001UL +#define COMMON_FILE__READ 0x00000002UL +#define COMMON_FILE__WRITE 0x00000004UL +#define COMMON_FILE__CREATE 0x00000008UL +#define COMMON_FILE__GETATTR 0x00000010UL +#define COMMON_FILE__SETATTR 0x00000020UL +#define COMMON_FILE__LOCK 0x00000040UL +#define COMMON_FILE__RELABELFROM 0x00000080UL +#define COMMON_FILE__RELABELTO 0x00000100UL +#define COMMON_FILE__APPEND 0x00000200UL +#define COMMON_FILE__UNLINK 0x00000400UL +#define COMMON_FILE__LINK 0x00000800UL +#define COMMON_FILE__RENAME 0x00001000UL +#define COMMON_FILE__EXECUTE 0x00002000UL +#define COMMON_FILE__SWAPON 0x00004000UL +#define COMMON_FILE__QUOTAON 0x00008000UL +#define COMMON_FILE__MOUNTON 0x00010000UL +#define COMMON_SOCKET__IOCTL 0x00000001UL +#define COMMON_SOCKET__READ 0x00000002UL +#define COMMON_SOCKET__WRITE 0x00000004UL +#define COMMON_SOCKET__CREATE 0x00000008UL +#define COMMON_SOCKET__GETATTR 0x00000010UL +#define COMMON_SOCKET__SETATTR 0x00000020UL +#define COMMON_SOCKET__LOCK 0x00000040UL +#define COMMON_SOCKET__RELABELFROM 0x00000080UL +#define COMMON_SOCKET__RELABELTO 0x00000100UL +#define COMMON_SOCKET__APPEND 0x00000200UL +#define COMMON_SOCKET__BIND 0x00000400UL +#define COMMON_SOCKET__CONNECT 0x00000800UL +#define COMMON_SOCKET__LISTEN 0x00001000UL +#define COMMON_SOCKET__ACCEPT 0x00002000UL +#define COMMON_SOCKET__GETOPT 0x00004000UL +#define COMMON_SOCKET__SETOPT 0x00008000UL +#define COMMON_SOCKET__SHUTDOWN 0x00010000UL +#define COMMON_SOCKET__RECVFROM 0x00020000UL +#define COMMON_SOCKET__SENDTO 0x00040000UL +#define COMMON_SOCKET__RECV_MSG 0x00080000UL +#define COMMON_SOCKET__SEND_MSG 0x00100000UL +#define COMMON_SOCKET__NAME_BIND 0x00200000UL +#define COMMON_IPC__CREATE 0x00000001UL +#define COMMON_IPC__DESTROY 0x00000002UL +#define COMMON_IPC__GETATTR 0x00000004UL +#define COMMON_IPC__SETATTR 0x00000008UL +#define COMMON_IPC__READ 0x00000010UL +#define COMMON_IPC__WRITE 0x00000020UL +#define COMMON_IPC__ASSOCIATE 0x00000040UL +#define COMMON_IPC__UNIX_READ 0x00000080UL +#define COMMON_IPC__UNIX_WRITE 0x00000100UL +#define COMMON_DATABASE__CREATE 0x00000001UL +#define COMMON_DATABASE__DROP 0x00000002UL +#define COMMON_DATABASE__GETATTR 0x00000004UL +#define COMMON_DATABASE__SETATTR 0x00000008UL +#define COMMON_DATABASE__RELABELFROM 0x00000010UL +#define COMMON_DATABASE__RELABELTO 0x00000020UL +#define FILESYSTEM__MOUNT 0x00000001UL +#define FILESYSTEM__REMOUNT 0x00000002UL +#define FILESYSTEM__UNMOUNT 0x00000004UL +#define FILESYSTEM__GETATTR 0x00000008UL +#define FILESYSTEM__RELABELFROM 0x00000010UL +#define FILESYSTEM__RELABELTO 0x00000020UL +#define FILESYSTEM__TRANSITION 0x00000040UL +#define FILESYSTEM__ASSOCIATE 0x00000080UL +#define FILESYSTEM__QUOTAMOD 0x00000100UL +#define FILESYSTEM__QUOTAGET 0x00000200UL +#define DIR__IOCTL 0x00000001UL +#define DIR__READ 0x00000002UL +#define DIR__WRITE 0x00000004UL +#define DIR__CREATE 0x00000008UL +#define DIR__GETATTR 0x00000010UL +#define DIR__SETATTR 0x00000020UL +#define DIR__LOCK 0x00000040UL +#define DIR__RELABELFROM 0x00000080UL +#define DIR__RELABELTO 0x00000100UL +#define DIR__APPEND 0x00000200UL +#define DIR__UNLINK 0x00000400UL +#define DIR__LINK 0x00000800UL +#define DIR__RENAME 0x00001000UL +#define DIR__EXECUTE 0x00002000UL +#define DIR__SWAPON 0x00004000UL +#define DIR__QUOTAON 0x00008000UL +#define DIR__MOUNTON 0x00010000UL +#define DIR__ADD_NAME 0x00020000UL +#define DIR__REMOVE_NAME 0x00040000UL +#define DIR__REPARENT 0x00080000UL +#define DIR__SEARCH 0x00100000UL +#define DIR__RMDIR 0x00200000UL +#define DIR__OPEN 0x00400000UL +#define FILE__IOCTL 0x00000001UL +#define FILE__READ 0x00000002UL +#define FILE__WRITE 0x00000004UL +#define FILE__CREATE 0x00000008UL +#define FILE__GETATTR 0x00000010UL +#define FILE__SETATTR 0x00000020UL +#define FILE__LOCK 0x00000040UL +#define FILE__RELABELFROM 0x00000080UL +#define FILE__RELABELTO 0x00000100UL +#define FILE__APPEND 0x00000200UL +#define FILE__UNLINK 0x00000400UL +#define FILE__LINK 0x00000800UL +#define FILE__RENAME 0x00001000UL +#define FILE__EXECUTE 0x00002000UL +#define FILE__SWAPON 0x00004000UL +#define FILE__QUOTAON 0x00008000UL +#define FILE__MOUNTON 0x00010000UL +#define FILE__EXECUTE_NO_TRANS 0x00020000UL +#define FILE__ENTRYPOINT 0x00040000UL +#define FILE__EXECMOD 0x00080000UL +#define FILE__OPEN 0x00100000UL +#define LNK_FILE__IOCTL 0x00000001UL +#define LNK_FILE__READ 0x00000002UL +#define LNK_FILE__WRITE 0x00000004UL +#define LNK_FILE__CREATE 0x00000008UL +#define LNK_FILE__GETATTR 0x00000010UL +#define LNK_FILE__SETATTR 0x00000020UL +#define LNK_FILE__LOCK 0x00000040UL +#define LNK_FILE__RELABELFROM 0x00000080UL +#define LNK_FILE__RELABELTO 0x00000100UL +#define LNK_FILE__APPEND 0x00000200UL +#define LNK_FILE__UNLINK 0x00000400UL +#define LNK_FILE__LINK 0x00000800UL +#define LNK_FILE__RENAME 0x00001000UL +#define LNK_FILE__EXECUTE 0x00002000UL +#define LNK_FILE__SWAPON 0x00004000UL +#define LNK_FILE__QUOTAON 0x00008000UL +#define LNK_FILE__MOUNTON 0x00010000UL +#define CHR_FILE__IOCTL 0x00000001UL +#define CHR_FILE__READ 0x00000002UL +#define CHR_FILE__WRITE 0x00000004UL +#define CHR_FILE__CREATE 0x00000008UL +#define CHR_FILE__GETATTR 0x00000010UL +#define CHR_FILE__SETATTR 0x00000020UL +#define CHR_FILE__LOCK 0x00000040UL +#define CHR_FILE__RELABELFROM 0x00000080UL +#define CHR_FILE__RELABELTO 0x00000100UL +#define CHR_FILE__APPEND 0x00000200UL +#define CHR_FILE__UNLINK 0x00000400UL +#define CHR_FILE__LINK 0x00000800UL +#define CHR_FILE__RENAME 0x00001000UL +#define CHR_FILE__EXECUTE 0x00002000UL +#define CHR_FILE__SWAPON 0x00004000UL +#define CHR_FILE__QUOTAON 0x00008000UL +#define CHR_FILE__MOUNTON 0x00010000UL +#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL +#define CHR_FILE__ENTRYPOINT 0x00040000UL +#define CHR_FILE__EXECMOD 0x00080000UL +#define CHR_FILE__OPEN 0x00100000UL +#define BLK_FILE__IOCTL 0x00000001UL +#define BLK_FILE__READ 0x00000002UL +#define BLK_FILE__WRITE 0x00000004UL +#define BLK_FILE__CREATE 0x00000008UL +#define BLK_FILE__GETATTR 0x00000010UL +#define BLK_FILE__SETATTR 0x00000020UL +#define BLK_FILE__LOCK 0x00000040UL +#define BLK_FILE__RELABELFROM 0x00000080UL +#define BLK_FILE__RELABELTO 0x00000100UL +#define BLK_FILE__APPEND 0x00000200UL +#define BLK_FILE__UNLINK 0x00000400UL +#define BLK_FILE__LINK 0x00000800UL +#define BLK_FILE__RENAME 0x00001000UL +#define BLK_FILE__EXECUTE 0x00002000UL +#define BLK_FILE__SWAPON 0x00004000UL +#define BLK_FILE__QUOTAON 0x00008000UL +#define BLK_FILE__MOUNTON 0x00010000UL +#define BLK_FILE__OPEN 0x00020000UL +#define SOCK_FILE__IOCTL 0x00000001UL +#define SOCK_FILE__READ 0x00000002UL +#define SOCK_FILE__WRITE 0x00000004UL +#define SOCK_FILE__CREATE 0x00000008UL +#define SOCK_FILE__GETATTR 0x00000010UL +#define SOCK_FILE__SETATTR 0x00000020UL +#define SOCK_FILE__LOCK 0x00000040UL +#define SOCK_FILE__RELABELFROM 0x00000080UL +#define SOCK_FILE__RELABELTO 0x00000100UL +#define SOCK_FILE__APPEND 0x00000200UL +#define SOCK_FILE__UNLINK 0x00000400UL +#define SOCK_FILE__LINK 0x00000800UL +#define SOCK_FILE__RENAME 0x00001000UL +#define SOCK_FILE__EXECUTE 0x00002000UL +#define SOCK_FILE__SWAPON 0x00004000UL +#define SOCK_FILE__QUOTAON 0x00008000UL +#define SOCK_FILE__MOUNTON 0x00010000UL +#define FIFO_FILE__IOCTL 0x00000001UL +#define FIFO_FILE__READ 0x00000002UL +#define FIFO_FILE__WRITE 0x00000004UL +#define FIFO_FILE__CREATE 0x00000008UL +#define FIFO_FILE__GETATTR 0x00000010UL +#define FIFO_FILE__SETATTR 0x00000020UL +#define FIFO_FILE__LOCK 0x00000040UL +#define FIFO_FILE__RELABELFROM 0x00000080UL +#define FIFO_FILE__RELABELTO 0x00000100UL +#define FIFO_FILE__APPEND 0x00000200UL +#define FIFO_FILE__UNLINK 0x00000400UL +#define FIFO_FILE__LINK 0x00000800UL +#define FIFO_FILE__RENAME 0x00001000UL +#define FIFO_FILE__EXECUTE 0x00002000UL +#define FIFO_FILE__SWAPON 0x00004000UL +#define FIFO_FILE__QUOTAON 0x00008000UL +#define FIFO_FILE__MOUNTON 0x00010000UL +#define FIFO_FILE__OPEN 0x00020000UL +#define FD__USE 0x00000001UL +#define SOCKET__IOCTL 0x00000001UL +#define SOCKET__READ 0x00000002UL +#define SOCKET__WRITE 0x00000004UL +#define SOCKET__CREATE 0x00000008UL +#define SOCKET__GETATTR 0x00000010UL +#define SOCKET__SETATTR 0x00000020UL +#define SOCKET__LOCK 0x00000040UL +#define SOCKET__RELABELFROM 0x00000080UL +#define SOCKET__RELABELTO 0x00000100UL +#define SOCKET__APPEND 0x00000200UL +#define SOCKET__BIND 0x00000400UL +#define SOCKET__CONNECT 0x00000800UL +#define SOCKET__LISTEN 0x00001000UL +#define SOCKET__ACCEPT 0x00002000UL +#define SOCKET__GETOPT 0x00004000UL +#define SOCKET__SETOPT 0x00008000UL +#define SOCKET__SHUTDOWN 0x00010000UL +#define SOCKET__RECVFROM 0x00020000UL +#define SOCKET__SENDTO 0x00040000UL +#define SOCKET__RECV_MSG 0x00080000UL +#define SOCKET__SEND_MSG 0x00100000UL +#define SOCKET__NAME_BIND 0x00200000UL +#define TCP_SOCKET__IOCTL 0x00000001UL +#define TCP_SOCKET__READ 0x00000002UL +#define TCP_SOCKET__WRITE 0x00000004UL +#define TCP_SOCKET__CREATE 0x00000008UL +#define TCP_SOCKET__GETATTR 0x00000010UL +#define TCP_SOCKET__SETATTR 0x00000020UL +#define TCP_SOCKET__LOCK 0x00000040UL +#define TCP_SOCKET__RELABELFROM 0x00000080UL +#define TCP_SOCKET__RELABELTO 0x00000100UL +#define TCP_SOCKET__APPEND 0x00000200UL +#define TCP_SOCKET__BIND 0x00000400UL +#define TCP_SOCKET__CONNECT 0x00000800UL +#define TCP_SOCKET__LISTEN 0x00001000UL +#define TCP_SOCKET__ACCEPT 0x00002000UL +#define TCP_SOCKET__GETOPT 0x00004000UL +#define TCP_SOCKET__SETOPT 0x00008000UL +#define TCP_SOCKET__SHUTDOWN 0x00010000UL +#define TCP_SOCKET__RECVFROM 0x00020000UL +#define TCP_SOCKET__SENDTO 0x00040000UL +#define TCP_SOCKET__RECV_MSG 0x00080000UL +#define TCP_SOCKET__SEND_MSG 0x00100000UL +#define TCP_SOCKET__NAME_BIND 0x00200000UL +#define TCP_SOCKET__CONNECTTO 0x00400000UL +#define TCP_SOCKET__NEWCONN 0x00800000UL +#define TCP_SOCKET__ACCEPTFROM 0x01000000UL +#define TCP_SOCKET__NODE_BIND 0x02000000UL +#define TCP_SOCKET__NAME_CONNECT 0x04000000UL +#define UDP_SOCKET__IOCTL 0x00000001UL +#define UDP_SOCKET__READ 0x00000002UL +#define UDP_SOCKET__WRITE 0x00000004UL +#define UDP_SOCKET__CREATE 0x00000008UL +#define UDP_SOCKET__GETATTR 0x00000010UL +#define UDP_SOCKET__SETATTR 0x00000020UL +#define UDP_SOCKET__LOCK 0x00000040UL +#define UDP_SOCKET__RELABELFROM 0x00000080UL +#define UDP_SOCKET__RELABELTO 0x00000100UL +#define UDP_SOCKET__APPEND 0x00000200UL +#define UDP_SOCKET__BIND 0x00000400UL +#define UDP_SOCKET__CONNECT 0x00000800UL +#define UDP_SOCKET__LISTEN 0x00001000UL +#define UDP_SOCKET__ACCEPT 0x00002000UL +#define UDP_SOCKET__GETOPT 0x00004000UL +#define UDP_SOCKET__SETOPT 0x00008000UL +#define UDP_SOCKET__SHUTDOWN 0x00010000UL +#define UDP_SOCKET__RECVFROM 0x00020000UL +#define UDP_SOCKET__SENDTO 0x00040000UL +#define UDP_SOCKET__RECV_MSG 0x00080000UL +#define UDP_SOCKET__SEND_MSG 0x00100000UL +#define UDP_SOCKET__NAME_BIND 0x00200000UL +#define UDP_SOCKET__NODE_BIND 0x00400000UL +#define RAWIP_SOCKET__IOCTL 0x00000001UL +#define RAWIP_SOCKET__READ 0x00000002UL +#define RAWIP_SOCKET__WRITE 0x00000004UL +#define RAWIP_SOCKET__CREATE 0x00000008UL +#define RAWIP_SOCKET__GETATTR 0x00000010UL +#define RAWIP_SOCKET__SETATTR 0x00000020UL +#define RAWIP_SOCKET__LOCK 0x00000040UL +#define RAWIP_SOCKET__RELABELFROM 0x00000080UL +#define RAWIP_SOCKET__RELABELTO 0x00000100UL +#define RAWIP_SOCKET__APPEND 0x00000200UL +#define RAWIP_SOCKET__BIND 0x00000400UL +#define RAWIP_SOCKET__CONNECT 0x00000800UL +#define RAWIP_SOCKET__LISTEN 0x00001000UL +#define RAWIP_SOCKET__ACCEPT 0x00002000UL +#define RAWIP_SOCKET__GETOPT 0x00004000UL +#define RAWIP_SOCKET__SETOPT 0x00008000UL +#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL +#define RAWIP_SOCKET__RECVFROM 0x00020000UL +#define RAWIP_SOCKET__SENDTO 0x00040000UL +#define RAWIP_SOCKET__RECV_MSG 0x00080000UL +#define RAWIP_SOCKET__SEND_MSG 0x00100000UL +#define RAWIP_SOCKET__NAME_BIND 0x00200000UL +#define RAWIP_SOCKET__NODE_BIND 0x00400000UL +#define NODE__TCP_RECV 0x00000001UL +#define NODE__TCP_SEND 0x00000002UL +#define NODE__UDP_RECV 0x00000004UL +#define NODE__UDP_SEND 0x00000008UL +#define NODE__RAWIP_RECV 0x00000010UL +#define NODE__RAWIP_SEND 0x00000020UL +#define NODE__ENFORCE_DEST 0x00000040UL +#define NODE__DCCP_RECV 0x00000080UL +#define NODE__DCCP_SEND 0x00000100UL +#define NODE__RECVFROM 0x00000200UL +#define NODE__SENDTO 0x00000400UL +#define NETIF__TCP_RECV 0x00000001UL +#define NETIF__TCP_SEND 0x00000002UL +#define NETIF__UDP_RECV 0x00000004UL +#define NETIF__UDP_SEND 0x00000008UL +#define NETIF__RAWIP_RECV 0x00000010UL +#define NETIF__RAWIP_SEND 0x00000020UL +#define NETIF__DCCP_RECV 0x00000040UL +#define NETIF__DCCP_SEND 0x00000080UL +#define NETIF__INGRESS 0x00000100UL +#define NETIF__EGRESS 0x00000200UL +#define NETLINK_SOCKET__IOCTL 0x00000001UL +#define NETLINK_SOCKET__READ 0x00000002UL +#define NETLINK_SOCKET__WRITE 0x00000004UL +#define NETLINK_SOCKET__CREATE 0x00000008UL +#define NETLINK_SOCKET__GETATTR 0x00000010UL +#define NETLINK_SOCKET__SETATTR 0x00000020UL +#define NETLINK_SOCKET__LOCK 0x00000040UL +#define NETLINK_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_SOCKET__APPEND 0x00000200UL +#define NETLINK_SOCKET__BIND 0x00000400UL +#define NETLINK_SOCKET__CONNECT 0x00000800UL +#define NETLINK_SOCKET__LISTEN 0x00001000UL +#define NETLINK_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_SOCKET__GETOPT 0x00004000UL +#define NETLINK_SOCKET__SETOPT 0x00008000UL +#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_SOCKET__SENDTO 0x00040000UL +#define NETLINK_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_SOCKET__NAME_BIND 0x00200000UL +#define PACKET_SOCKET__IOCTL 0x00000001UL +#define PACKET_SOCKET__READ 0x00000002UL +#define PACKET_SOCKET__WRITE 0x00000004UL +#define PACKET_SOCKET__CREATE 0x00000008UL +#define PACKET_SOCKET__GETATTR 0x00000010UL +#define PACKET_SOCKET__SETATTR 0x00000020UL +#define PACKET_SOCKET__LOCK 0x00000040UL +#define PACKET_SOCKET__RELABELFROM 0x00000080UL +#define PACKET_SOCKET__RELABELTO 0x00000100UL +#define PACKET_SOCKET__APPEND 0x00000200UL +#define PACKET_SOCKET__BIND 0x00000400UL +#define PACKET_SOCKET__CONNECT 0x00000800UL +#define PACKET_SOCKET__LISTEN 0x00001000UL +#define PACKET_SOCKET__ACCEPT 0x00002000UL +#define PACKET_SOCKET__GETOPT 0x00004000UL +#define PACKET_SOCKET__SETOPT 0x00008000UL +#define PACKET_SOCKET__SHUTDOWN 0x00010000UL +#define PACKET_SOCKET__RECVFROM 0x00020000UL +#define PACKET_SOCKET__SENDTO 0x00040000UL +#define PACKET_SOCKET__RECV_MSG 0x00080000UL +#define PACKET_SOCKET__SEND_MSG 0x00100000UL +#define PACKET_SOCKET__NAME_BIND 0x00200000UL +#define KEY_SOCKET__IOCTL 0x00000001UL +#define KEY_SOCKET__READ 0x00000002UL +#define KEY_SOCKET__WRITE 0x00000004UL +#define KEY_SOCKET__CREATE 0x00000008UL +#define KEY_SOCKET__GETATTR 0x00000010UL +#define KEY_SOCKET__SETATTR 0x00000020UL +#define KEY_SOCKET__LOCK 0x00000040UL +#define KEY_SOCKET__RELABELFROM 0x00000080UL +#define KEY_SOCKET__RELABELTO 0x00000100UL +#define KEY_SOCKET__APPEND 0x00000200UL +#define KEY_SOCKET__BIND 0x00000400UL +#define KEY_SOCKET__CONNECT 0x00000800UL +#define KEY_SOCKET__LISTEN 0x00001000UL +#define KEY_SOCKET__ACCEPT 0x00002000UL +#define KEY_SOCKET__GETOPT 0x00004000UL +#define KEY_SOCKET__SETOPT 0x00008000UL +#define KEY_SOCKET__SHUTDOWN 0x00010000UL +#define KEY_SOCKET__RECVFROM 0x00020000UL +#define KEY_SOCKET__SENDTO 0x00040000UL +#define KEY_SOCKET__RECV_MSG 0x00080000UL +#define KEY_SOCKET__SEND_MSG 0x00100000UL +#define KEY_SOCKET__NAME_BIND 0x00200000UL +#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL +#define UNIX_STREAM_SOCKET__READ 0x00000002UL +#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL +#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL +#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL +#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL +#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL +#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL +#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL +#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL +#define UNIX_STREAM_SOCKET__BIND 0x00000400UL +#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL +#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL +#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL +#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL +#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL +#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL +#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL +#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL +#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL +#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL +#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL +#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL +#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL +#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL +#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL +#define UNIX_DGRAM_SOCKET__READ 0x00000002UL +#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL +#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL +#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL +#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL +#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL +#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL +#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL +#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL +#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL +#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL +#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL +#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL +#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL +#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL +#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL +#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL +#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL +#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL +#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL +#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL +#define PROCESS__FORK 0x00000001UL +#define PROCESS__TRANSITION 0x00000002UL +#define PROCESS__SIGCHLD 0x00000004UL +#define PROCESS__SIGKILL 0x00000008UL +#define PROCESS__SIGSTOP 0x00000010UL +#define PROCESS__SIGNULL 0x00000020UL +#define PROCESS__SIGNAL 0x00000040UL +#define PROCESS__PTRACE 0x00000080UL +#define PROCESS__GETSCHED 0x00000100UL +#define PROCESS__SETSCHED 0x00000200UL +#define PROCESS__GETSESSION 0x00000400UL +#define PROCESS__GETPGID 0x00000800UL +#define PROCESS__SETPGID 0x00001000UL +#define PROCESS__GETCAP 0x00002000UL +#define PROCESS__SETCAP 0x00004000UL +#define PROCESS__SHARE 0x00008000UL +#define PROCESS__GETATTR 0x00010000UL +#define PROCESS__SETEXEC 0x00020000UL +#define PROCESS__SETFSCREATE 0x00040000UL +#define PROCESS__NOATSECURE 0x00080000UL +#define PROCESS__SIGINH 0x00100000UL +#define PROCESS__SETRLIMIT 0x00200000UL +#define PROCESS__RLIMITINH 0x00400000UL +#define PROCESS__DYNTRANSITION 0x00800000UL +#define PROCESS__SETCURRENT 0x01000000UL +#define PROCESS__EXECMEM 0x02000000UL +#define PROCESS__EXECSTACK 0x04000000UL +#define PROCESS__EXECHEAP 0x08000000UL +#define PROCESS__SETKEYCREATE 0x10000000UL +#define PROCESS__SETSOCKCREATE 0x20000000UL +#define IPC__CREATE 0x00000001UL +#define IPC__DESTROY 0x00000002UL +#define IPC__GETATTR 0x00000004UL +#define IPC__SETATTR 0x00000008UL +#define IPC__READ 0x00000010UL +#define IPC__WRITE 0x00000020UL +#define IPC__ASSOCIATE 0x00000040UL +#define IPC__UNIX_READ 0x00000080UL +#define IPC__UNIX_WRITE 0x00000100UL +#define SEM__CREATE 0x00000001UL +#define SEM__DESTROY 0x00000002UL +#define SEM__GETATTR 0x00000004UL +#define SEM__SETATTR 0x00000008UL +#define SEM__READ 0x00000010UL +#define SEM__WRITE 0x00000020UL +#define SEM__ASSOCIATE 0x00000040UL +#define SEM__UNIX_READ 0x00000080UL +#define SEM__UNIX_WRITE 0x00000100UL +#define MSGQ__CREATE 0x00000001UL +#define MSGQ__DESTROY 0x00000002UL +#define MSGQ__GETATTR 0x00000004UL +#define MSGQ__SETATTR 0x00000008UL +#define MSGQ__READ 0x00000010UL +#define MSGQ__WRITE 0x00000020UL +#define MSGQ__ASSOCIATE 0x00000040UL +#define MSGQ__UNIX_READ 0x00000080UL +#define MSGQ__UNIX_WRITE 0x00000100UL +#define MSGQ__ENQUEUE 0x00000200UL +#define MSG__SEND 0x00000001UL +#define MSG__RECEIVE 0x00000002UL +#define SHM__CREATE 0x00000001UL +#define SHM__DESTROY 0x00000002UL +#define SHM__GETATTR 0x00000004UL +#define SHM__SETATTR 0x00000008UL +#define SHM__READ 0x00000010UL +#define SHM__WRITE 0x00000020UL +#define SHM__ASSOCIATE 0x00000040UL +#define SHM__UNIX_READ 0x00000080UL +#define SHM__UNIX_WRITE 0x00000100UL +#define SHM__LOCK 0x00000200UL +#define SECURITY__COMPUTE_AV 0x00000001UL +#define SECURITY__COMPUTE_CREATE 0x00000002UL +#define SECURITY__COMPUTE_MEMBER 0x00000004UL +#define SECURITY__CHECK_CONTEXT 0x00000008UL +#define SECURITY__LOAD_POLICY 0x00000010UL +#define SECURITY__COMPUTE_RELABEL 0x00000020UL +#define SECURITY__COMPUTE_USER 0x00000040UL +#define SECURITY__SETENFORCE 0x00000080UL +#define SECURITY__SETBOOL 0x00000100UL +#define SECURITY__SETSECPARAM 0x00000200UL +#define SECURITY__SETCHECKREQPROT 0x00000400UL +#define SYSTEM__IPC_INFO 0x00000001UL +#define SYSTEM__SYSLOG_READ 0x00000002UL +#define SYSTEM__SYSLOG_MOD 0x00000004UL +#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL +#define CAPABILITY__CHOWN 0x00000001UL +#define CAPABILITY__DAC_OVERRIDE 0x00000002UL +#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL +#define CAPABILITY__FOWNER 0x00000008UL +#define CAPABILITY__FSETID 0x00000010UL +#define CAPABILITY__KILL 0x00000020UL +#define CAPABILITY__SETGID 0x00000040UL +#define CAPABILITY__SETUID 0x00000080UL +#define CAPABILITY__SETPCAP 0x00000100UL +#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL +#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL +#define CAPABILITY__NET_BROADCAST 0x00000800UL +#define CAPABILITY__NET_ADMIN 0x00001000UL +#define CAPABILITY__NET_RAW 0x00002000UL +#define CAPABILITY__IPC_LOCK 0x00004000UL +#define CAPABILITY__IPC_OWNER 0x00008000UL +#define CAPABILITY__SYS_MODULE 0x00010000UL +#define CAPABILITY__SYS_RAWIO 0x00020000UL +#define CAPABILITY__SYS_CHROOT 0x00040000UL +#define CAPABILITY__SYS_PTRACE 0x00080000UL +#define CAPABILITY__SYS_PACCT 0x00100000UL +#define CAPABILITY__SYS_ADMIN 0x00200000UL +#define CAPABILITY__SYS_BOOT 0x00400000UL +#define CAPABILITY__SYS_NICE 0x00800000UL +#define CAPABILITY__SYS_RESOURCE 0x01000000UL +#define CAPABILITY__SYS_TIME 0x02000000UL +#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL +#define CAPABILITY__MKNOD 0x08000000UL +#define CAPABILITY__LEASE 0x10000000UL +#define CAPABILITY__AUDIT_WRITE 0x20000000UL +#define CAPABILITY__AUDIT_CONTROL 0x40000000UL +#define CAPABILITY__SETFCAP 0x80000000UL +#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL +#define CAPABILITY2__MAC_ADMIN 0x00000002UL +#define PASSWD__PASSWD 0x00000001UL +#define PASSWD__CHFN 0x00000002UL +#define PASSWD__CHSH 0x00000004UL +#define PASSWD__ROOTOK 0x00000008UL +#define PASSWD__CRONTAB 0x00000010UL +#define X_DRAWABLE__CREATE 0x00000001UL +#define X_DRAWABLE__DESTROY 0x00000002UL +#define X_DRAWABLE__READ 0x00000004UL +#define X_DRAWABLE__WRITE 0x00000008UL +#define X_DRAWABLE__BLEND 0x00000010UL +#define X_DRAWABLE__GETATTR 0x00000020UL +#define X_DRAWABLE__SETATTR 0x00000040UL +#define X_DRAWABLE__LIST_CHILD 0x00000080UL +#define X_DRAWABLE__ADD_CHILD 0x00000100UL +#define X_DRAWABLE__REMOVE_CHILD 0x00000200UL +#define X_DRAWABLE__LIST_PROPERTY 0x00000400UL +#define X_DRAWABLE__GET_PROPERTY 0x00000800UL +#define X_DRAWABLE__SET_PROPERTY 0x00001000UL +#define X_DRAWABLE__MANAGE 0x00002000UL +#define X_DRAWABLE__OVERRIDE 0x00004000UL +#define X_DRAWABLE__SHOW 0x00008000UL +#define X_DRAWABLE__HIDE 0x00010000UL +#define X_DRAWABLE__SEND 0x00020000UL +#define X_DRAWABLE__RECEIVE 0x00040000UL +#define X_SCREEN__GETATTR 0x00000001UL +#define X_SCREEN__SETATTR 0x00000002UL +#define X_SCREEN__HIDE_CURSOR 0x00000004UL +#define X_SCREEN__SHOW_CURSOR 0x00000008UL +#define X_SCREEN__SAVER_GETATTR 0x00000010UL +#define X_SCREEN__SAVER_SETATTR 0x00000020UL +#define X_SCREEN__SAVER_HIDE 0x00000040UL +#define X_SCREEN__SAVER_SHOW 0x00000080UL +#define X_GC__CREATE 0x00000001UL +#define X_GC__DESTROY 0x00000002UL +#define X_GC__GETATTR 0x00000004UL +#define X_GC__SETATTR 0x00000008UL +#define X_GC__USE 0x00000010UL +#define X_FONT__CREATE 0x00000001UL +#define X_FONT__DESTROY 0x00000002UL +#define X_FONT__GETATTR 0x00000004UL +#define X_FONT__ADD_GLYPH 0x00000008UL +#define X_FONT__REMOVE_GLYPH 0x00000010UL +#define X_FONT__USE 0x00000020UL +#define X_COLORMAP__CREATE 0x00000001UL +#define X_COLORMAP__DESTROY 0x00000002UL +#define X_COLORMAP__READ 0x00000004UL +#define X_COLORMAP__WRITE 0x00000008UL +#define X_COLORMAP__GETATTR 0x00000010UL +#define X_COLORMAP__ADD_COLOR 0x00000020UL +#define X_COLORMAP__REMOVE_COLOR 0x00000040UL +#define X_COLORMAP__INSTALL 0x00000080UL +#define X_COLORMAP__UNINSTALL 0x00000100UL +#define X_COLORMAP__USE 0x00000200UL +#define X_PROPERTY__CREATE 0x00000001UL +#define X_PROPERTY__DESTROY 0x00000002UL +#define X_PROPERTY__READ 0x00000004UL +#define X_PROPERTY__WRITE 0x00000008UL +#define X_PROPERTY__APPEND 0x00000010UL +#define X_PROPERTY__GETATTR 0x00000020UL +#define X_PROPERTY__SETATTR 0x00000040UL +#define X_SELECTION__READ 0x00000001UL +#define X_SELECTION__WRITE 0x00000002UL +#define X_SELECTION__GETATTR 0x00000004UL +#define X_SELECTION__SETATTR 0x00000008UL +#define X_CURSOR__CREATE 0x00000001UL +#define X_CURSOR__DESTROY 0x00000002UL +#define X_CURSOR__READ 0x00000004UL +#define X_CURSOR__WRITE 0x00000008UL +#define X_CURSOR__GETATTR 0x00000010UL +#define X_CURSOR__SETATTR 0x00000020UL +#define X_CURSOR__USE 0x00000040UL +#define X_CLIENT__DESTROY 0x00000001UL +#define X_CLIENT__GETATTR 0x00000002UL +#define X_CLIENT__SETATTR 0x00000004UL +#define X_CLIENT__MANAGE 0x00000008UL +#define X_DEVICE__GETATTR 0x00000001UL +#define X_DEVICE__SETATTR 0x00000002UL +#define X_DEVICE__USE 0x00000004UL +#define X_DEVICE__READ 0x00000008UL +#define X_DEVICE__WRITE 0x00000010UL +#define X_DEVICE__GETFOCUS 0x00000020UL +#define X_DEVICE__SETFOCUS 0x00000040UL +#define X_DEVICE__BELL 0x00000080UL +#define X_DEVICE__FORCE_CURSOR 0x00000100UL +#define X_DEVICE__FREEZE 0x00000200UL +#define X_DEVICE__GRAB 0x00000400UL +#define X_DEVICE__MANAGE 0x00000800UL +#define X_SERVER__GETATTR 0x00000001UL +#define X_SERVER__SETATTR 0x00000002UL +#define X_SERVER__RECORD 0x00000004UL +#define X_SERVER__DEBUG 0x00000008UL +#define X_SERVER__GRAB 0x00000010UL +#define X_SERVER__MANAGE 0x00000020UL +#define X_EXTENSION__QUERY 0x00000001UL +#define X_EXTENSION__USE 0x00000002UL +#define X_RESOURCE__READ 0x00000001UL +#define X_RESOURCE__WRITE 0x00000002UL +#define X_EVENT__SEND 0x00000001UL +#define X_EVENT__RECEIVE 0x00000002UL +#define X_SYNTHETIC_EVENT__SEND 0x00000001UL +#define X_SYNTHETIC_EVENT__RECEIVE 0x00000002UL +#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL +#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL +#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL +#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL +#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL +#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL +#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL +#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL +#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL +#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL +#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL +#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL +#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL +#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL +#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL +#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL +#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL +#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL +#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL +#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL +#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL +#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL +#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL +#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL +#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL +#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL +#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL +#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL +#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL +#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL +#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL +#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL +#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL +#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL +#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL +#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL +#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL +#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL +#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL +#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL +#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL +#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL +#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL +#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL +#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL +#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL +#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL +#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL +#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL +#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL +#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL +#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL +#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL +#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL +#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL +#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL +#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL +#define NETLINK_XFRM_SOCKET__READ 0x00000002UL +#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL +#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL +#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL +#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL +#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL +#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL +#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL +#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL +#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL +#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL +#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL +#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL +#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL +#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL +#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL +#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL +#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL +#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL +#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL +#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL +#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL +#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL +#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL +#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL +#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL +#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL +#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL +#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL +#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL +#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL +#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL +#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL +#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL +#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL +#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL +#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL +#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL +#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL +#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL +#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL +#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL +#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL +#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL +#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL +#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL +#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL +#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL +#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL +#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL +#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL +#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL +#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL +#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL +#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL +#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL +#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL +#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL +#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL +#define NETLINK_DNRT_SOCKET__READ 0x00000002UL +#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL +#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL +#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL +#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL +#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL +#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL +#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL +#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL +#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL +#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL +#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL +#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL +#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL +#define DBUS__ACQUIRE_SVC 0x00000001UL +#define DBUS__SEND_MSG 0x00000002UL +#define NSCD__GETPWD 0x00000001UL +#define NSCD__GETGRP 0x00000002UL +#define NSCD__GETHOST 0x00000004UL +#define NSCD__GETSTAT 0x00000008UL +#define NSCD__ADMIN 0x00000010UL +#define NSCD__SHMEMPWD 0x00000020UL +#define NSCD__SHMEMGRP 0x00000040UL +#define NSCD__SHMEMHOST 0x00000080UL +#define NSCD__GETSERV 0x00000100UL +#define NSCD__SHMEMSERV 0x00000200UL +#define ASSOCIATION__SENDTO 0x00000001UL +#define ASSOCIATION__RECVFROM 0x00000002UL +#define ASSOCIATION__SETCONTEXT 0x00000004UL +#define ASSOCIATION__POLMATCH 0x00000008UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL +#define APPLETALK_SOCKET__IOCTL 0x00000001UL +#define APPLETALK_SOCKET__READ 0x00000002UL +#define APPLETALK_SOCKET__WRITE 0x00000004UL +#define APPLETALK_SOCKET__CREATE 0x00000008UL +#define APPLETALK_SOCKET__GETATTR 0x00000010UL +#define APPLETALK_SOCKET__SETATTR 0x00000020UL +#define APPLETALK_SOCKET__LOCK 0x00000040UL +#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL +#define APPLETALK_SOCKET__RELABELTO 0x00000100UL +#define APPLETALK_SOCKET__APPEND 0x00000200UL +#define APPLETALK_SOCKET__BIND 0x00000400UL +#define APPLETALK_SOCKET__CONNECT 0x00000800UL +#define APPLETALK_SOCKET__LISTEN 0x00001000UL +#define APPLETALK_SOCKET__ACCEPT 0x00002000UL +#define APPLETALK_SOCKET__GETOPT 0x00004000UL +#define APPLETALK_SOCKET__SETOPT 0x00008000UL +#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL +#define APPLETALK_SOCKET__RECVFROM 0x00020000UL +#define APPLETALK_SOCKET__SENDTO 0x00040000UL +#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL +#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL +#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL +#define PACKET__SEND 0x00000001UL +#define PACKET__RECV 0x00000002UL +#define PACKET__RELABELTO 0x00000004UL +#define PACKET__FLOW_IN 0x00000008UL +#define PACKET__FLOW_OUT 0x00000010UL +#define PACKET__FORWARD_IN 0x00000020UL +#define PACKET__FORWARD_OUT 0x00000040UL +#define KEY__VIEW 0x00000001UL +#define KEY__READ 0x00000002UL +#define KEY__WRITE 0x00000004UL +#define KEY__SEARCH 0x00000008UL +#define KEY__LINK 0x00000010UL +#define KEY__SETATTR 0x00000020UL +#define KEY__CREATE 0x00000040UL +#define CONTEXT__TRANSLATE 0x00000001UL +#define CONTEXT__CONTAINS 0x00000002UL +#define DCCP_SOCKET__IOCTL 0x00000001UL +#define DCCP_SOCKET__READ 0x00000002UL +#define DCCP_SOCKET__WRITE 0x00000004UL +#define DCCP_SOCKET__CREATE 0x00000008UL +#define DCCP_SOCKET__GETATTR 0x00000010UL +#define DCCP_SOCKET__SETATTR 0x00000020UL +#define DCCP_SOCKET__LOCK 0x00000040UL +#define DCCP_SOCKET__RELABELFROM 0x00000080UL +#define DCCP_SOCKET__RELABELTO 0x00000100UL +#define DCCP_SOCKET__APPEND 0x00000200UL +#define DCCP_SOCKET__BIND 0x00000400UL +#define DCCP_SOCKET__CONNECT 0x00000800UL +#define DCCP_SOCKET__LISTEN 0x00001000UL +#define DCCP_SOCKET__ACCEPT 0x00002000UL +#define DCCP_SOCKET__GETOPT 0x00004000UL +#define DCCP_SOCKET__SETOPT 0x00008000UL +#define DCCP_SOCKET__SHUTDOWN 0x00010000UL +#define DCCP_SOCKET__RECVFROM 0x00020000UL +#define DCCP_SOCKET__SENDTO 0x00040000UL +#define DCCP_SOCKET__RECV_MSG 0x00080000UL +#define DCCP_SOCKET__SEND_MSG 0x00100000UL +#define DCCP_SOCKET__NAME_BIND 0x00200000UL +#define DCCP_SOCKET__NODE_BIND 0x00400000UL +#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL +#define MEMPROTECT__MMAP_ZERO 0x00000001UL +#define DB_DATABASE__CREATE 0x00000001UL +#define DB_DATABASE__DROP 0x00000002UL +#define DB_DATABASE__GETATTR 0x00000004UL +#define DB_DATABASE__SETATTR 0x00000008UL +#define DB_DATABASE__RELABELFROM 0x00000010UL +#define DB_DATABASE__RELABELTO 0x00000020UL +#define DB_DATABASE__ACCESS 0x00000040UL +#define DB_DATABASE__INSTALL_MODULE 0x00000080UL +#define DB_DATABASE__LOAD_MODULE 0x00000100UL +#define DB_DATABASE__GET_PARAM 0x00000200UL +#define DB_DATABASE__SET_PARAM 0x00000400UL +#define DB_TABLE__CREATE 0x00000001UL +#define DB_TABLE__DROP 0x00000002UL +#define DB_TABLE__GETATTR 0x00000004UL +#define DB_TABLE__SETATTR 0x00000008UL +#define DB_TABLE__RELABELFROM 0x00000010UL +#define DB_TABLE__RELABELTO 0x00000020UL +#define DB_TABLE__USE 0x00000040UL +#define DB_TABLE__SELECT 0x00000080UL +#define DB_TABLE__UPDATE 0x00000100UL +#define DB_TABLE__INSERT 0x00000200UL +#define DB_TABLE__DELETE 0x00000400UL +#define DB_TABLE__LOCK 0x00000800UL +#define DB_PROCEDURE__CREATE 0x00000001UL +#define DB_PROCEDURE__DROP 0x00000002UL +#define DB_PROCEDURE__GETATTR 0x00000004UL +#define DB_PROCEDURE__SETATTR 0x00000008UL +#define DB_PROCEDURE__RELABELFROM 0x00000010UL +#define DB_PROCEDURE__RELABELTO 0x00000020UL +#define DB_PROCEDURE__EXECUTE 0x00000040UL +#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL +#define DB_COLUMN__CREATE 0x00000001UL +#define DB_COLUMN__DROP 0x00000002UL +#define DB_COLUMN__GETATTR 0x00000004UL +#define DB_COLUMN__SETATTR 0x00000008UL +#define DB_COLUMN__RELABELFROM 0x00000010UL +#define DB_COLUMN__RELABELTO 0x00000020UL +#define DB_COLUMN__USE 0x00000040UL +#define DB_COLUMN__SELECT 0x00000080UL +#define DB_COLUMN__UPDATE 0x00000100UL +#define DB_COLUMN__INSERT 0x00000200UL +#define DB_TUPLE__RELABELFROM 0x00000001UL +#define DB_TUPLE__RELABELTO 0x00000002UL +#define DB_TUPLE__USE 0x00000004UL +#define DB_TUPLE__SELECT 0x00000008UL +#define DB_TUPLE__UPDATE 0x00000010UL +#define DB_TUPLE__INSERT 0x00000020UL +#define DB_TUPLE__DELETE 0x00000040UL +#define DB_BLOB__CREATE 0x00000001UL +#define DB_BLOB__DROP 0x00000002UL +#define DB_BLOB__GETATTR 0x00000004UL +#define DB_BLOB__SETATTR 0x00000008UL +#define DB_BLOB__RELABELFROM 0x00000010UL +#define DB_BLOB__RELABELTO 0x00000020UL +#define DB_BLOB__READ 0x00000040UL +#define DB_BLOB__WRITE 0x00000080UL +#define DB_BLOB__IMPORT 0x00000100UL +#define DB_BLOB__EXPORT 0x00000200UL +#define PEER__RECV 0x00000001UL +#define X_APPLICATION_DATA__PASTE 0x00000001UL +#define X_APPLICATION_DATA__PASTE_AFTER_CONFIRM 0x00000002UL +#define X_APPLICATION_DATA__COPY 0x00000004UL diff --git a/jni/external/selinux/avc.h b/jni/external/selinux/avc.h new file mode 100644 index 000000000..b4bc6f3f0 --- /dev/null +++ b/jni/external/selinux/avc.h @@ -0,0 +1,511 @@ +/* + * Access vector cache interface for object managers. + * + * Author : Eamon Walsh + */ +#ifndef _SELINUX_AVC_H_ +#define _SELINUX_AVC_H_ + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * SID format and operations + */ +struct security_id { + char * ctx; + unsigned int refcnt; +}; +typedef struct security_id *security_id_t; + +#define SECSID_WILD (security_id_t)NULL /* unspecified SID */ + +/** + * avc_sid_to_context - get copy of context corresponding to SID. + * @sid: input SID + * @ctx: pointer to context reference + * + * Return a copy of the security context corresponding to the input + * @sid in the memory referenced by @ctx. The caller is expected to + * free the context with freecon(). Return %0 on success, -%1 on + * failure, with @errno set to %ENOMEM if insufficient memory was + * available to make the copy, or %EINVAL if the input SID is invalid. + */ +int avc_sid_to_context(security_id_t sid, char ** ctx); +int avc_sid_to_context_raw(security_id_t sid, char ** ctx); + +/** + * avc_context_to_sid - get SID for context. + * @ctx: input security context + * @sid: pointer to SID reference + * + * Look up security context @ctx in SID table, making + * a new entry if @ctx is not found. Increment the + * reference counter for the SID. Store a pointer + * to the SID structure into the memory referenced by @sid, + * returning %0 on success or -%1 on error with @errno set. + */ +int avc_context_to_sid(const char * ctx, security_id_t * sid); +int avc_context_to_sid_raw(const char * ctx, security_id_t * sid); + +/** + * sidget - increment SID reference counter. + * @sid: SID reference + * + * Increment the reference counter for @sid, indicating that + * @sid is in use by an (additional) object. Return the + * new reference count, or zero if @sid is invalid (has zero + * reference count). Note that avc_context_to_sid() also + * increments reference counts. + */ +int sidget(security_id_t sid); + +/** + * sidput - decrement SID reference counter. + * @sid: SID reference + * + * Decrement the reference counter for @sid, indicating that + * a reference to @sid is no longer in use. Return the + * new reference count. When the reference count reaches + * zero, the SID is invalid, and avc_context_to_sid() must + * be called to obtain a new SID for the security context. + */ +int sidput(security_id_t sid); + +/** + * avc_get_initial_sid - get SID for an initial kernel security identifier + * @name: input name of initial kernel security identifier + * @sid: pointer to a SID reference + * + * Get the context for an initial kernel security identifier specified by + * @name using security_get_initial_context() and then call + * avc_context_to_sid() to get the corresponding SID. + */ +int avc_get_initial_sid(const char *name, security_id_t * sid); + +/* + * AVC entry + */ +struct avc_entry; +struct avc_entry_ref { + struct avc_entry *ae; +}; + +/** + * avc_entry_ref_init - initialize an AVC entry reference. + * @aeref: pointer to avc entry reference structure + * + * Use this macro to initialize an avc entry reference structure + * before first use. These structures are passed to avc_has_perm(), + * which stores cache entry references in them. They can increase + * performance on repeated queries. + */ +#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL) + +/* + * User-provided callbacks for memory, auditing, and locking + */ + +/* These structures are passed by reference to avc_init(). Passing + * a NULL reference will cause the AVC to use a default. The default + * memory callbacks are malloc() and free(). The default logging method + * is to print on stderr. If no thread callbacks are passed, a separate + * listening thread won't be started for kernel policy change messages. + * If no locking callbacks are passed, no locking will take place. + */ +struct avc_memory_callback { + /* malloc() equivalent. */ + void *(*func_malloc) (size_t size); + /* free() equivalent. */ + void (*func_free) (void *ptr); + /* Note that these functions should set errno on failure. + If not, some avc routines may return -1 without errno set. */ +}; + +struct avc_log_callback { + /* log the printf-style format and arguments. */ + void +#ifdef __GNUC__ +__attribute__ ((format(printf, 1, 2))) +#endif + (*func_log) (const char *fmt, ...); + /* store a string representation of auditdata (corresponding + to the given security class) into msgbuf. */ + void (*func_audit) (void *auditdata, security_class_t cls, + char *msgbuf, size_t msgbufsize); +}; + +struct avc_thread_callback { + /* create and start a thread, returning an opaque pointer to it; + the thread should run the given function. */ + void *(*func_create_thread) (void (*run) (void)); + /* cancel a given thread and free its resources. */ + void (*func_stop_thread) (void *thread); +}; + +struct avc_lock_callback { + /* create a lock and return an opaque pointer to it. */ + void *(*func_alloc_lock) (void); + /* obtain a given lock, blocking if necessary. */ + void (*func_get_lock) (void *lock); + /* release a given lock. */ + void (*func_release_lock) (void *lock); + /* destroy a given lock (free memory, etc.) */ + void (*func_free_lock) (void *lock); +}; + +/* + * Available options + */ + +/* no-op option, useful for unused slots in an array of options */ +#define AVC_OPT_UNUSED 0 +/* override kernel enforcing mode (boolean value) */ +#define AVC_OPT_SETENFORCE 1 + +/* + * AVC operations + */ + +/** + * avc_init - Initialize the AVC. + * @msgprefix: prefix for log messages + * @mem_callbacks: user-supplied memory callbacks + * @log_callbacks: user-supplied logging callbacks + * @thread_callbacks: user-supplied threading callbacks + * @lock_callbacks: user-supplied locking callbacks + * + * Initialize the access vector cache. Return %0 on + * success or -%1 with @errno set on failure. + * If @msgprefix is NULL, use "uavc". If any callback + * structure references are NULL, use default methods + * for those callbacks (see the definition of the callback + * structures above). + */ +int avc_init(const char *msgprefix, + const struct avc_memory_callback *mem_callbacks, + const struct avc_log_callback *log_callbacks, + const struct avc_thread_callback *thread_callbacks, + const struct avc_lock_callback *lock_callbacks); + +/** + * avc_open - Initialize the AVC. + * @opts: array of selabel_opt structures specifying AVC options or NULL. + * @nopts: number of elements in opts array or zero for no options. + * + * This function is identical to avc_init(), except the message prefix + * is set to "avc" and any callbacks desired should be specified via + * selinux_set_callback(). Available options are listed above. + */ +int avc_open(struct selinux_opt *opts, unsigned nopts); + +/** + * avc_cleanup - Remove unused SIDs and AVC entries. + * + * Search the SID table for SID structures with zero + * reference counts, and remove them along with all + * AVC entries that reference them. This can be used + * to return memory to the system. + */ +void avc_cleanup(void); + +/** + * avc_reset - Flush the cache and reset statistics. + * + * Remove all entries from the cache and reset all access + * statistics (as returned by avc_cache_stats()) to zero. + * The SID mapping is not affected. Return %0 on success, + * -%1 with @errno set on error. + */ +int avc_reset(void); + +/** + * avc_destroy - Free all AVC structures. + * + * Destroy all AVC structures and free all allocated + * memory. User-supplied locking, memory, and audit + * callbacks will be retained, but security-event + * callbacks will not. All SID's will be invalidated. + * User must call avc_init() if further use of AVC is desired. + */ +void avc_destroy(void); + +/** + * avc_has_perm_noaudit - Check permissions but perform no auditing. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @aeref: AVC entry reference + * @avd: access vector decisions + * + * Check the AVC to determine whether the @requested permissions are granted + * for the SID pair (@ssid, @tsid), interpreting the permissions + * based on @tclass, and call the security server on a cache miss to obtain + * a new decision and add it to the cache. Update @aeref to refer to an AVC + * entry with the resulting decisions, and return a copy of the decisions + * in @avd. Return %0 if all @requested permissions are granted, -%1 with + * @errno set to %EACCES if any permissions are denied, or to another value + * upon other errors. This function is typically called by avc_has_perm(), + * but may also be called directly to separate permission checking from + * auditing, e.g. in cases where a lock must be held for the check but + * should be released for the auditing. + */ +int avc_has_perm_noaudit(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + access_vector_t requested, + struct avc_entry_ref *aeref, struct av_decision *avd); + +/** + * avc_has_perm - Check permissions and perform any appropriate auditing. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @aeref: AVC entry reference + * @auditdata: auxiliary audit data + * + * Check the AVC to determine whether the @requested permissions are granted + * for the SID pair (@ssid, @tsid), interpreting the permissions + * based on @tclass, and call the security server on a cache miss to obtain + * a new decision and add it to the cache. Update @aeref to refer to an AVC + * entry with the resulting decisions. Audit the granting or denial of + * permissions in accordance with the policy. Return %0 if all @requested + * permissions are granted, -%1 with @errno set to %EACCES if any permissions + * are denied or to another value upon other errors. + */ +int avc_has_perm(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct avc_entry_ref *aeref, void *auditdata); + +/** + * avc_audit - Audit the granting or denial of permissions. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions + * @avd: access vector decisions + * @result: result from avc_has_perm_noaudit + * @auditdata: auxiliary audit data + * + * Audit the granting or denial of permissions in accordance + * with the policy. This function is typically called by + * avc_has_perm() after a permission check, but can also be + * called directly by callers who use avc_has_perm_noaudit() + * in order to separate the permission check from the auditing. + * For example, this separation is useful when the permission check must + * be performed under a lock, to allow the lock to be released + * before calling the auditing code. + */ +void avc_audit(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct av_decision *avd, int result, void *auditdata); + +/** + * avc_compute_create - Compute SID for labeling a new object. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @newsid: pointer to SID reference + * + * Call the security server to obtain a context for labeling a + * new object. Look up the context in the SID table, making + * a new entry if not found. Increment the reference counter + * for the SID. Store a pointer to the SID structure into the + * memory referenced by @newsid, returning %0 on success or -%1 on + * error with @errno set. + */ +int avc_compute_create(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, security_id_t * newsid); + +/** + * avc_compute_member - Compute SID for polyinstantation. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @newsid: pointer to SID reference + * + * Call the security server to obtain a context for labeling an + * object instance. Look up the context in the SID table, making + * a new entry if not found. Increment the reference counter + * for the SID. Store a pointer to the SID structure into the + * memory referenced by @newsid, returning %0 on success or -%1 on + * error with @errno set. + */ +int avc_compute_member(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, security_id_t * newsid); + +/* + * security event callback facility + */ + +/* security events */ +#define AVC_CALLBACK_GRANT 1 +#define AVC_CALLBACK_TRY_REVOKE 2 +#define AVC_CALLBACK_REVOKE 4 +#define AVC_CALLBACK_RESET 8 +#define AVC_CALLBACK_AUDITALLOW_ENABLE 16 +#define AVC_CALLBACK_AUDITALLOW_DISABLE 32 +#define AVC_CALLBACK_AUDITDENY_ENABLE 64 +#define AVC_CALLBACK_AUDITDENY_DISABLE 128 + +/** + * avc_add_callback - Register a callback for security events. + * @callback: callback function + * @events: bitwise OR of desired security events + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions + * + * Register a callback function for events in the set @events + * related to the SID pair (@ssid, @tsid) and + * and the permissions @perms, interpreting + * @perms based on @tclass. Returns %0 on success or + * -%1 if insufficient memory exists to add the callback. + */ +int avc_add_callback(int (*callback) + (uint32_t event, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms, + access_vector_t * out_retained), + uint32_t events, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms); + +/* + * AVC statistics + */ + +/* If set, cache statistics are tracked. This may + * become a compile-time option in the future. + */ +#define AVC_CACHE_STATS 1 + +struct avc_cache_stats { + unsigned entry_lookups; + unsigned entry_hits; + unsigned entry_misses; + unsigned entry_discards; + unsigned cav_lookups; + unsigned cav_hits; + unsigned cav_probes; + unsigned cav_misses; +}; + +/** + * avc_cache_stats - get cache access statistics. + * @stats: reference to statistics structure + * + * Fill the supplied structure with information about AVC + * activity since the last call to avc_init() or + * avc_reset(). See the structure definition for + * details. + */ +void avc_cache_stats(struct avc_cache_stats *stats); + +/** + * avc_av_stats - log av table statistics. + * + * Log a message with information about the size and + * distribution of the access vector table. The audit + * callback is used to print the message. + */ +void avc_av_stats(void); + +/** + * avc_sid_stats - log SID table statistics. + * + * Log a message with information about the size and + * distribution of the SID table. The audit callback + * is used to print the message. + */ +void avc_sid_stats(void); + +/** + * avc_netlink_open - Create a netlink socket and connect to the kernel. + */ +int avc_netlink_open(int blocking); + +/** + * avc_netlink_loop - Wait for netlink messages from the kernel + */ +void avc_netlink_loop(void); + +/** + * avc_netlink_close - Close the netlink socket + */ +void avc_netlink_close(void); + +/** + * avc_netlink_acquire_fd - Acquire netlink socket fd. + * + * Allows the application to manage messages from the netlink socket in + * its own main loop. + */ +int avc_netlink_acquire_fd(void); + +/** + * avc_netlink_release_fd - Release netlink socket fd. + * + * Returns ownership of the netlink socket to the library. + */ +void avc_netlink_release_fd(void); + +/** + * avc_netlink_check_nb - Check netlink socket for new messages. + * + * Called by the application when using avc_netlink_acquire_fd() to + * process kernel netlink events. + */ +int avc_netlink_check_nb(void); + +/** + * selinux_status_open - Open and map SELinux kernel status page + * + */ +int selinux_status_open(int fallback); + +/** + * selinux_status_close - Unmap and close SELinux kernel status page + * + */ +void selinux_status_close(void); + +/** + * selinux_status_updated - Inform us whether the kernel status has been updated + * + */ +int selinux_status_updated(void); + +/** + * selinux_status_getenforce - Get the enforce flag value + * + */ +int selinux_status_getenforce(void); + +/** + * selinux_status_policyload - Get the number of policy reloaded + * + */ +int selinux_status_policyload(void); + +/** + * selinux_status_deny_unknown - Get the behavior for undefined classes/permissions + * + */ +int selinux_status_deny_unknown(void); + +#ifdef __cplusplus +} +#endif +#endif /* _SELINUX_AVC_H_ */ diff --git a/jni/external/selinux/context.h b/jni/external/selinux/context.h new file mode 100644 index 000000000..949fb1e14 --- /dev/null +++ b/jni/external/selinux/context.h @@ -0,0 +1,50 @@ +#ifndef _SELINUX_CONTEXT_H_ +#define _SELINUX_CONTEXT_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Functions to deal with security contexts in user space. + */ + + typedef struct { + void *ptr; + } context_s_t; + + typedef context_s_t *context_t; + +/* Return a new context initialized to a context string */ + + extern context_t context_new(const char *); + +/* + * Return a pointer to the string value of the context_t + * Valid until the next call to context_str or context_free + * for the same context_t* + */ + + extern char *context_str(context_t); + +/* Free the storage used by a context */ + extern void context_free(context_t); + +/* Get a pointer to the string value of a context component */ + + extern const char *context_type_get(context_t); + extern const char *context_range_get(context_t); + extern const char *context_role_get(context_t); + extern const char *context_user_get(context_t); + +/* Set a context component. Returns nonzero if unsuccessful */ + + extern int context_type_set(context_t, const char *); + extern int context_range_set(context_t, const char *); + extern int context_role_set(context_t, const char *); + extern int context_user_set(context_t, const char *); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/jni/external/selinux/flask.h b/jni/external/selinux/flask.h new file mode 100644 index 000000000..812822373 --- /dev/null +++ b/jni/external/selinux/flask.h @@ -0,0 +1,118 @@ +/* This file is automatically generated. Do not edit. */ +#ifndef _SELINUX_FLASK_H_ +#define _SELINUX_FLASK_H_ + +#warning "Please remove any #include's of this header in your source code." +#warning "Instead, use string_to_security_class() to map the class name to a value." + +/* + * Security object class definitions + */ +#define SECCLASS_SECURITY 1 +#define SECCLASS_PROCESS 2 +#define SECCLASS_SYSTEM 3 +#define SECCLASS_CAPABILITY 4 +#define SECCLASS_FILESYSTEM 5 +#define SECCLASS_FILE 6 +#define SECCLASS_DIR 7 +#define SECCLASS_FD 8 +#define SECCLASS_LNK_FILE 9 +#define SECCLASS_CHR_FILE 10 +#define SECCLASS_BLK_FILE 11 +#define SECCLASS_SOCK_FILE 12 +#define SECCLASS_FIFO_FILE 13 +#define SECCLASS_SOCKET 14 +#define SECCLASS_TCP_SOCKET 15 +#define SECCLASS_UDP_SOCKET 16 +#define SECCLASS_RAWIP_SOCKET 17 +#define SECCLASS_NODE 18 +#define SECCLASS_NETIF 19 +#define SECCLASS_NETLINK_SOCKET 20 +#define SECCLASS_PACKET_SOCKET 21 +#define SECCLASS_KEY_SOCKET 22 +#define SECCLASS_UNIX_STREAM_SOCKET 23 +#define SECCLASS_UNIX_DGRAM_SOCKET 24 +#define SECCLASS_SEM 25 +#define SECCLASS_MSG 26 +#define SECCLASS_MSGQ 27 +#define SECCLASS_SHM 28 +#define SECCLASS_IPC 29 +#define SECCLASS_PASSWD 30 +#define SECCLASS_X_DRAWABLE 31 +#define SECCLASS_X_SCREEN 32 +#define SECCLASS_X_GC 33 +#define SECCLASS_X_FONT 34 +#define SECCLASS_X_COLORMAP 35 +#define SECCLASS_X_PROPERTY 36 +#define SECCLASS_X_SELECTION 37 +#define SECCLASS_X_CURSOR 38 +#define SECCLASS_X_CLIENT 39 +#define SECCLASS_X_DEVICE 40 +#define SECCLASS_X_SERVER 41 +#define SECCLASS_X_EXTENSION 42 +#define SECCLASS_NETLINK_ROUTE_SOCKET 43 +#define SECCLASS_NETLINK_FIREWALL_SOCKET 44 +#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45 +#define SECCLASS_NETLINK_NFLOG_SOCKET 46 +#define SECCLASS_NETLINK_XFRM_SOCKET 47 +#define SECCLASS_NETLINK_SELINUX_SOCKET 48 +#define SECCLASS_NETLINK_AUDIT_SOCKET 49 +#define SECCLASS_NETLINK_IP6FW_SOCKET 50 +#define SECCLASS_NETLINK_DNRT_SOCKET 51 +#define SECCLASS_DBUS 52 +#define SECCLASS_NSCD 53 +#define SECCLASS_ASSOCIATION 54 +#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 +#define SECCLASS_APPLETALK_SOCKET 56 +#define SECCLASS_PACKET 57 +#define SECCLASS_KEY 58 +#define SECCLASS_CONTEXT 59 +#define SECCLASS_DCCP_SOCKET 60 +#define SECCLASS_MEMPROTECT 61 +#define SECCLASS_DB_DATABASE 62 +#define SECCLASS_DB_TABLE 63 +#define SECCLASS_DB_PROCEDURE 64 +#define SECCLASS_DB_COLUMN 65 +#define SECCLASS_DB_TUPLE 66 +#define SECCLASS_DB_BLOB 67 +#define SECCLASS_PEER 68 +#define SECCLASS_CAPABILITY2 69 +#define SECCLASS_X_RESOURCE 70 +#define SECCLASS_X_EVENT 71 +#define SECCLASS_X_SYNTHETIC_EVENT 72 +#define SECCLASS_X_APPLICATION_DATA 73 + +/* + * Security identifier indices for initial entities + */ +#define SECINITSID_KERNEL 1 +#define SECINITSID_SECURITY 2 +#define SECINITSID_UNLABELED 3 +#define SECINITSID_FS 4 +#define SECINITSID_FILE 5 +#define SECINITSID_FILE_LABELS 6 +#define SECINITSID_INIT 7 +#define SECINITSID_ANY_SOCKET 8 +#define SECINITSID_PORT 9 +#define SECINITSID_NETIF 10 +#define SECINITSID_NETMSG 11 +#define SECINITSID_NODE 12 +#define SECINITSID_IGMP_PACKET 13 +#define SECINITSID_ICMP_SOCKET 14 +#define SECINITSID_TCP_SOCKET 15 +#define SECINITSID_SYSCTL_MODPROBE 16 +#define SECINITSID_SYSCTL 17 +#define SECINITSID_SYSCTL_FS 18 +#define SECINITSID_SYSCTL_KERNEL 19 +#define SECINITSID_SYSCTL_NET 20 +#define SECINITSID_SYSCTL_NET_UNIX 21 +#define SECINITSID_SYSCTL_VM 22 +#define SECINITSID_SYSCTL_DEV 23 +#define SECINITSID_KMOD 24 +#define SECINITSID_POLICY 25 +#define SECINITSID_SCMP_PACKET 26 +#define SECINITSID_DEVNULL 27 + +#define SECINITSID_NUM 27 + +#endif diff --git a/jni/external/selinux/get_context_list.h b/jni/external/selinux/get_context_list.h new file mode 100644 index 000000000..a15b9c4ec --- /dev/null +++ b/jni/external/selinux/get_context_list.h @@ -0,0 +1,82 @@ +#ifndef _SELINUX_GET_SID_LIST_H_ +#define _SELINUX_GET_SID_LIST_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SELINUX_DEFAULTUSER "user_u" + +/* Get an ordered list of authorized security contexts for a user session + for 'user' spawned by 'fromcon' and set *conary to refer to the + NULL-terminated array of contexts. Every entry in the list will + be authorized by the policy, but the ordering is subject to user + customizable preferences. Returns number of entries in *conary. + If 'fromcon' is NULL, defaults to current context. + Caller must free via freeconary. */ + extern int get_ordered_context_list(const char *user, + char * fromcon, + char *** list); + +/* As above, but use the provided MLS level rather than the + default level for the user. */ + int get_ordered_context_list_with_level(const char *user, + const char *level, + char * fromcon, + char *** list); + +/* Get the default security context for a user session for 'user' + spawned by 'fromcon' and set *newcon to refer to it. The context + will be one of those authorized by the policy, but the selection + of a default is subject to user customizable preferences. + If 'fromcon' is NULL, defaults to current context. + Returns 0 on success or -1 otherwise. + Caller must free via freecon. */ + extern int get_default_context(const char *user, + char * fromcon, + char ** newcon); + +/* As above, but use the provided MLS level rather than the + default level for the user. */ + int get_default_context_with_level(const char *user, + const char *level, + char * fromcon, + char ** newcon); + +/* Same as get_default_context, but only return a context + that has the specified role. If no reachable context exists + for the user with that role, then return -1. */ + int get_default_context_with_role(const char *user, + const char *role, + char * fromcon, + char ** newcon); + +/* Same as get_default_context, but only return a context + that has the specified role and level. If no reachable context exists + for the user with that role, then return -1. */ + int get_default_context_with_rolelevel(const char *user, + const char *role, + const char *level, + char * fromcon, + char ** newcon); + +/* Given a list of authorized security contexts for the user, + query the user to select one and set *newcon to refer to it. + Caller must free via freecon. + Returns 0 on sucess or -1 otherwise. */ + extern int query_user_context(char ** list, + char ** newcon); + +/* Allow the user to manually enter a context as a fallback + if a list of authorized contexts could not be obtained. + Caller must free via freecon. + Returns 0 on success or -1 otherwise. */ + extern int manual_user_enter_context(const char *user, + char ** newcon); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/jni/external/selinux/get_default_type.h b/jni/external/selinux/get_default_type.h new file mode 100644 index 000000000..65c5dd40a --- /dev/null +++ b/jni/external/selinux/get_default_type.h @@ -0,0 +1,23 @@ +/* get_default_type.h - contains header information and function prototypes + * for functions to get the default type for a role + */ + +#ifndef _SELINUX_GET_DEFAULT_TYPE_H_ +#define _SELINUX_GET_DEFAULT_TYPE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/* Return path to default type file. */ + const char *selinux_default_type_path(void); + +/* Get the default type (domain) for 'role' and set 'type' to refer to it. + Caller must free via free(). + Return 0 on success or -1 otherwise. */ + int get_default_type(const char *role, char **type); + +#ifdef __cplusplus +} +#endif +#endif /* ifndef _GET_DEFAULT_TYPE_H_ */ diff --git a/jni/external/selinux/label.h b/jni/external/selinux/label.h new file mode 100644 index 000000000..277287ed1 --- /dev/null +++ b/jni/external/selinux/label.h @@ -0,0 +1,190 @@ +/* + * Labeling interface for userspace object managers and others. + * + * Author : Eamon Walsh + */ +#ifndef _SELABEL_H_ +#define _SELABEL_H_ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Opaque type used for all label handles. + */ + +struct selabel_handle; + +/* + * Available backends. + */ + +/* file contexts */ +#define SELABEL_CTX_FILE 0 +/* media contexts */ +#define SELABEL_CTX_MEDIA 1 +/* x contexts */ +#define SELABEL_CTX_X 2 +/* db objects */ +#define SELABEL_CTX_DB 3 +/* Android property service contexts */ +#define SELABEL_CTX_ANDROID_PROP 4 +/* Android service contexts */ +#define SELABEL_CTX_ANDROID_SERVICE 5 + +/* + * Available options + */ + +/* no-op option, useful for unused slots in an array of options */ +#define SELABEL_OPT_UNUSED 0 +/* validate contexts before returning them (boolean value) */ +#define SELABEL_OPT_VALIDATE 1 +/* don't use local customizations to backend data (boolean value) */ +#define SELABEL_OPT_BASEONLY 2 +/* specify an alternate path to use when loading backend data */ +#define SELABEL_OPT_PATH 3 +/* select a subset of the search space as an optimization (file backend) */ +#define SELABEL_OPT_SUBSET 4 +/* require a hash calculation on spec files */ +#define SELABEL_OPT_DIGEST 5 +/* total number of options */ +#define SELABEL_NOPT 6 + +/* + * Label operations + */ + +/** + * selabel_open - Create a labeling handle. + * @backend: one of the constants specifying a supported labeling backend. + * @opts: array of selabel_opt structures specifying label options or NULL. + * @nopts: number of elements in opts array or zero for no options. + * + * Open a labeling backend for use. The available backend identifiers are + * listed above. Options may be provided via the opts parameter; available + * options are listed above. Not all options may be supported by every + * backend. Return value is the created handle on success or NULL with + * @errno set on failure. + */ +struct selabel_handle *selabel_open(unsigned int backend, + const struct selinux_opt *opts, + unsigned nopts); + +/** + * selabel_close - Close a labeling handle. + * @handle: specifies handle to close + * + * Destroy the specified handle, closing files, freeing allocated memory, + * etc. The handle may not be further used after it has been closed. + */ +void selabel_close(struct selabel_handle *handle); + +/** + * selabel_lookup - Perform labeling lookup operation. + * @handle: specifies backend instance to query + * @con: returns the appropriate context with which to label the object + * @key: string input to lookup operation + * @type: numeric input to the lookup operation + * + * Perform a labeling lookup operation. Return %0 on success, -%1 with + * @errno set on failure. The key and type arguments are the inputs to the + * lookup operation; appropriate values are dictated by the backend in use. + * The result is returned in the memory pointed to by @con and must be freed + * by the user with freecon(). + */ +int selabel_lookup(struct selabel_handle *handle, char **con, + const char *key, int type); +int selabel_lookup_raw(struct selabel_handle *handle, char **con, + const char *key, int type); + +bool selabel_partial_match(struct selabel_handle *handle, const char *key); + +int selabel_lookup_best_match(struct selabel_handle *rec, char **con, + const char *key, const char **aliases, int type); +int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, + const char *key, const char **aliases, int type); + +/** + * selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to + * generate the digest. The SELABEL_OPT_DIGEST option must + * be set in selabel_open() to initiate the digest generation. + * @handle: specifies backend instance to query + * @digest: returns a pointer to the SHA1 digest. + * @digest_len: returns length of digest in bytes. + * @specfiles: a list of specfiles used in the SHA1 digest generation. + * The list is NULL terminated and will hold @num_specfiles entries. + * @num_specfiles: number of specfiles in the list. + * + * Return %0 on success, -%1 with @errno set on failure. + */ +int selabel_digest(struct selabel_handle *rec, + unsigned char **digest, size_t *digest_len, + char ***specfiles, size_t *num_specfiles); + +enum selabel_cmp_result { + SELABEL_SUBSET, + SELABEL_EQUAL, + SELABEL_SUPERSET, + SELABEL_INCOMPARABLE +}; + +/** + * selabel_cmp - Compare two label configurations. + * @h1: handle for the first label configuration + * @h2: handle for the first label configuration + * + * Compare two label configurations. + * Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL + * if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset + * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable. + */ +enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1, + struct selabel_handle *h2); + +/** + * selabel_stats - log labeling operation statistics. + * @handle: specifies backend instance to query + * + * Log a message with information about the number of queries performed, + * number of unused matching entries, or other operational statistics. + * Message is backend-specific, some backends may not output a message. + */ +void selabel_stats(struct selabel_handle *handle); + +/* + * Type codes used by specific backends + */ + +/* X backend */ +#define SELABEL_X_PROP 1 +#define SELABEL_X_EXT 2 +#define SELABEL_X_CLIENT 3 +#define SELABEL_X_EVENT 4 +#define SELABEL_X_SELN 5 +#define SELABEL_X_POLYPROP 6 +#define SELABEL_X_POLYSELN 7 + +/* DB backend */ +#define SELABEL_DB_DATABASE 1 +#define SELABEL_DB_SCHEMA 2 +#define SELABEL_DB_TABLE 3 +#define SELABEL_DB_COLUMN 4 +#define SELABEL_DB_SEQUENCE 5 +#define SELABEL_DB_VIEW 6 +#define SELABEL_DB_PROCEDURE 7 +#define SELABEL_DB_BLOB 8 +#define SELABEL_DB_TUPLE 9 +#define SELABEL_DB_LANGUAGE 10 +#define SELABEL_DB_EXCEPTION 11 +#define SELABEL_DB_DATATYPE 12 + +#ifdef __cplusplus +} +#endif +#endif /* _SELABEL_H_ */ diff --git a/jni/external/selinux/restorecon.h b/jni/external/selinux/restorecon.h new file mode 100644 index 000000000..41bb30ee9 --- /dev/null +++ b/jni/external/selinux/restorecon.h @@ -0,0 +1,187 @@ +#ifndef _RESTORECON_H_ +#define _RESTORECON_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * selinux_restorecon - Relabel files. + * @pathname: specifies file/directory to relabel. + * @restorecon_flags: specifies the actions to be performed when relabeling. + * + * selinux_restorecon(3) will automatically call + * selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3) + * first time through to set the selabel_open(3) parameters to use the + * currently loaded policy file_contexts and request their computed digest. + * + * Should other selabel_open(3) parameters be required see + * selinux_restorecon_set_sehandle(3). + */ +extern int selinux_restorecon(const char *pathname, + unsigned int restorecon_flags); +/* + * restorecon_flags options + */ +/* + * Force the checking of labels even if the stored SHA1 + * digest matches the specfiles SHA1 digest. + */ +#define SELINUX_RESTORECON_IGNORE_DIGEST 0x0001 +/* + * Do not change file labels. + */ +#define SELINUX_RESTORECON_NOCHANGE 0x0002 +/* + * If set set change file label to that in spec file. + * If not only change type component to that in spec file. + */ +#define SELINUX_RESTORECON_SET_SPECFILE_CTX 0x0004 +/* + * Recursively descend directories. + */ +#define SELINUX_RESTORECON_RECURSE 0x0008 +/* + * Log changes to selinux log. Note that if VERBOSE and + * PROGRESS are set, then PROGRESS will take precedence. + */ +#define SELINUX_RESTORECON_VERBOSE 0x0010 +/* + * If SELINUX_RESTORECON_PROGRESS is true and + * SELINUX_RESTORECON_MASS_RELABEL is true, then output approx % complete, + * else output the number of files in 1k blocks processed to stdout. + */ +#define SELINUX_RESTORECON_PROGRESS 0x0020 +/* + * Convert passed-in pathname to canonical pathname. + */ +#define SELINUX_RESTORECON_REALPATH 0x0040 +/* + * Prevent descending into directories that have a different + * device number than the pathname from which the descent began. + */ +#define SELINUX_RESTORECON_XDEV 0x0080 +/* + * Attempt to add an association between an inode and a specification. + * If there is already an association for the inode and it conflicts + * with the specification, then use the last matching specification. + */ +#define SELINUX_RESTORECON_ADD_ASSOC 0x0100 +/* + * Abort on errors during the file tree walk. + */ +#define SELINUX_RESTORECON_ABORT_ON_ERROR 0x0200 +/* + * Log any label changes to syslog. + */ +#define SELINUX_RESTORECON_SYSLOG_CHANGES 0x0400 +/* + * Log what spec matched each file. + */ +#define SELINUX_RESTORECON_LOG_MATCHES 0x0800 +/* + * Ignore files that do not exist. + */ +#define SELINUX_RESTORECON_IGNORE_NOENTRY 0x1000 +/* + * Do not read /proc/mounts to obtain a list of non-seclabel + * mounts to be excluded from relabeling checks. + */ +#define SELINUX_RESTORECON_IGNORE_MOUNTS 0x2000 +/* + * Set if there is a mass relabel required. + * See SELINUX_RESTORECON_PROGRESS flag for details. + */ +#define SELINUX_RESTORECON_MASS_RELABEL 0x4000 + +/** + * selinux_restorecon_set_sehandle - Set the global fc handle. + * @hndl: specifies handle to set as the global fc handle. + * + * Called by a process that has already called selabel_open(3) with it's + * required parameters, or if selinux_restorecon_default_handle(3) has been + * called to set the default selabel_open(3) parameters. + */ +// extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl); + +/** + * selinux_restorecon_default_handle - Sets default selabel_open(3) parameters + * to use the currently loaded policy and + * file_contexts, also requests the digest. + * + * Return value is the created handle on success or NULL with @errno set on + * failure. + */ +extern struct selabel_handle *selinux_restorecon_default_handle(void); + +/** + * selinux_restorecon_set_exclude_list - Add a list of directories that are + * to be excluded from relabeling. + * @exclude_list: containing a NULL terminated list of one or more + * directories not to be relabeled. + */ +extern void selinux_restorecon_set_exclude_list(const char **exclude_list); + +/** + * selinux_restorecon_set_alt_rootpath - Use alternate rootpath. + * @alt_rootpath: containing the alternate rootpath to be used. + * + * Return %0 on success, -%1 with @errno set on failure. + */ +extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath); + +/** + * selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries. + * @pathname: specifies directory path to check. + * @xattr_flags: specifies the actions to be performed. + * @xattr_list: a linked list of struct dir_xattr structures containing + * the directory, digest and result of the action on the + * RESTORECON_LAST entry. + * + * selinux_restorecon_xattr(3) will automatically call + * selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3) + * first time through to set the selabel_open(3) parameters to use the + * currently loaded policy file_contexts and request their computed digest. + * + * Should other selabel_open(3) parameters be required see + * selinux_restorecon_set_sehandle(3), however note that a file_contexts + * computed digest is required for selinux_restorecon_xattr(). + */ +enum digest_result { + MATCH = 0, + NOMATCH, + DELETED_MATCH, + DELETED_NOMATCH, + ERROR +}; + +struct dir_xattr { + char *directory; + char *digest; /* A hex encoded string that can be printed. */ + enum digest_result result; + struct dir_xattr *next; +}; + +extern int selinux_restorecon_xattr(const char *pathname, + unsigned int xattr_flags, + struct dir_xattr ***xattr_list); + +/* + * xattr_flags options + */ +/* Recursively descend directories. */ +#define SELINUX_RESTORECON_XATTR_RECURSE 0x0001 +/* Delete non-matching digests from each directory in pathname. */ +#define SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS 0x0002 +/* Delete all digests found in pathname. */ +#define SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS 0x0004 +/* Do not read /proc/mounts. */ +#define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS 0x0008 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/jni/external/selinux/selinux.h b/jni/external/selinux/selinux.h new file mode 100644 index 000000000..45dd6ca59 --- /dev/null +++ b/jni/external/selinux/selinux.h @@ -0,0 +1,673 @@ +#ifndef _SELINUX_H_ +#define _SELINUX_H_ + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */ +extern int is_selinux_enabled(void); +/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ +extern int is_selinux_mls_enabled(void); + +/* No longer used; here for compatibility with legacy callers. */ +typedef char *security_context_t; + +/* Free the memory allocated for a context by any of the below get* calls. */ +extern void freecon(char * con); + +/* Free the memory allocated for a context array by security_compute_user. */ +extern void freeconary(char ** con); + +/* Wrappers for the /proc/pid/attr API. */ + +/* Get current context, and set *con to refer to it. + Caller must free via freecon. */ +extern int getcon(char ** con); +extern int getcon_raw(char ** con); + +/* Set the current security context to con. + Note that use of this function requires that the entire application + be trusted to maintain any desired separation between the old and new + security contexts, unlike exec-based transitions performed via setexeccon. + When possible, decompose your application and use setexeccon()+execve() + instead. Note that the application may lose access to its open descriptors + as a result of a setcon() unless policy allows it to use descriptors opened + by the old context. */ +extern int setcon(const char * con); +extern int setcon_raw(const char * con); + +/* Get context of process identified by pid, and + set *con to refer to it. Caller must free via freecon. */ +extern int getpidcon(pid_t pid, char ** con); +extern int getpidcon_raw(pid_t pid, char ** con); + +/* Get previous context (prior to last exec), and set *con to refer to it. + Caller must free via freecon. */ +extern int getprevcon(char ** con); +extern int getprevcon_raw(char ** con); + +/* Get exec context, and set *con to refer to it. + Sets *con to NULL if no exec context has been set, i.e. using default. + If non-NULL, caller must free via freecon. */ +extern int getexeccon(char ** con); +extern int getexeccon_raw(char ** con); + +/* Set exec security context for the next execve. + Call with NULL if you want to reset to the default. */ +extern int setexeccon(const char * con); +extern int setexeccon_raw(const char * con); + +/* Get fscreate context, and set *con to refer to it. + Sets *con to NULL if no fs create context has been set, i.e. using default. + If non-NULL, caller must free via freecon. */ +extern int getfscreatecon(char ** con); +extern int getfscreatecon_raw(char ** con); + +/* Set the fscreate security context for subsequent file creations. + Call with NULL if you want to reset to the default. */ +extern int setfscreatecon(const char * context); +extern int setfscreatecon_raw(const char * context); + +/* Get keycreate context, and set *con to refer to it. + Sets *con to NULL if no key create context has been set, i.e. using default. + If non-NULL, caller must free via freecon. */ +extern int getkeycreatecon(char ** con); +extern int getkeycreatecon_raw(char ** con); + +/* Set the keycreate security context for subsequent key creations. + Call with NULL if you want to reset to the default. */ +extern int setkeycreatecon(const char * context); +extern int setkeycreatecon_raw(const char * context); + +/* Get sockcreate context, and set *con to refer to it. + Sets *con to NULL if no socket create context has been set, i.e. using default. + If non-NULL, caller must free via freecon. */ +extern int getsockcreatecon(char ** con); +extern int getsockcreatecon_raw(char ** con); + +/* Set the sockcreate security context for subsequent socket creations. + Call with NULL if you want to reset to the default. */ +extern int setsockcreatecon(const char * context); +extern int setsockcreatecon_raw(const char * context); + +/* Wrappers for the xattr API. */ + +/* Get file context, and set *con to refer to it. + Caller must free via freecon. */ +extern int getfilecon(const char *path, char ** con); +extern int getfilecon_raw(const char *path, char ** con); +extern int lgetfilecon(const char *path, char ** con); +extern int lgetfilecon_raw(const char *path, char ** con); +extern int fgetfilecon(int fd, char ** con); +extern int fgetfilecon_raw(int fd, char ** con); + +/* Set file context */ +extern int setfilecon(const char *path, const char * con); +extern int setfilecon_raw(const char *path, const char * con); +extern int lsetfilecon(const char *path, const char * con); +extern int lsetfilecon_raw(const char *path, const char * con); +extern int fsetfilecon(int fd, const char * con); +extern int fsetfilecon_raw(int fd, const char * con); + +/* Wrappers for the socket API */ + +/* Get context of peer socket, and set *con to refer to it. + Caller must free via freecon. */ +extern int getpeercon(int fd, char ** con); +extern int getpeercon_raw(int fd, char ** con); + +/* Wrappers for the selinuxfs (policy) API. */ + +typedef unsigned int access_vector_t; +typedef unsigned short security_class_t; + +struct av_decision { + access_vector_t allowed; + access_vector_t decided; + access_vector_t auditallow; + access_vector_t auditdeny; + unsigned int seqno; + unsigned int flags; +}; + +/* Definitions of av_decision.flags */ +#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001 + +/* Structure for passing options, used by AVC and label subsystems */ +struct selinux_opt { + int type; + const char *value; +}; + +/* Callback facilities */ +union selinux_callback { + /* log the printf-style format and arguments, + with the type code indicating the type of message */ + int +#ifdef __GNUC__ +__attribute__ ((format(printf, 2, 3))) +#endif + (*func_log) (int type, const char *fmt, ...); + /* store a string representation of auditdata (corresponding + to the given security class) into msgbuf. */ + int (*func_audit) (void *auditdata, security_class_t cls, + char *msgbuf, size_t msgbufsize); + /* validate the supplied context, modifying if necessary */ + int (*func_validate) (char **ctx); + /* netlink callback for setenforce message */ + int (*func_setenforce) (int enforcing); + /* netlink callback for policyload message */ + int (*func_policyload) (int seqno); +}; + +#define SELINUX_CB_LOG 0 +#define SELINUX_CB_AUDIT 1 +#define SELINUX_CB_VALIDATE 2 +#define SELINUX_CB_SETENFORCE 3 +#define SELINUX_CB_POLICYLOAD 4 + +extern union selinux_callback selinux_get_callback(int type); +extern void selinux_set_callback(int type, union selinux_callback cb); + + /* Logging type codes, passed to the logging callback */ +#define SELINUX_ERROR 0 +#define SELINUX_WARNING 1 +#define SELINUX_INFO 2 +#define SELINUX_AVC 3 +#define SELINUX_TRANS_DIR "/var/run/setrans" + +/* Compute an access decision. */ +extern int security_compute_av(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd); +extern int security_compute_av_raw(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd); + +extern int security_compute_av_flags(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd); +extern int security_compute_av_flags_raw(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd); + +/* Compute a labeling decision and set *newcon to refer to it. + Caller must free via freecon. */ +extern int security_compute_create(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); +extern int security_compute_create_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); +extern int security_compute_create_name(const char * scon, + const char * tcon, + security_class_t tclass, + const char *objname, + char ** newcon); +extern int security_compute_create_name_raw(const char * scon, + const char * tcon, + security_class_t tclass, + const char *objname, + char ** newcon); + +/* Compute a relabeling decision and set *newcon to refer to it. + Caller must free via freecon. */ +extern int security_compute_relabel(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); +extern int security_compute_relabel_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); + +/* Compute a polyinstantiation member decision and set *newcon to refer to it. + Caller must free via freecon. */ +extern int security_compute_member(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); +extern int security_compute_member_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon); + +/* Compute the set of reachable user contexts and set *con to refer to + the NULL-terminated array of contexts. Caller must free via freeconary. */ +extern int security_compute_user(const char * scon, + const char *username, + char *** con); +extern int security_compute_user_raw(const char * scon, + const char *username, + char *** con); + +/* Load a policy configuration. */ +extern int security_load_policy(void *data, size_t len); + +/* Get the context of an initial kernel security identifier by name. + Caller must free via freecon */ +extern int security_get_initial_context(const char *name, + char ** con); +extern int security_get_initial_context_raw(const char *name, + char ** con); + +/* + * Make a policy image and load it. + * This function provides a higher level interface for loading policy + * than security_load_policy, internally determining the right policy + * version, locating and opening the policy file, mapping it into memory, + * manipulating it as needed for current boolean settings and/or local + * definitions, and then calling security_load_policy to load it. + * + * 'preservebools' is a boolean flag indicating whether current + * policy boolean values should be preserved into the new policy (if 1) + * or reset to the saved policy settings (if 0). The former case is the + * default for policy reloads, while the latter case is an option for policy + * reloads but is primarily for the initial policy load. + */ +extern int selinux_mkload_policy(int preservebools); + +/* + * Perform the initial policy load. + * This function determines the desired enforcing mode, sets the + * the *enforce argument accordingly for the caller to use, sets the + * SELinux kernel enforcing status to match it, and loads the policy. + * It also internally handles the initial selinuxfs mount required to + * perform these actions. + * + * The function returns 0 if everything including the policy load succeeds. + * In this case, init is expected to re-exec itself in order to transition + * to the proper security context. + * Otherwise, the function returns -1, and init must check *enforce to + * determine how to proceed. If enforcing (*enforce > 0), then init should + * halt the system. Otherwise, init may proceed normally without a re-exec. + */ +extern int selinux_init_load_policy(int *enforce); + +/* Translate boolean strict to name value pair. */ +typedef struct { + char *name; + int value; +} SELboolean; +/* save a list of booleans in a single transaction. */ +extern int security_set_boolean_list(size_t boolcnt, + SELboolean * boollist, int permanent); + +/* Load policy boolean settings. + Path may be NULL, in which case the booleans are loaded from + the active policy boolean configuration file. */ +extern int security_load_booleans(char *path); + +/* Check the validity of a security context. */ +extern int security_check_context(const char * con); +extern int security_check_context_raw(const char * con); + +/* Canonicalize a security context. */ +extern int security_canonicalize_context(const char * con, + char ** canoncon); +extern int security_canonicalize_context_raw(const char * con, + char ** canoncon); + +/* Get the enforce flag value. */ +extern int security_getenforce(void); + +/* Set the enforce flag value. */ +extern int security_setenforce(int value); + +/* Get the behavior for undefined classes/permissions */ +extern int security_deny_unknown(void); + +/* Disable SELinux at runtime (must be done prior to initial policy load). */ +extern int security_disable(void); + +/* Get the policy version number. */ +extern int security_policyvers(void); + +/* Get the boolean names */ +extern int security_get_boolean_names(char ***names, int *len); + +/* Get the pending value for the boolean */ +extern int security_get_boolean_pending(const char *name); + +/* Get the active value for the boolean */ +extern int security_get_boolean_active(const char *name); + +/* Set the pending value for the boolean */ +extern int security_set_boolean(const char *name, int value); + +/* Commit the pending values for the booleans */ +extern int security_commit_booleans(void); + +/* Userspace class mapping support */ +struct security_class_mapping { + const char *name; + const char *perms[sizeof(access_vector_t) * 8 + 1]; +}; + +/** + * selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names + * @map: array of security_class_mapping structures + * + * The core avc_has_perm() API uses integers to represent security + * classes; previous to the introduction of this function, it was + * common for userspace object managers to be compiled using generated + * offsets for a particular policy. However, that strongly ties the build of the userspace components to a particular policy. + * + * By using this function to map between integer offsets and security + * class names, it's possible to replace a system policies that have + * at least the same set of security class names as used by the + * userspace object managers. + * + * To correctly use this function, you should override the generated + * security class defines from the system policy in a local header, + * starting at 1, and have one security_class_mapping structure entry + * per define. + */ +extern int selinux_set_mapping(struct security_class_mapping *map); + +/* Common helpers */ + +/* Convert between mode and security class values */ +extern security_class_t mode_to_security_class(mode_t mode); +/* Convert between security class values and string names */ +extern security_class_t string_to_security_class(const char *name); +extern const char *security_class_to_string(security_class_t cls); + +/* Convert between individual access vector permissions and string names */ +extern const char *security_av_perm_to_string(security_class_t tclass, + access_vector_t perm); +extern access_vector_t string_to_av_perm(security_class_t tclass, + const char *name); + +/* Returns an access vector in a string representation. User must free the + * returned string via free(). */ +extern int security_av_string(security_class_t tclass, + access_vector_t av, char **result); + +/* Display an access vector in a string representation. */ +extern void print_access_vector(security_class_t tclass, access_vector_t av); + +/* Set the function used by matchpathcon_init when displaying + errors about the file_contexts configuration. If not set, + then this defaults to fprintf(stderr, fmt, ...). */ +extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...)); + +/* Set the function used by matchpathcon_init when checking the + validity of a context in the file contexts configuration. If not set, + then this defaults to a test based on security_check_context(). + The function is also responsible for reporting any such error, and + may include the 'path' and 'lineno' in such error messages. */ +extern void set_matchpathcon_invalidcon(int (*f) (const char *path, + unsigned lineno, + char *context)); + +/* Same as above, but also allows canonicalization of the context, + by changing *context to refer to the canonical form. If not set, + and invalidcon is also not set, then this defaults to calling + security_canonicalize_context(). */ +extern void set_matchpathcon_canoncon(int (*f) (const char *path, + unsigned lineno, + char **context)); + +/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ +#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ +#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ +#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */ +extern void set_matchpathcon_flags(unsigned int flags); + +/* Load the file contexts configuration specified by 'path' + into memory for use by subsequent matchpathcon calls. + If 'path' is NULL, then load the active file contexts configuration, + i.e. the path returned by selinux_file_context_path(). + Unless the MATCHPATHCON_BASEONLY flag has been set, this + function also checks for a 'path'.homedirs file and + a 'path'.local file and loads additional specifications + from them if present. */ +extern int matchpathcon_init(const char *path); + +/* Same as matchpathcon_init, but only load entries with + regexes that have stems that are prefixes of 'prefix'. */ +extern int matchpathcon_init_prefix(const char *path, const char *prefix); + +/* Free the memory allocated by matchpathcon_init. */ +extern void matchpathcon_fini(void); + +/* Resolve all of the symlinks and relative portions of a pathname, but NOT + * the final component (same a realpath() unless the final component is a + * symlink. Resolved path must be a path of size PATH_MAX + 1 */ +extern int realpath_not_final(const char *name, char *resolved_path); + +/* Match the specified pathname and mode against the file contexts + configuration and set *con to refer to the resulting context. + 'mode' can be 0 to disable mode matching. + Caller must free via freecon. + If matchpathcon_init has not already been called, then this function + will call it upon its first invocation with a NULL path. */ +extern int matchpathcon(const char *path, + mode_t mode, char ** con); + +/* Same as above, but return a specification index for + later use in a matchpathcon_filespec_add() call - see below. */ +extern int matchpathcon_index(const char *path, + mode_t mode, char ** con); + +/* Maintain an association between an inode and a specification index, + and check whether a conflicting specification is already associated + with the same inode (e.g. due to multiple hard links). If so, then + use the latter of the two specifications based on their order in the + file contexts configuration. Return the used specification index. */ +extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file); + +/* Destroy any inode associations that have been added, e.g. to restart + for a new filesystem. */ +extern void matchpathcon_filespec_destroy(void); + +/* Display statistics on the hash table usage for the associations. */ +extern void matchpathcon_filespec_eval(void); + +/* Check to see whether any specifications had no matches and report them. + The 'str' is used as a prefix for any warning messages. */ +extern void matchpathcon_checkmatches(char *str); + +/* Match the specified media and against the media contexts + configuration and set *con to refer to the resulting context. + Caller must free con via freecon. */ +extern int matchmediacon(const char *media, char ** con); + +/* + selinux_getenforcemode reads the /etc/selinux/config file and determines + whether the machine should be started in enforcing (1), permissive (0) or + disabled (-1) mode. + */ +extern int selinux_getenforcemode(int *enforce); + +/* + selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file + looking for a record with boolean_name. If a record exists selinux_boolean_sub + returns the translated name otherwise it returns the original name. + The returned value needs to be freed. On failure NULL will be returned. + */ +extern char *selinux_boolean_sub(const char *boolean_name); + +/* + selinux_getpolicytype reads the /etc/selinux/config file and determines + what the default policy for the machine is. Calling application must + free policytype. + */ +extern int selinux_getpolicytype(char **policytype); + +/* + selinux_policy_root reads the /etc/selinux/config file and returns + the directory path under which the compiled policy file and context + configuration files exist. + */ +extern const char *selinux_policy_root(void); + +/* + selinux_set_policy_root sets an alternate policy root directory path under + which the compiled policy file and context configuration files exist. + */ +extern int selinux_set_policy_root(const char *rootpath); + +/* These functions return the paths to specific files under the + policy root directory. */ +extern const char *selinux_current_policy_path(void); +extern const char *selinux_binary_policy_path(void); +extern const char *selinux_failsafe_context_path(void); +extern const char *selinux_removable_context_path(void); +extern const char *selinux_default_context_path(void); +extern const char *selinux_user_contexts_path(void); +extern const char *selinux_file_context_path(void); +extern const char *selinux_file_context_homedir_path(void); +extern const char *selinux_file_context_local_path(void); +extern const char *selinux_file_context_subs_path(void); +extern const char *selinux_file_context_subs_dist_path(void); +extern const char *selinux_homedir_context_path(void); +extern const char *selinux_media_context_path(void); +extern const char *selinux_virtual_domain_context_path(void); +extern const char *selinux_virtual_image_context_path(void); +extern const char *selinux_lxc_contexts_path(void); +extern const char *selinux_x_context_path(void); +extern const char *selinux_sepgsql_context_path(void); +extern const char *selinux_openrc_contexts_path(void); +extern const char *selinux_openssh_contexts_path(void); +extern const char *selinux_snapperd_contexts_path(void); +extern const char *selinux_systemd_contexts_path(void); +extern const char *selinux_contexts_path(void); +extern const char *selinux_securetty_types_path(void); +extern const char *selinux_booleans_subs_path(void); +extern const char *selinux_booleans_path(void); +extern const char *selinux_customizable_types_path(void); +extern const char *selinux_users_path(void); +extern const char *selinux_usersconf_path(void); +extern const char *selinux_translations_path(void); +extern const char *selinux_colors_path(void); +extern const char *selinux_netfilter_context_path(void); +extern const char *selinux_path(void); + +/** + * selinux_check_access - Check permissions and perform appropriate auditing. + * @scon: source security context + * @tcon: target security context + * @tclass: target security class string + * @perm: requested permissions string, interpreted based on @tclass + * @auditdata: auxiliary audit data + * + * Check the AVC to determine whether the @perm permissions are granted + * for the SID pair (@scon, @tcon), interpreting the permissions + * based on @tclass. + * Return %0 if all @perm permissions are granted, -%1 with + * @errno set to %EACCES if any permissions are denied or to another + * value upon other errors. + * If auditing or logging is configured the appropriate callbacks will be called + * and passed the auditdata field + */ +extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata); + +/* Check a permission in the passwd class. + Return 0 if granted or -1 otherwise. */ +extern int selinux_check_passwd_access(access_vector_t requested); +extern int checkPasswdAccess(access_vector_t requested); + +/* Check if the tty_context is defined as a securetty + Return 0 if secure, < 0 otherwise. */ +extern int selinux_check_securetty_context(const char * tty_context); + +/* Set the path to the selinuxfs mount point explicitly. + Normally, this is determined automatically during libselinux + initialization, but this is not always possible, e.g. for /sbin/init + which performs the initial mount of selinuxfs. */ +void set_selinuxmnt(const char *mnt); + +/* Check if selinuxfs exists as a kernel filesystem */ +int selinuxfs_exists(void); + +/* clear selinuxmnt variable and free allocated memory */ +void fini_selinuxmnt(void); + +/* Set an appropriate security context based on the filename of a helper + * program, falling back to a new context with the specified type. */ +extern int setexecfilecon(const char *filename, const char *fallback_type); + +#ifndef DISABLE_RPM +/* Execute a helper for rpm in an appropriate security context. */ +extern int rpm_execcon(unsigned int verified, + const char *filename, + char *const argv[], char *const envp[]); +#endif + +/* Returns whether a file context is customizable, and should not + be relabeled . */ +extern int is_context_customizable(const char * scontext); + +/* Perform context translation between the human-readable format + ("translated") and the internal system format ("raw"). + Caller must free the resulting context via freecon. + Returns -1 upon an error or 0 otherwise. + If passed NULL, sets the returned context to NULL and returns 0. */ +extern int selinux_trans_to_raw_context(const char * trans, + char ** rawp); +extern int selinux_raw_to_trans_context(const char * raw, + char ** transp); + +/* Perform context translation between security contexts + and display colors. Returns a space-separated list of ten + ten hex RGB triples prefixed by hash marks, e.g. "#ff0000". + Caller must free the resulting string via free. + Returns -1 upon an error or 0 otherwise. */ +extern int selinux_raw_context_to_color(const char * raw, + char **color_str); + +/* Get the SELinux username and level to use for a given Linux username. + These values may then be passed into the get_ordered_context_list* + and get_default_context* functions to obtain a context for the user. + Returns 0 on success or -1 otherwise. + Caller must free the returned strings via free. */ +extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + +/* Get the SELinux username and level to use for a given Linux username and service. + These values may then be passed into the get_ordered_context_list* + and get_default_context* functions to obtain a context for the user. + Returns 0 on success or -1 otherwise. + Caller must free the returned strings via free. */ +extern int getseuser(const char *username, const char *service, + char **r_seuser, char **r_level); + +/* Compare two file contexts, return 0 if equivalent. */ +extern int selinux_file_context_cmp(const char * a, + const char * b); + +/* + * Verify the context of the file 'path' against policy. + * Return 1 if match, 0 if not and -1 on error. + */ +extern int selinux_file_context_verify(const char *path, mode_t mode); + +/* This function sets the file context on to the system defaults returns 0 on success */ +extern int selinux_lsetfilecon_default(const char *path); + +/* + * Force a reset of the loaded configuration + * WARNING: This is not thread safe. Be very sure that no other threads + * are calling into libselinux when this is called. + */ +extern void selinux_reset_config(void); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/jni/external/selinux_stub.c b/jni/external/selinux_stub.c new file mode 100644 index 000000000..6df740152 --- /dev/null +++ b/jni/external/selinux_stub.c @@ -0,0 +1,357 @@ +#include +#include +#include +#include "selinux/avc.h" +#include "selinux/context.h" +#include "selinux/get_context_list.h" +#include "selinux/get_default_type.h" +#include "selinux/restorecon.h" +#include "selinux/selinux.h" +int is_selinux_enabled(void) { return 0; } +int is_selinux_mls_enabled(void) { return 0; } +void freecon(char * con) { } +void freeconary(char ** con) { } +int getcon(char ** con) { return 0; } +int getcon_raw(char ** con) { return 0; } +int setcon(const char * con) { return 0; } +int setcon_raw(const char * con) { return 0; } +int getpidcon(pid_t pid, char ** con) { return 0; } +int getpidcon_raw(pid_t pid, char ** con) { return 0; } +int getprevcon(char ** con) { return 0; } +int getprevcon_raw(char ** con) { return 0; } +int getexeccon(char ** con) { return 0; } +int getexeccon_raw(char ** con) { return 0; } +int setexeccon(const char * con) { return 0; } +int setexeccon_raw(const char * con) { return 0; } +int getfscreatecon(char ** con) { return 0; } +int getfscreatecon_raw(char ** con) { return 0; } +int setfscreatecon(const char * context) { return 0; } +int setfscreatecon_raw(const char * context) { return 0; } +int getkeycreatecon(char ** con) { return 0; } +int getkeycreatecon_raw(char ** con) { return 0; } +int setkeycreatecon(const char * context) { return 0; } +int setkeycreatecon_raw(const char * context) { return 0; } +int getsockcreatecon(char ** con) { return 0; } +int getsockcreatecon_raw(char ** con) { return 0; } +int setsockcreatecon(const char * context) { return 0; } +int setsockcreatecon_raw(const char * context) { return 0; } +int getfilecon(const char *path, char ** con) { return 0; } +int getfilecon_raw(const char *path, char ** con) { return 0; } +int lgetfilecon(const char *path, char ** con) { return 0; } +int lgetfilecon_raw(const char *path, char ** con) { return 0; } +int fgetfilecon(int fd, char ** con) { return 0; } +int fgetfilecon_raw(int fd, char ** con) { return 0; } +int setfilecon(const char *path, const char * con) { return 0; } +int setfilecon_raw(const char *path, const char * con) { return 0; } +int lsetfilecon(const char *path, const char * con) { return 0; } +int lsetfilecon_raw(const char *path, const char * con) { return 0; } +int fsetfilecon(int fd, const char * con) { return 0; } +int fsetfilecon_raw(int fd, const char * con) { return 0; } +int getpeercon(int fd, char ** con) { return 0; } +int getpeercon_raw(int fd, char ** con) { return 0; } +void selinux_set_callback(int type, union selinux_callback cb) { } +int security_compute_av(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd) { return 0; } +int security_compute_av_raw(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd) { return 0; } +int security_compute_av_flags(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd) { return 0; } +int security_compute_av_flags_raw(const char * scon, + const char * tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd) { return 0; } +int security_compute_create(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_create_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_create_name(const char * scon, + const char * tcon, + security_class_t tclass, + const char *objname, + char ** newcon) { return 0; } +int security_compute_create_name_raw(const char * scon, + const char * tcon, + security_class_t tclass, + const char *objname, + char ** newcon) { return 0; } +int security_compute_relabel(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_relabel_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_member(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_member_raw(const char * scon, + const char * tcon, + security_class_t tclass, + char ** newcon) { return 0; } +int security_compute_user(const char * scon, + const char *username, + char *** con) { return 0; } +int security_compute_user_raw(const char * scon, + const char *username, + char *** con) { return 0; } +int security_load_policy(void *data, size_t len) { return 0; } +int security_get_initial_context(const char *name, + char ** con) { return 0; } +int security_get_initial_context_raw(const char *name, + char ** con) { return 0; } +int selinux_mkload_policy(int preservebools) { return 0; } +int selinux_init_load_policy(int *enforce) { return 0; } +int security_set_boolean_list(size_t boolcnt, + SELboolean * boollist, int permanent) { return 0; } +int security_load_booleans(char *path) { return 0; } +int security_check_context(const char * con) { return 0; } +int security_check_context_raw(const char * con) { return 0; } +int security_canonicalize_context(const char * con, + char ** canoncon) { return 0; } +int security_canonicalize_context_raw(const char * con, + char ** canoncon) { return 0; } +int security_getenforce(void) { return 0; } +int security_setenforce(int value) { return 0; } +int security_deny_unknown(void) { return 0; } +int security_disable(void) { return 0; } +int security_policyvers(void) { return 0; } +int security_get_boolean_names(char ***names, int *len) { return 0; } +int security_get_boolean_pending(const char *name) { return 0; } +int security_get_boolean_active(const char *name) { return 0; } +int security_set_boolean(const char *name, int value) { return 0; } +int security_commit_booleans(void) { return 0; } +int selinux_set_mapping(struct security_class_mapping *map) { return 0; } +security_class_t mode_to_security_class(mode_t mode) { return 0; } +security_class_t string_to_security_class(const char *name) { return 0; } +const char *security_class_to_string(security_class_t cls) { return 0; } +const char *security_av_perm_to_string(security_class_t tclass, + access_vector_t perm) { return 0; } +access_vector_t string_to_av_perm(security_class_t tclass, + const char *name) { return 0; } +int security_av_string(security_class_t tclass, + access_vector_t av, char **result) { return 0; } +void print_access_vector(security_class_t tclass, access_vector_t av) { } +void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) { } +void set_matchpathcon_invalidcon(int (*f) (const char *path, + unsigned lineno, + char *context)) { } +void set_matchpathcon_canoncon(int (*f) (const char *path, + unsigned lineno, + char **context)) { } +void set_matchpathcon_flags(unsigned int flags) { } +int matchpathcon_init(const char *path) { return 0; } +int matchpathcon_init_prefix(const char *path, const char *prefix) { return 0; } +void matchpathcon_fini(void) { } +int realpath_not_final(const char *name, char *resolved_path) { return 0; } +int matchpathcon(const char *path, + mode_t mode, char ** con) { return 0; } +int matchpathcon_index(const char *path, + mode_t mode, char ** con) { return 0; } +int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) { return 0; } +void matchpathcon_filespec_destroy(void) { } +void matchpathcon_filespec_eval(void) { } +void matchpathcon_checkmatches(char *str) { } +int matchmediacon(const char *media, char ** con) { return 0; } +int selinux_getenforcemode(int *enforce) { return 0; } +char *selinux_boolean_sub(const char *boolean_name) { return 0; } +int selinux_getpolicytype(char **policytype) { return 0; } +const char *selinux_policy_root(void) { return 0; } +int selinux_set_policy_root(const char *rootpath) { return 0; } +const char *selinux_current_policy_path(void) { return 0; } +const char *selinux_binary_policy_path(void) { return 0; } +const char *selinux_failsafe_context_path(void) { return 0; } +const char *selinux_removable_context_path(void) { return 0; } +const char *selinux_default_context_path(void) { return 0; } +const char *selinux_user_contexts_path(void) { return 0; } +const char *selinux_file_context_path(void) { return 0; } +const char *selinux_file_context_homedir_path(void) { return 0; } +const char *selinux_file_context_local_path(void) { return 0; } +const char *selinux_file_context_subs_path(void) { return 0; } +const char *selinux_file_context_subs_dist_path(void) { return 0; } +const char *selinux_homedir_context_path(void) { return 0; } +const char *selinux_media_context_path(void) { return 0; } +const char *selinux_virtual_domain_context_path(void) { return 0; } +const char *selinux_virtual_image_context_path(void) { return 0; } +const char *selinux_lxc_contexts_path(void) { return 0; } +const char *selinux_x_context_path(void) { return 0; } +const char *selinux_sepgsql_context_path(void) { return 0; } +const char *selinux_openrc_contexts_path(void) { return 0; } +const char *selinux_openssh_contexts_path(void) { return 0; } +const char *selinux_snapperd_contexts_path(void) { return 0; } +const char *selinux_systemd_contexts_path(void) { return 0; } +const char *selinux_contexts_path(void) { return 0; } +const char *selinux_securetty_types_path(void) { return 0; } +const char *selinux_booleans_subs_path(void) { return 0; } +const char *selinux_booleans_path(void) { return 0; } +const char *selinux_customizable_types_path(void) { return 0; } +const char *selinux_users_path(void) { return 0; } +const char *selinux_usersconf_path(void) { return 0; } +const char *selinux_translations_path(void) { return 0; } +const char *selinux_colors_path(void) { return 0; } +const char *selinux_netfilter_context_path(void) { return 0; } +const char *selinux_path(void) { return 0; } +int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata) { return 0; } +int selinux_check_passwd_access(access_vector_t requested) { return 0; } +int checkPasswdAccess(access_vector_t requested) { return 0; } +int selinux_check_securetty_context(const char * tty_context) { return 0; } +void set_selinuxmnt(const char *mnt) { } +int selinuxfs_exists(void) { return 0; } +void fini_selinuxmnt(void) {} +int setexecfilecon(const char *filename, const char *fallback_type) { return 0; } +#ifndef DISABLE_RPM +int rpm_execcon(unsigned int verified, + const char *filename, + char *const argv[], char *const envp[]) { return 0; } +#endif +int is_context_customizable(const char * scontext) { return 0; } +int selinux_trans_to_raw_context(const char * trans, + char ** rawp) { return 0; } +int selinux_raw_to_trans_context(const char * raw, + char ** transp) { return 0; } +int selinux_raw_context_to_color(const char * raw, + char **color_str) { return 0; } +int getseuserbyname(const char *linuxuser, char **seuser, char **level) { return 0; } +int getseuser(const char *username, const char *service, + char **r_seuser, char **r_level) { return 0; } +int selinux_file_context_cmp(const char * a, + const char * b) { return 0; } +int selinux_file_context_verify(const char *path, mode_t mode) { return 0; } +int selinux_lsetfilecon_default(const char *path) { return 0; } +void selinux_reset_config(void) { } +int avc_sid_to_context(security_id_t sid, char ** ctx) { return 0; } +int avc_sid_to_context_raw(security_id_t sid, char ** ctx) { return 0; } +int avc_context_to_sid(const char * ctx, security_id_t * sid) { return 0; } +int avc_context_to_sid_raw(const char * ctx, security_id_t * sid) { return 0; } +int sidget(security_id_t sid) { return 0; } +int sidput(security_id_t sid) { return 0; } +int avc_get_initial_sid(const char *name, security_id_t * sid) { return 0; } +int avc_init(const char *msgprefix, + const struct avc_memory_callback *mem_callbacks, + const struct avc_log_callback *log_callbacks, + const struct avc_thread_callback *thread_callbacks, + const struct avc_lock_callback *lock_callbacks) { return 0; } +int avc_open(struct selinux_opt *opts, unsigned nopts) { return 0; } +void avc_cleanup(void) { } +int avc_reset(void) { return 0; } +void avc_destroy(void) { } +int avc_has_perm_noaudit(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + access_vector_t requested, + struct avc_entry_ref *aeref, struct av_decision *avd) { return 0; } +int avc_has_perm(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct avc_entry_ref *aeref, void *auditdata) { return 0; } +void avc_audit(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct av_decision *avd, int result, void *auditdata) { } +int avc_compute_create(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, security_id_t * newsid) { return 0; } +int avc_compute_member(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, security_id_t * newsid) { return 0; } +int avc_add_callback(int (*callback) + (uint32_t event, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms, + access_vector_t * out_retained), + uint32_t events, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms) { return 0; } +void avc_cache_stats(struct avc_cache_stats *stats) { } +void avc_av_stats(void) { } +void avc_sid_stats(void) { } +int avc_netlink_open(int blocking) { return 0; } +void avc_netlink_loop(void) { } +void avc_netlink_close(void) { } +int avc_netlink_acquire_fd(void) { return 0; } +void avc_netlink_release_fd(void) { } +int avc_netlink_check_nb(void) { return 0; } +int selinux_status_open(int fallback) { return 0; } +void selinux_status_close(void) { } +int selinux_status_updated(void) { return 0; } +int selinux_status_getenforce(void) { return 0; } +int selinux_status_policyload(void) { return 0; } +int selinux_status_deny_unknown(void) { return 0; } +context_t context_new(const char *s) { return 0; } +char *context_str(context_t c) { return 0; } +void context_free(context_t c) { } +const char *context_type_get(context_t c) { return 0; } +const char *context_range_get(context_t c) { return 0; } +const char *context_role_get(context_t c) { return 0; } +const char *context_user_get(context_t c) { return 0; } +int context_type_set(context_t c, const char *s) { return 0; } +int context_range_set(context_t c, const char *s) { return 0; } +int context_role_set(context_t c, const char *s) { return 0; } +int context_user_set(context_t c, const char *s) { return 0; } +int get_ordered_context_list(const char *user, + char * fromcon, + char *** list) { return 0; } +int get_ordered_context_list_with_level(const char *user, + const char *level, + char * fromcon, + char *** list) { return 0; } +int get_default_context(const char *user, + char * fromcon, + char ** newcon) { return 0; } +int get_default_context_with_level(const char *user, + const char *level, + char * fromcon, + char ** newcon) { return 0; } +int get_default_context_with_role(const char *user, + const char *role, + char * fromcon, + char ** newcon) { return 0; } +int get_default_context_with_rolelevel(const char *user, + const char *role, + const char *level, + char * fromcon, + char ** newcon) { return 0; } +int query_user_context(char ** list, + char ** newcon) { return 0; } +int manual_user_enter_context(const char *user, + char ** newcon) { return 0; } +const char *selinux_default_type_path(void) { return 0; } +int get_default_type(const char *role, char **type) { return 0; } +struct selabel_handle *selabel_open(unsigned int backend, + const struct selinux_opt *opts, + unsigned nopts) { return 0; } +void selabel_close(struct selabel_handle *handle) { } +int selabel_lookup(struct selabel_handle *handle, char **con, + const char *key, int type) { return 0; } +int selabel_lookup_raw(struct selabel_handle *handle, char **con, + const char *key, int type) { return 0; } +bool selabel_partial_match(struct selabel_handle *handle, const char *key) { return 0; } +int selabel_lookup_best_match(struct selabel_handle *rec, char **con, + const char *key, const char **aliases, int type) { return 0; } +int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con, + const char *key, const char **aliases, int type) { return 0; } +int selabel_digest(struct selabel_handle *rec, + unsigned char **digest, size_t *digest_len, + char ***specfiles, size_t *num_specfiles) { return 0; } +void selabel_stats(struct selabel_handle *handle) { } +int selinux_restorecon(const char *pathname, + unsigned int restorecon_flags) { return 0; } +struct selabel_handle *selinux_restorecon_default_handle(void) { return 0; } +void selinux_restorecon_set_exclude_list(const char **exclude_list) { } +int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath) { return 0; } +int selinux_restorecon_xattr(const char *pathname, + unsigned int xattr_flags, + struct dir_xattr ***xattr_list) { return 0; } diff --git a/jni/sqlite3/sqlite3.h b/jni/external/sqlite3.h similarity index 100% rename from jni/sqlite3/sqlite3.h rename to jni/external/sqlite3.h diff --git a/jni/sqlite3/sqlite3_stub.c b/jni/external/sqlite3_stub.c similarity index 100% rename from jni/sqlite3/sqlite3_stub.c rename to jni/external/sqlite3_stub.c