security_context.hh

Go to the documentation of this file.
00001 /* vim: set sw=4 sts=4 et foldmethod=syntax : */
00002 
00003 /*
00004  * Copyright (c) 2006 Stephen Bennett
00005  *
00006  * This file is part of the Paludis package manager. Paludis is free software;
00007  * you can redistribute it and/or modify it under the terms of the GNU General
00008  * Public License, version 2, as published by the Free Software Foundation.
00009  *
00010  * Paludis is distributed in the hope that it will be useful, but WITHOUT ANY
00011  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
00012  * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
00013  * details.
00014  *
00015  * You should have received a copy of the GNU General Public License along with
00016  * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
00017  * Place, Suite 330, Boston, MA  02111-1307  USA
00018  */
00019 
00020 #ifndef PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH
00021 #define PALUDIS_GUARD_PALUDIS_UTIL_SECURITY_CONTEXT_HH 1
00022 
00023 #include <string>
00024 #include <paludis/util/exception.hh>
00025 #include <paludis/util/instantiation_policy.hh>
00026 #include <paludis/util/private_implementation_pattern.hh>
00027 #include <paludis/util/fs_entry.hh>
00028 
00029 /** \file
00030  * Declarations for SecurityContext and associated classes.
00031  *
00032  * \ingroup grplibpaludisselinux
00033  */
00034 
00035 namespace paludis
00036 {
00037     class FSCreateCon;
00038     class MatchPathCon;
00039 
00040     /**
00041      * Error class for SELinux-related functions
00042      *
00043      * \ingroup grplibpaludisselinux
00044      * \ingroup grpexceptions
00045      */
00046     class PALUDIS_VISIBLE SELinuxException :
00047         public Exception
00048     {
00049         public:
00050             /// Constructor.
00051             SELinuxException(const std::string & our_message)
00052                 : Exception(our_message)
00053             {
00054             }
00055     };
00056 
00057     /**
00058      * Security context class. Wraps security_context_t.
00059      *
00060      * \ingroup grplibpaludisselinux
00061      */
00062     class PALUDIS_VISIBLE SecurityContext :
00063         private PrivateImplementationPattern<SecurityContext>,
00064         private InstantiationPolicy<SecurityContext, instantiation_method::NonCopyableTag>
00065     {
00066         public:
00067             /**
00068              * Constructor
00069              */
00070             SecurityContext();
00071 
00072             /**
00073              * Can be constructed from a string.
00074              */
00075             SecurityContext(const std::string &);
00076 
00077             /**
00078              * Destructor
00079              */
00080             ~SecurityContext();
00081 
00082             friend std::ostream& paludis::operator<<(std::ostream&, const SecurityContext &);
00083             friend class paludis::FSCreateCon;
00084             friend class paludis::MatchPathCon;
00085             friend int paludis::setfilecon(const paludis::FSEntry &, const std::tr1::shared_ptr<const SecurityContext> &);
00086 
00087             /**
00088              * Returns a SecurityContext referring to the current process's context
00089              */
00090             static std::tr1::shared_ptr<const SecurityContext> current_context();
00091 
00092             /**
00093              * Returns a SecurityContext referring to the current filesystem creation context
00094              */
00095             static std::tr1::shared_ptr<const SecurityContext> fs_create_context();
00096     };
00097 
00098     /**
00099      * A SecurityContext can be written to a stream.
00100      *
00101      * \ingroup grplibpaludisselinux
00102      */
00103     std::ostream& operator<<(std::ostream&, const SecurityContext &) PALUDIS_VISIBLE;
00104 
00105     /**
00106      * RAII-style wrapper for setfscreatecon().
00107      *
00108      * Create an FSCreateCon object to set the security context of newly created file objects.
00109      * When destroyed, it will revert to the previous creation context.
00110      *
00111      * Note that with older versions of libselinux this operation is not thread-safe. Any
00112      * multi-threaded code calling it must use a critical section to ensure the desired
00113      * behaviour on all systems.
00114      *
00115      * \ingroup grplibpaludisselinux
00116      */
00117     class PALUDIS_VISIBLE FSCreateCon
00118     {
00119         private:
00120             std::tr1::shared_ptr<const SecurityContext> _context;
00121             std::tr1::shared_ptr<const SecurityContext> _prev_context;
00122 
00123         public:
00124             /**
00125              * Constructor
00126              */
00127             FSCreateCon(const std::tr1::shared_ptr<const SecurityContext> &);
00128 
00129             /**
00130              * Destructor
00131              */
00132             ~FSCreateCon();
00133     };
00134 
00135     /**
00136      * Wrapper class around matchpathcon().
00137      *
00138      * \ingroup grplibpaludisselinux
00139      */
00140     class PALUDIS_VISIBLE MatchPathCon :
00141         public InstantiationPolicy<MatchPathCon, instantiation_method::SingletonTag>
00142     {
00143         private:
00144             bool _good;
00145 
00146         public:
00147             /**
00148              * Constructor. Optional parameter is the path to the file_contexts to use.
00149              */
00150             MatchPathCon();
00151 
00152             /**
00153              * Destructor
00154              */
00155             ~MatchPathCon();
00156 
00157             /**
00158              * Retrieve the default context for a given pathname
00159              */
00160             std::tr1::shared_ptr<const SecurityContext> match(const std::string &, mode_t = 0) const;
00161 
00162             /**
00163              * Did the initialisation succeed?
00164              */
00165             bool good() const;
00166     };
00167 
00168     /**
00169      * Thin wrapper around setfilecon()
00170      *
00171      * \ingroup grplibpaludisselinux
00172      */
00173     int setfilecon(const FSEntry & file, const std::tr1::shared_ptr<const SecurityContext> & con) PALUDIS_VISIBLE;
00174 
00175     /**
00176      * Whether SELinux is enabled. Ideally, you are not using this function.
00177      *
00178      * \ingroup grplibpaludisselinux
00179      */
00180     bool is_selinux_enabled() PALUDIS_VISIBLE;
00181 }
00182 
00183 #endif

Generated on Mon Sep 21 10:36:08 2009 for paludis by  doxygen 1.5.4