#include <string>

#include <selinux/android.h>
#include <selinux/avc.h>

namespace android {

class AccessControl {
public:
    AccessControl();

    using Context = std::unique_ptr<char, decltype(&freecon)>;
    Context getContext(pid_t sourcePid);

    bool canAdd(const std::string& fqName, const Context &context, pid_t pid);
    bool canGet(const std::string& fqName, pid_t pid);
    bool canList(pid_t pid);

private:

    bool checkPermission(const Context &context, pid_t sourceAuditPid, const char *targetContext, const char *perm, const char *interface);
    bool checkPermission(const Context &context, pid_t sourcePid, const char *perm, const char *interface);

    static int auditCallback(void *data, security_class_t cls, char *buf, size_t len);

    char*                  mSeContext;
    struct selabel_handle* mSeHandle;
    union selinux_callback mSeCallbacks;
};

} // namespace android