Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/ExeBy/smexe_ro.../usr/include/selinux
File: selinux.h
#ifndef _SELINUX_H_
[0] Fix | Delete
#define _SELINUX_H_
[1] Fix | Delete
[2] Fix | Delete
#include <sys/types.h>
[3] Fix | Delete
#include <stdarg.h>
[4] Fix | Delete
[5] Fix | Delete
#ifdef __cplusplus
[6] Fix | Delete
extern "C" {
[7] Fix | Delete
#endif
[8] Fix | Delete
[9] Fix | Delete
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
[10] Fix | Delete
extern int is_selinux_enabled(void);
[11] Fix | Delete
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
[12] Fix | Delete
extern int is_selinux_mls_enabled(void);
[13] Fix | Delete
[14] Fix | Delete
/* No longer used; here for compatibility with legacy callers. */
[15] Fix | Delete
typedef char *security_context_t;
[16] Fix | Delete
[17] Fix | Delete
/* Free the memory allocated for a context by any of the below get* calls. */
[18] Fix | Delete
extern void freecon(char * con);
[19] Fix | Delete
[20] Fix | Delete
/* Free the memory allocated for a context array by security_compute_user. */
[21] Fix | Delete
extern void freeconary(char ** con);
[22] Fix | Delete
[23] Fix | Delete
/* Wrappers for the /proc/pid/attr API. */
[24] Fix | Delete
[25] Fix | Delete
/* Get current context, and set *con to refer to it.
[26] Fix | Delete
Caller must free via freecon. */
[27] Fix | Delete
extern int getcon(char ** con);
[28] Fix | Delete
extern int getcon_raw(char ** con);
[29] Fix | Delete
[30] Fix | Delete
/* Set the current security context to con.
[31] Fix | Delete
Note that use of this function requires that the entire application
[32] Fix | Delete
be trusted to maintain any desired separation between the old and new
[33] Fix | Delete
security contexts, unlike exec-based transitions performed via setexeccon.
[34] Fix | Delete
When possible, decompose your application and use setexeccon()+execve()
[35] Fix | Delete
instead. Note that the application may lose access to its open descriptors
[36] Fix | Delete
as a result of a setcon() unless policy allows it to use descriptors opened
[37] Fix | Delete
by the old context. */
[38] Fix | Delete
extern int setcon(const char * con);
[39] Fix | Delete
extern int setcon_raw(const char * con);
[40] Fix | Delete
[41] Fix | Delete
/* Get context of process identified by pid, and
[42] Fix | Delete
set *con to refer to it. Caller must free via freecon. */
[43] Fix | Delete
extern int getpidcon(pid_t pid, char ** con);
[44] Fix | Delete
extern int getpidcon_raw(pid_t pid, char ** con);
[45] Fix | Delete
[46] Fix | Delete
/* Get previous context (prior to last exec), and set *con to refer to it.
[47] Fix | Delete
Caller must free via freecon. */
[48] Fix | Delete
extern int getprevcon(char ** con);
[49] Fix | Delete
extern int getprevcon_raw(char ** con);
[50] Fix | Delete
[51] Fix | Delete
/* Get exec context, and set *con to refer to it.
[52] Fix | Delete
Sets *con to NULL if no exec context has been set, i.e. using default.
[53] Fix | Delete
If non-NULL, caller must free via freecon. */
[54] Fix | Delete
extern int getexeccon(char ** con);
[55] Fix | Delete
extern int getexeccon_raw(char ** con);
[56] Fix | Delete
[57] Fix | Delete
/* Set exec security context for the next execve.
[58] Fix | Delete
Call with NULL if you want to reset to the default. */
[59] Fix | Delete
extern int setexeccon(const char * con);
[60] Fix | Delete
extern int setexeccon_raw(const char * con);
[61] Fix | Delete
[62] Fix | Delete
/* Get fscreate context, and set *con to refer to it.
[63] Fix | Delete
Sets *con to NULL if no fs create context has been set, i.e. using default.
[64] Fix | Delete
If non-NULL, caller must free via freecon. */
[65] Fix | Delete
extern int getfscreatecon(char ** con);
[66] Fix | Delete
extern int getfscreatecon_raw(char ** con);
[67] Fix | Delete
[68] Fix | Delete
/* Set the fscreate security context for subsequent file creations.
[69] Fix | Delete
Call with NULL if you want to reset to the default. */
[70] Fix | Delete
extern int setfscreatecon(const char * context);
[71] Fix | Delete
extern int setfscreatecon_raw(const char * context);
[72] Fix | Delete
[73] Fix | Delete
/* Get keycreate context, and set *con to refer to it.
[74] Fix | Delete
Sets *con to NULL if no key create context has been set, i.e. using default.
[75] Fix | Delete
If non-NULL, caller must free via freecon. */
[76] Fix | Delete
extern int getkeycreatecon(char ** con);
[77] Fix | Delete
extern int getkeycreatecon_raw(char ** con);
[78] Fix | Delete
[79] Fix | Delete
/* Set the keycreate security context for subsequent key creations.
[80] Fix | Delete
Call with NULL if you want to reset to the default. */
[81] Fix | Delete
extern int setkeycreatecon(const char * context);
[82] Fix | Delete
extern int setkeycreatecon_raw(const char * context);
[83] Fix | Delete
[84] Fix | Delete
/* Get sockcreate context, and set *con to refer to it.
[85] Fix | Delete
Sets *con to NULL if no socket create context has been set, i.e. using default.
[86] Fix | Delete
If non-NULL, caller must free via freecon. */
[87] Fix | Delete
extern int getsockcreatecon(char ** con);
[88] Fix | Delete
extern int getsockcreatecon_raw(char ** con);
[89] Fix | Delete
[90] Fix | Delete
/* Set the sockcreate security context for subsequent socket creations.
[91] Fix | Delete
Call with NULL if you want to reset to the default. */
[92] Fix | Delete
extern int setsockcreatecon(const char * context);
[93] Fix | Delete
extern int setsockcreatecon_raw(const char * context);
[94] Fix | Delete
[95] Fix | Delete
/* Wrappers for the xattr API. */
[96] Fix | Delete
[97] Fix | Delete
/* Get file context, and set *con to refer to it.
[98] Fix | Delete
Caller must free via freecon. */
[99] Fix | Delete
extern int getfilecon(const char *path, char ** con);
[100] Fix | Delete
extern int getfilecon_raw(const char *path, char ** con);
[101] Fix | Delete
extern int lgetfilecon(const char *path, char ** con);
[102] Fix | Delete
extern int lgetfilecon_raw(const char *path, char ** con);
[103] Fix | Delete
extern int fgetfilecon(int fd, char ** con);
[104] Fix | Delete
extern int fgetfilecon_raw(int fd, char ** con);
[105] Fix | Delete
[106] Fix | Delete
/* Set file context */
[107] Fix | Delete
extern int setfilecon(const char *path, const char * con);
[108] Fix | Delete
extern int setfilecon_raw(const char *path, const char * con);
[109] Fix | Delete
extern int lsetfilecon(const char *path, const char * con);
[110] Fix | Delete
extern int lsetfilecon_raw(const char *path, const char * con);
[111] Fix | Delete
extern int fsetfilecon(int fd, const char * con);
[112] Fix | Delete
extern int fsetfilecon_raw(int fd, const char * con);
[113] Fix | Delete
[114] Fix | Delete
/* Wrappers for the socket API */
[115] Fix | Delete
[116] Fix | Delete
/* Get context of peer socket, and set *con to refer to it.
[117] Fix | Delete
Caller must free via freecon. */
[118] Fix | Delete
extern int getpeercon(int fd, char ** con);
[119] Fix | Delete
extern int getpeercon_raw(int fd, char ** con);
[120] Fix | Delete
[121] Fix | Delete
/* Wrappers for the selinuxfs (policy) API. */
[122] Fix | Delete
[123] Fix | Delete
typedef unsigned int access_vector_t;
[124] Fix | Delete
typedef unsigned short security_class_t;
[125] Fix | Delete
[126] Fix | Delete
struct av_decision {
[127] Fix | Delete
access_vector_t allowed;
[128] Fix | Delete
access_vector_t decided;
[129] Fix | Delete
access_vector_t auditallow;
[130] Fix | Delete
access_vector_t auditdeny;
[131] Fix | Delete
unsigned int seqno;
[132] Fix | Delete
unsigned int flags;
[133] Fix | Delete
};
[134] Fix | Delete
[135] Fix | Delete
/* Definitions of av_decision.flags */
[136] Fix | Delete
#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
[137] Fix | Delete
[138] Fix | Delete
/* Structure for passing options, used by AVC and label subsystems */
[139] Fix | Delete
struct selinux_opt {
[140] Fix | Delete
int type;
[141] Fix | Delete
const char *value;
[142] Fix | Delete
};
[143] Fix | Delete
[144] Fix | Delete
/* Callback facilities */
[145] Fix | Delete
union selinux_callback {
[146] Fix | Delete
/* log the printf-style format and arguments,
[147] Fix | Delete
with the type code indicating the type of message */
[148] Fix | Delete
int
[149] Fix | Delete
#ifdef __GNUC__
[150] Fix | Delete
__attribute__ ((format(printf, 2, 3)))
[151] Fix | Delete
#endif
[152] Fix | Delete
(*func_log) (int type, const char *fmt, ...);
[153] Fix | Delete
/* store a string representation of auditdata (corresponding
[154] Fix | Delete
to the given security class) into msgbuf. */
[155] Fix | Delete
int (*func_audit) (void *auditdata, security_class_t cls,
[156] Fix | Delete
char *msgbuf, size_t msgbufsize);
[157] Fix | Delete
/* validate the supplied context, modifying if necessary */
[158] Fix | Delete
int (*func_validate) (char **ctx);
[159] Fix | Delete
/* netlink callback for setenforce message */
[160] Fix | Delete
int (*func_setenforce) (int enforcing);
[161] Fix | Delete
/* netlink callback for policyload message */
[162] Fix | Delete
int (*func_policyload) (int seqno);
[163] Fix | Delete
};
[164] Fix | Delete
[165] Fix | Delete
#define SELINUX_CB_LOG 0
[166] Fix | Delete
#define SELINUX_CB_AUDIT 1
[167] Fix | Delete
#define SELINUX_CB_VALIDATE 2
[168] Fix | Delete
#define SELINUX_CB_SETENFORCE 3
[169] Fix | Delete
#define SELINUX_CB_POLICYLOAD 4
[170] Fix | Delete
[171] Fix | Delete
extern union selinux_callback selinux_get_callback(int type);
[172] Fix | Delete
extern void selinux_set_callback(int type, union selinux_callback cb);
[173] Fix | Delete
[174] Fix | Delete
/* Logging type codes, passed to the logging callback */
[175] Fix | Delete
#define SELINUX_ERROR 0
[176] Fix | Delete
#define SELINUX_WARNING 1
[177] Fix | Delete
#define SELINUX_INFO 2
[178] Fix | Delete
#define SELINUX_AVC 3
[179] Fix | Delete
#define SELINUX_TRANS_DIR "/var/run/setrans"
[180] Fix | Delete
[181] Fix | Delete
/* Compute an access decision. */
[182] Fix | Delete
extern int security_compute_av(const char * scon,
[183] Fix | Delete
const char * tcon,
[184] Fix | Delete
security_class_t tclass,
[185] Fix | Delete
access_vector_t requested,
[186] Fix | Delete
struct av_decision *avd);
[187] Fix | Delete
extern int security_compute_av_raw(const char * scon,
[188] Fix | Delete
const char * tcon,
[189] Fix | Delete
security_class_t tclass,
[190] Fix | Delete
access_vector_t requested,
[191] Fix | Delete
struct av_decision *avd);
[192] Fix | Delete
[193] Fix | Delete
extern int security_compute_av_flags(const char * scon,
[194] Fix | Delete
const char * tcon,
[195] Fix | Delete
security_class_t tclass,
[196] Fix | Delete
access_vector_t requested,
[197] Fix | Delete
struct av_decision *avd);
[198] Fix | Delete
extern int security_compute_av_flags_raw(const char * scon,
[199] Fix | Delete
const char * tcon,
[200] Fix | Delete
security_class_t tclass,
[201] Fix | Delete
access_vector_t requested,
[202] Fix | Delete
struct av_decision *avd);
[203] Fix | Delete
[204] Fix | Delete
/* Compute a labeling decision and set *newcon to refer to it.
[205] Fix | Delete
Caller must free via freecon. */
[206] Fix | Delete
extern int security_compute_create(const char * scon,
[207] Fix | Delete
const char * tcon,
[208] Fix | Delete
security_class_t tclass,
[209] Fix | Delete
char ** newcon);
[210] Fix | Delete
extern int security_compute_create_raw(const char * scon,
[211] Fix | Delete
const char * tcon,
[212] Fix | Delete
security_class_t tclass,
[213] Fix | Delete
char ** newcon);
[214] Fix | Delete
extern int security_compute_create_name(const char * scon,
[215] Fix | Delete
const char * tcon,
[216] Fix | Delete
security_class_t tclass,
[217] Fix | Delete
const char *objname,
[218] Fix | Delete
char ** newcon);
[219] Fix | Delete
extern int security_compute_create_name_raw(const char * scon,
[220] Fix | Delete
const char * tcon,
[221] Fix | Delete
security_class_t tclass,
[222] Fix | Delete
const char *objname,
[223] Fix | Delete
char ** newcon);
[224] Fix | Delete
[225] Fix | Delete
/* Compute a relabeling decision and set *newcon to refer to it.
[226] Fix | Delete
Caller must free via freecon. */
[227] Fix | Delete
extern int security_compute_relabel(const char * scon,
[228] Fix | Delete
const char * tcon,
[229] Fix | Delete
security_class_t tclass,
[230] Fix | Delete
char ** newcon);
[231] Fix | Delete
extern int security_compute_relabel_raw(const char * scon,
[232] Fix | Delete
const char * tcon,
[233] Fix | Delete
security_class_t tclass,
[234] Fix | Delete
char ** newcon);
[235] Fix | Delete
[236] Fix | Delete
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
[237] Fix | Delete
Caller must free via freecon. */
[238] Fix | Delete
extern int security_compute_member(const char * scon,
[239] Fix | Delete
const char * tcon,
[240] Fix | Delete
security_class_t tclass,
[241] Fix | Delete
char ** newcon);
[242] Fix | Delete
extern int security_compute_member_raw(const char * scon,
[243] Fix | Delete
const char * tcon,
[244] Fix | Delete
security_class_t tclass,
[245] Fix | Delete
char ** newcon);
[246] Fix | Delete
[247] Fix | Delete
/*
[248] Fix | Delete
* Compute the set of reachable user contexts and set *con to refer to
[249] Fix | Delete
* the NULL-terminated array of contexts. Caller must free via freeconary.
[250] Fix | Delete
* These interfaces are deprecated. Use get_ordered_context_list() or
[251] Fix | Delete
* one of its variant interfaces instead.
[252] Fix | Delete
*/
[253] Fix | Delete
extern int security_compute_user(const char * scon,
[254] Fix | Delete
const char *username,
[255] Fix | Delete
char *** con);
[256] Fix | Delete
extern int security_compute_user_raw(const char * scon,
[257] Fix | Delete
const char *username,
[258] Fix | Delete
char *** con);
[259] Fix | Delete
[260] Fix | Delete
/* Load a policy configuration. */
[261] Fix | Delete
extern int security_load_policy(void *data, size_t len);
[262] Fix | Delete
[263] Fix | Delete
/* Get the context of an initial kernel security identifier by name.
[264] Fix | Delete
Caller must free via freecon */
[265] Fix | Delete
extern int security_get_initial_context(const char *name,
[266] Fix | Delete
char ** con);
[267] Fix | Delete
extern int security_get_initial_context_raw(const char *name,
[268] Fix | Delete
char ** con);
[269] Fix | Delete
[270] Fix | Delete
/*
[271] Fix | Delete
* Make a policy image and load it.
[272] Fix | Delete
* This function provides a higher level interface for loading policy
[273] Fix | Delete
* than security_load_policy, internally determining the right policy
[274] Fix | Delete
* version, locating and opening the policy file, mapping it into memory,
[275] Fix | Delete
* manipulating it as needed for current boolean settings and/or local
[276] Fix | Delete
* definitions, and then calling security_load_policy to load it.
[277] Fix | Delete
*
[278] Fix | Delete
* 'preservebools' is a boolean flag indicating whether current
[279] Fix | Delete
* policy boolean values should be preserved into the new policy (if 1)
[280] Fix | Delete
* or reset to the saved policy settings (if 0). The former case is the
[281] Fix | Delete
* default for policy reloads, while the latter case is an option for policy
[282] Fix | Delete
* reloads but is primarily for the initial policy load.
[283] Fix | Delete
*/
[284] Fix | Delete
extern int selinux_mkload_policy(int preservebools);
[285] Fix | Delete
[286] Fix | Delete
/*
[287] Fix | Delete
* Perform the initial policy load.
[288] Fix | Delete
* This function determines the desired enforcing mode, sets the
[289] Fix | Delete
* the *enforce argument accordingly for the caller to use, sets the
[290] Fix | Delete
* SELinux kernel enforcing status to match it, and loads the policy.
[291] Fix | Delete
* It also internally handles the initial selinuxfs mount required to
[292] Fix | Delete
* perform these actions.
[293] Fix | Delete
*
[294] Fix | Delete
* The function returns 0 if everything including the policy load succeeds.
[295] Fix | Delete
* In this case, init is expected to re-exec itself in order to transition
[296] Fix | Delete
* to the proper security context.
[297] Fix | Delete
* Otherwise, the function returns -1, and init must check *enforce to
[298] Fix | Delete
* determine how to proceed. If enforcing (*enforce > 0), then init should
[299] Fix | Delete
* halt the system. Otherwise, init may proceed normally without a re-exec.
[300] Fix | Delete
*/
[301] Fix | Delete
extern int selinux_init_load_policy(int *enforce);
[302] Fix | Delete
[303] Fix | Delete
/* Translate boolean strict to name value pair. */
[304] Fix | Delete
typedef struct {
[305] Fix | Delete
char *name;
[306] Fix | Delete
int value;
[307] Fix | Delete
} SELboolean;
[308] Fix | Delete
/* save a list of booleans in a single transaction. */
[309] Fix | Delete
extern int security_set_boolean_list(size_t boolcnt,
[310] Fix | Delete
SELboolean * boollist, int permanent);
[311] Fix | Delete
[312] Fix | Delete
/* Load policy boolean settings.
[313] Fix | Delete
Path may be NULL, in which case the booleans are loaded from
[314] Fix | Delete
the active policy boolean configuration file. */
[315] Fix | Delete
extern int security_load_booleans(char *path);
[316] Fix | Delete
[317] Fix | Delete
/* Check the validity of a security context. */
[318] Fix | Delete
extern int security_check_context(const char * con);
[319] Fix | Delete
extern int security_check_context_raw(const char * con);
[320] Fix | Delete
[321] Fix | Delete
/* Canonicalize a security context. */
[322] Fix | Delete
extern int security_canonicalize_context(const char * con,
[323] Fix | Delete
char ** canoncon);
[324] Fix | Delete
extern int security_canonicalize_context_raw(const char * con,
[325] Fix | Delete
char ** canoncon);
[326] Fix | Delete
[327] Fix | Delete
/* Get the enforce flag value. */
[328] Fix | Delete
extern int security_getenforce(void);
[329] Fix | Delete
[330] Fix | Delete
/* Set the enforce flag value. */
[331] Fix | Delete
extern int security_setenforce(int value);
[332] Fix | Delete
[333] Fix | Delete
/* Get the load-time behavior for undefined classes/permissions */
[334] Fix | Delete
extern int security_reject_unknown(void);
[335] Fix | Delete
[336] Fix | Delete
/* Get the runtime behavior for undefined classes/permissions */
[337] Fix | Delete
extern int security_deny_unknown(void);
[338] Fix | Delete
[339] Fix | Delete
/* Get the checkreqprot value */
[340] Fix | Delete
extern int security_get_checkreqprot(void);
[341] Fix | Delete
[342] Fix | Delete
/* Disable SELinux at runtime (must be done prior to initial policy load). */
[343] Fix | Delete
extern int security_disable(void);
[344] Fix | Delete
[345] Fix | Delete
/* Get the policy version number. */
[346] Fix | Delete
extern int security_policyvers(void);
[347] Fix | Delete
[348] Fix | Delete
/* Get the boolean names */
[349] Fix | Delete
extern int security_get_boolean_names(char ***names, int *len);
[350] Fix | Delete
[351] Fix | Delete
/* Get the pending value for the boolean */
[352] Fix | Delete
extern int security_get_boolean_pending(const char *name);
[353] Fix | Delete
[354] Fix | Delete
/* Get the active value for the boolean */
[355] Fix | Delete
extern int security_get_boolean_active(const char *name);
[356] Fix | Delete
[357] Fix | Delete
/* Set the pending value for the boolean */
[358] Fix | Delete
extern int security_set_boolean(const char *name, int value);
[359] Fix | Delete
[360] Fix | Delete
/* Commit the pending values for the booleans */
[361] Fix | Delete
extern int security_commit_booleans(void);
[362] Fix | Delete
[363] Fix | Delete
/* Userspace class mapping support */
[364] Fix | Delete
struct security_class_mapping {
[365] Fix | Delete
const char *name;
[366] Fix | Delete
const char *perms[sizeof(access_vector_t) * 8 + 1];
[367] Fix | Delete
};
[368] Fix | Delete
[369] Fix | Delete
/**
[370] Fix | Delete
* selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names
[371] Fix | Delete
* @map: array of security_class_mapping structures
[372] Fix | Delete
*
[373] Fix | Delete
* The core avc_has_perm() API uses integers to represent security
[374] Fix | Delete
* classes; previous to the introduction of this function, it was
[375] Fix | Delete
* common for userspace object managers to be compiled using generated
[376] Fix | Delete
* offsets for a particular policy. However, that strongly ties the build of the userspace components to a particular policy.
[377] Fix | Delete
*
[378] Fix | Delete
* By using this function to map between integer offsets and security
[379] Fix | Delete
* class names, it's possible to replace a system policies that have
[380] Fix | Delete
* at least the same set of security class names as used by the
[381] Fix | Delete
* userspace object managers.
[382] Fix | Delete
*
[383] Fix | Delete
* To correctly use this function, you should override the generated
[384] Fix | Delete
* security class defines from the system policy in a local header,
[385] Fix | Delete
* starting at 1, and have one security_class_mapping structure entry
[386] Fix | Delete
* per define.
[387] Fix | Delete
*/
[388] Fix | Delete
extern int selinux_set_mapping(struct security_class_mapping *map);
[389] Fix | Delete
[390] Fix | Delete
/* Common helpers */
[391] Fix | Delete
[392] Fix | Delete
/* Convert between mode and security class values */
[393] Fix | Delete
extern security_class_t mode_to_security_class(mode_t mode);
[394] Fix | Delete
/* Convert between security class values and string names */
[395] Fix | Delete
extern security_class_t string_to_security_class(const char *name);
[396] Fix | Delete
extern const char *security_class_to_string(security_class_t cls);
[397] Fix | Delete
[398] Fix | Delete
/* Convert between individual access vector permissions and string names */
[399] Fix | Delete
extern const char *security_av_perm_to_string(security_class_t tclass,
[400] Fix | Delete
access_vector_t perm);
[401] Fix | Delete
extern access_vector_t string_to_av_perm(security_class_t tclass,
[402] Fix | Delete
const char *name);
[403] Fix | Delete
[404] Fix | Delete
/* Returns an access vector in a string representation. User must free the
[405] Fix | Delete
* returned string via free(). */
[406] Fix | Delete
extern int security_av_string(security_class_t tclass,
[407] Fix | Delete
access_vector_t av, char **result);
[408] Fix | Delete
[409] Fix | Delete
/* Display an access vector in a string representation. */
[410] Fix | Delete
extern void print_access_vector(security_class_t tclass, access_vector_t av);
[411] Fix | Delete
[412] Fix | Delete
/* Set the function used by matchpathcon_init when displaying
[413] Fix | Delete
errors about the file_contexts configuration. If not set,
[414] Fix | Delete
then this defaults to fprintf(stderr, fmt, ...). */
[415] Fix | Delete
extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
[416] Fix | Delete
[417] Fix | Delete
/* Set the function used by matchpathcon_init when checking the
[418] Fix | Delete
validity of a context in the file contexts configuration. If not set,
[419] Fix | Delete
then this defaults to a test based on security_check_context().
[420] Fix | Delete
The function is also responsible for reporting any such error, and
[421] Fix | Delete
may include the 'path' and 'lineno' in such error messages. */
[422] Fix | Delete
extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
[423] Fix | Delete
unsigned lineno,
[424] Fix | Delete
char *context));
[425] Fix | Delete
[426] Fix | Delete
/* Same as above, but also allows canonicalization of the context,
[427] Fix | Delete
by changing *context to refer to the canonical form. If not set,
[428] Fix | Delete
and invalidcon is also not set, then this defaults to calling
[429] Fix | Delete
security_canonicalize_context(). */
[430] Fix | Delete
extern void set_matchpathcon_canoncon(int (*f) (const char *path,
[431] Fix | Delete
unsigned lineno,
[432] Fix | Delete
char **context));
[433] Fix | Delete
[434] Fix | Delete
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
[435] Fix | Delete
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
[436] Fix | Delete
#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
[437] Fix | Delete
#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
[438] Fix | Delete
extern void set_matchpathcon_flags(unsigned int flags);
[439] Fix | Delete
[440] Fix | Delete
/* Load the file contexts configuration specified by 'path'
[441] Fix | Delete
into memory for use by subsequent matchpathcon calls.
[442] Fix | Delete
If 'path' is NULL, then load the active file contexts configuration,
[443] Fix | Delete
i.e. the path returned by selinux_file_context_path().
[444] Fix | Delete
Unless the MATCHPATHCON_BASEONLY flag has been set, this
[445] Fix | Delete
function also checks for a 'path'.homedirs file and
[446] Fix | Delete
a 'path'.local file and loads additional specifications
[447] Fix | Delete
from them if present. */
[448] Fix | Delete
extern int matchpathcon_init(const char *path);
[449] Fix | Delete
[450] Fix | Delete
/* Same as matchpathcon_init, but only load entries with
[451] Fix | Delete
regexes that have stems that are prefixes of 'prefix'. */
[452] Fix | Delete
extern int matchpathcon_init_prefix(const char *path, const char *prefix);
[453] Fix | Delete
[454] Fix | Delete
/* Free the memory allocated by matchpathcon_init. */
[455] Fix | Delete
extern void matchpathcon_fini(void);
[456] Fix | Delete
[457] Fix | Delete
/* Resolve all of the symlinks and relative portions of a pathname, but NOT
[458] Fix | Delete
* the final component (same a realpath() unless the final component is a
[459] Fix | Delete
* symlink. Resolved path must be a path of size PATH_MAX + 1 */
[460] Fix | Delete
extern int realpath_not_final(const char *name, char *resolved_path);
[461] Fix | Delete
[462] Fix | Delete
/* Match the specified pathname and mode against the file contexts
[463] Fix | Delete
configuration and set *con to refer to the resulting context.
[464] Fix | Delete
'mode' can be 0 to disable mode matching.
[465] Fix | Delete
Caller must free via freecon.
[466] Fix | Delete
If matchpathcon_init has not already been called, then this function
[467] Fix | Delete
will call it upon its first invocation with a NULL path. */
[468] Fix | Delete
extern int matchpathcon(const char *path,
[469] Fix | Delete
mode_t mode, char ** con);
[470] Fix | Delete
[471] Fix | Delete
/* Same as above, but return a specification index for
[472] Fix | Delete
later use in a matchpathcon_filespec_add() call - see below. */
[473] Fix | Delete
extern int matchpathcon_index(const char *path,
[474] Fix | Delete
mode_t mode, char ** con);
[475] Fix | Delete
[476] Fix | Delete
/* Maintain an association between an inode and a specification index,
[477] Fix | Delete
and check whether a conflicting specification is already associated
[478] Fix | Delete
with the same inode (e.g. due to multiple hard links). If so, then
[479] Fix | Delete
use the latter of the two specifications based on their order in the
[480] Fix | Delete
file contexts configuration. Return the used specification index. */
[481] Fix | Delete
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
[482] Fix | Delete
[483] Fix | Delete
/* Destroy any inode associations that have been added, e.g. to restart
[484] Fix | Delete
for a new filesystem. */
[485] Fix | Delete
extern void matchpathcon_filespec_destroy(void);
[486] Fix | Delete
[487] Fix | Delete
/* Display statistics on the hash table usage for the associations. */
[488] Fix | Delete
extern void matchpathcon_filespec_eval(void);
[489] Fix | Delete
[490] Fix | Delete
/* Check to see whether any specifications had no matches and report them.
[491] Fix | Delete
The 'str' is used as a prefix for any warning messages. */
[492] Fix | Delete
extern void matchpathcon_checkmatches(char *str);
[493] Fix | Delete
[494] Fix | Delete
/* Match the specified media and against the media contexts
[495] Fix | Delete
configuration and set *con to refer to the resulting context.
[496] Fix | Delete
Caller must free con via freecon. */
[497] Fix | Delete
extern int matchmediacon(const char *media, char ** con);
[498] Fix | Delete
[499] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function