/*

[0] Fix | Delete

* Labeling interface for userspace object managers and others.

[1] Fix | Delete

*

[2] Fix | Delete

* Author : Eamon Walsh <ewalsh@tycho.nsa.gov>

[3] Fix | Delete

*/

[4] Fix | Delete

#ifndef _SELABEL_H_

[5] Fix | Delete

#define _SELABEL_H_

[6] Fix | Delete

[7] Fix | Delete

#include <stdbool.h>

[8] Fix | Delete

#include <sys/types.h>

[9] Fix | Delete

#include <selinux/selinux.h>

[10] Fix | Delete

[11] Fix | Delete

#ifdef __cplusplus

[12] Fix | Delete

extern "C" {

[13] Fix | Delete

#endif

[14] Fix | Delete

[15] Fix | Delete

/*

[16] Fix | Delete

* Opaque type used for all label handles.

[17] Fix | Delete

*/

[18] Fix | Delete

[19] Fix | Delete

struct selabel_handle;

[20] Fix | Delete

[21] Fix | Delete

/*

[22] Fix | Delete

* Available backends.

[23] Fix | Delete

*/

[24] Fix | Delete

[25] Fix | Delete

/* file contexts */

[26] Fix | Delete

#define SELABEL_CTX_FILE 0

[27] Fix | Delete

/* media contexts */

[28] Fix | Delete

#define SELABEL_CTX_MEDIA 1

[29] Fix | Delete

/* x contexts */

[30] Fix | Delete

#define SELABEL_CTX_X 2

[31] Fix | Delete

/* db objects */

[32] Fix | Delete

#define SELABEL_CTX_DB 3

[33] Fix | Delete

/* Android property service contexts */

[34] Fix | Delete

#define SELABEL_CTX_ANDROID_PROP 4

[35] Fix | Delete

/* Android service contexts */

[36] Fix | Delete

#define SELABEL_CTX_ANDROID_SERVICE 5

[37] Fix | Delete

[38] Fix | Delete

/*

[39] Fix | Delete

* Available options

[40] Fix | Delete

*/

[41] Fix | Delete

[42] Fix | Delete

/* no-op option, useful for unused slots in an array of options */

[43] Fix | Delete

#define SELABEL_OPT_UNUSED 0

[44] Fix | Delete

/* validate contexts before returning them (boolean value) */

[45] Fix | Delete

#define SELABEL_OPT_VALIDATE 1

[46] Fix | Delete

/* don't use local customizations to backend data (boolean value) */

[47] Fix | Delete

#define SELABEL_OPT_BASEONLY 2

[48] Fix | Delete

/* specify an alternate path to use when loading backend data */

[49] Fix | Delete

#define SELABEL_OPT_PATH 3

[50] Fix | Delete

/* select a subset of the search space as an optimization (file backend) */

[51] Fix | Delete

#define SELABEL_OPT_SUBSET 4

[52] Fix | Delete

/* require a hash calculation on spec files */

[53] Fix | Delete

#define SELABEL_OPT_DIGEST 5

[54] Fix | Delete

/* total number of options */

[55] Fix | Delete

#define SELABEL_NOPT 6

[56] Fix | Delete

[57] Fix | Delete

/*

[58] Fix | Delete

* Label operations

[59] Fix | Delete

*/

[60] Fix | Delete

[61] Fix | Delete

/**

[62] Fix | Delete

* selabel_open - Create a labeling handle.

[63] Fix | Delete

* @backend: one of the constants specifying a supported labeling backend.

[64] Fix | Delete

* @opts: array of selabel_opt structures specifying label options or NULL.

[65] Fix | Delete

* @nopts: number of elements in opts array or zero for no options.

[66] Fix | Delete

*

[67] Fix | Delete

* Open a labeling backend for use. The available backend identifiers are

[68] Fix | Delete

* listed above. Options may be provided via the opts parameter; available

[69] Fix | Delete

* options are listed above. Not all options may be supported by every

[70] Fix | Delete

* backend. Return value is the created handle on success or NULL with

[71] Fix | Delete

* @errno set on failure.

[72] Fix | Delete

*/

[73] Fix | Delete

struct selabel_handle *selabel_open(unsigned int backend,

[74] Fix | Delete

const struct selinux_opt *opts,

[75] Fix | Delete

unsigned nopts);

[76] Fix | Delete

[77] Fix | Delete

/**

[78] Fix | Delete

* selabel_close - Close a labeling handle.

[79] Fix | Delete

* @handle: specifies handle to close

[80] Fix | Delete

*

[81] Fix | Delete

* Destroy the specified handle, closing files, freeing allocated memory,

[82] Fix | Delete

* etc. The handle may not be further used after it has been closed.

[83] Fix | Delete

*/

[84] Fix | Delete

void selabel_close(struct selabel_handle *handle);

[85] Fix | Delete

[86] Fix | Delete

/**

[87] Fix | Delete

* selabel_lookup - Perform labeling lookup operation.

[88] Fix | Delete

* @handle: specifies backend instance to query

[89] Fix | Delete

* @con: returns the appropriate context with which to label the object

[90] Fix | Delete

* @key: string input to lookup operation

[91] Fix | Delete

* @type: numeric input to the lookup operation

[92] Fix | Delete

*

[93] Fix | Delete

* Perform a labeling lookup operation. Return %0 on success, -%1 with

[94] Fix | Delete

* @errno set on failure. The key and type arguments are the inputs to the

[95] Fix | Delete

* lookup operation; appropriate values are dictated by the backend in use.

[96] Fix | Delete

* The result is returned in the memory pointed to by @con and must be freed

[97] Fix | Delete

* by the user with freecon().

[98] Fix | Delete

*/

[99] Fix | Delete

int selabel_lookup(struct selabel_handle *handle, char **con,

[100] Fix | Delete

const char *key, int type);

[101] Fix | Delete

int selabel_lookup_raw(struct selabel_handle *handle, char **con,

[102] Fix | Delete

const char *key, int type);

[103] Fix | Delete

[104] Fix | Delete

bool selabel_partial_match(struct selabel_handle *handle, const char *key);

[105] Fix | Delete

[106] Fix | Delete

int selabel_lookup_best_match(struct selabel_handle *rec, char **con,

[107] Fix | Delete

const char *key, const char **aliases, int type);

[108] Fix | Delete

int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,

[109] Fix | Delete

const char *key, const char **aliases, int type);

[110] Fix | Delete

[111] Fix | Delete

/**

[112] Fix | Delete

* selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to

[113] Fix | Delete

* generate the digest. The SELABEL_OPT_DIGEST option must

[114] Fix | Delete

* be set in selabel_open() to initiate the digest generation.

[115] Fix | Delete

* @handle: specifies backend instance to query

[116] Fix | Delete

* @digest: returns a pointer to the SHA1 digest.

[117] Fix | Delete

* @digest_len: returns length of digest in bytes.

[118] Fix | Delete

* @specfiles: a list of specfiles used in the SHA1 digest generation.

[119] Fix | Delete

* The list is NULL terminated and will hold @num_specfiles entries.

[120] Fix | Delete

* @num_specfiles: number of specfiles in the list.

[121] Fix | Delete

*

[122] Fix | Delete

* Return %0 on success, -%1 with @errno set on failure.

[123] Fix | Delete

*/

[124] Fix | Delete

int selabel_digest(struct selabel_handle *rec,

[125] Fix | Delete

unsigned char **digest, size_t *digest_len,

[126] Fix | Delete

char ***specfiles, size_t *num_specfiles);

[127] Fix | Delete

[128] Fix | Delete

enum selabel_cmp_result {

[129] Fix | Delete

SELABEL_SUBSET,

[130] Fix | Delete

SELABEL_EQUAL,

[131] Fix | Delete

SELABEL_SUPERSET,

[132] Fix | Delete

SELABEL_INCOMPARABLE

[133] Fix | Delete

};

[134] Fix | Delete

[135] Fix | Delete

/**

[136] Fix | Delete

* selabel_cmp - Compare two label configurations.

[137] Fix | Delete

* @h1: handle for the first label configuration

[138] Fix | Delete

* @h2: handle for the first label configuration

[139] Fix | Delete

*

[140] Fix | Delete

* Compare two label configurations.

[141] Fix | Delete

* Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL

[142] Fix | Delete

* if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset

[143] Fix | Delete

* of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.

[144] Fix | Delete

*/

[145] Fix | Delete

enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,

[146] Fix | Delete

struct selabel_handle *h2);

[147] Fix | Delete

[148] Fix | Delete

/**

[149] Fix | Delete

* selabel_stats - log labeling operation statistics.

[150] Fix | Delete

* @handle: specifies backend instance to query

[151] Fix | Delete

*

[152] Fix | Delete

* Log a message with information about the number of queries performed,

[153] Fix | Delete

* number of unused matching entries, or other operational statistics.

[154] Fix | Delete

* Message is backend-specific, some backends may not output a message.

[155] Fix | Delete

*/

[156] Fix | Delete

void selabel_stats(struct selabel_handle *handle);

[157] Fix | Delete

[158] Fix | Delete

/*

[159] Fix | Delete

* Type codes used by specific backends

[160] Fix | Delete

*/

[161] Fix | Delete

[162] Fix | Delete

/* X backend */

[163] Fix | Delete

#define SELABEL_X_PROP 1

[164] Fix | Delete

#define SELABEL_X_EXT 2

[165] Fix | Delete

#define SELABEL_X_CLIENT 3

[166] Fix | Delete

#define SELABEL_X_EVENT 4

[167] Fix | Delete

#define SELABEL_X_SELN 5

[168] Fix | Delete

#define SELABEL_X_POLYPROP 6

[169] Fix | Delete

#define SELABEL_X_POLYSELN 7

[170] Fix | Delete

[171] Fix | Delete

/* DB backend */

[172] Fix | Delete

#define SELABEL_DB_DATABASE 1

[173] Fix | Delete

#define SELABEL_DB_SCHEMA 2

[174] Fix | Delete

#define SELABEL_DB_TABLE 3

[175] Fix | Delete

#define SELABEL_DB_COLUMN 4

[176] Fix | Delete

#define SELABEL_DB_SEQUENCE 5

[177] Fix | Delete

#define SELABEL_DB_VIEW 6

[178] Fix | Delete

#define SELABEL_DB_PROCEDURE 7

[179] Fix | Delete

#define SELABEL_DB_BLOB 8

[180] Fix | Delete

#define SELABEL_DB_TUPLE 9

[181] Fix | Delete

#define SELABEL_DB_LANGUAGE 10

[182] Fix | Delete

#define SELABEL_DB_EXCEPTION 11

[183] Fix | Delete

#define SELABEL_DB_DATATYPE 12

[184] Fix | Delete

[185] Fix | Delete

#ifdef __cplusplus

[186] Fix | Delete

}

[187] Fix | Delete

#endif

[188] Fix | Delete

#endif /* _SELABEL_H_ */

[189] Fix | Delete

[190] Fix | Delete