diff options
Diffstat (limited to 'include/selinux/label.h')
| -rw-r--r-- | include/selinux/label.h | 167 |
1 files changed, 0 insertions, 167 deletions
diff --git a/include/selinux/label.h b/include/selinux/label.h deleted file mode 100644 index 07eff74..0000000 --- a/include/selinux/label.h +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Labeling interface for userspace object managers and others. - * - * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> - */ -#ifndef _SELABEL_H_ -#define _SELABEL_H_ - -#include <stdbool.h> -#include <sys/types.h> -#include <selinux/selinux.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Opaque type used for all label handles. - */ - -struct selabel_handle; - -/* - * Available backends. - */ - -/* file contexts */ -#define SELABEL_CTX_FILE 0 -/* media contexts */ -#define SELABEL_CTX_MEDIA 1 -/* x contexts */ -#define SELABEL_CTX_X 2 -/* db objects */ -#define SELABEL_CTX_DB 3 -/* Android property contexts */ -#define SELABEL_CTX_ANDROID_PROP 4 -/* Android service contexts */ -#define SELABEL_CTX_ANDROID_SERVICE 5 - -/* - * Available options - */ - -/* no-op option, useful for unused slots in an array of options */ -#define SELABEL_OPT_UNUSED 0 -/* validate contexts before returning them (boolean value) */ -#define SELABEL_OPT_VALIDATE 1 -/* don't use local customizations to backend data (boolean value) */ -#define SELABEL_OPT_BASEONLY 2 -/* specify an alternate path to use when loading backend data */ -#define SELABEL_OPT_PATH 3 -/* select a subset of the search space as an optimization (file backend) */ -#define SELABEL_OPT_SUBSET 4 -/* total number of options */ -#define SELABEL_NOPT 5 - -/* - * Label operations - */ - -/** - * selabel_open - Create a labeling handle. - * @backend: one of the constants specifying a supported labeling backend. - * @opts: array of selabel_opt structures specifying label options or NULL. - * @nopts: number of elements in opts array or zero for no options. - * - * Open a labeling backend for use. The available backend identifiers are - * listed above. Options may be provided via the opts parameter; available - * options are listed above. Not all options may be supported by every - * backend. Return value is the created handle on success or NULL with - * @errno set on failure. - */ -struct selabel_handle *selabel_open(unsigned int backend, - const struct selinux_opt *opts, - unsigned nopts); - -/** - * selabel_close - Close a labeling handle. - * @handle: specifies handle to close - * - * Destroy the specified handle, closing files, freeing allocated memory, - * etc. The handle may not be further used after it has been closed. - */ -void selabel_close(struct selabel_handle *handle); - -/** - * selabel_lookup - Perform labeling lookup operation. - * @handle: specifies backend instance to query - * @con: returns the appropriate context with which to label the object - * @key: string input to lookup operation - * @type: numeric input to the lookup operation - * - * Perform a labeling lookup operation. Return %0 on success, -%1 with - * @errno set on failure. The key and type arguments are the inputs to the - * lookup operation; appropriate values are dictated by the backend in use. - * The result is returned in the memory pointed to by @con and must be freed - * by the user with freecon(). - */ -int selabel_lookup(struct selabel_handle *handle, char **con, - const char *key, int type); -int selabel_lookup_raw(struct selabel_handle *handle, char **con, - const char *key, int type); - -bool selabel_partial_match(struct selabel_handle *handle, const char *key); - -int selabel_lookup_best_match(struct selabel_handle *rec, char **con, - const char *key, const char **aliases, int type); - -enum selabel_cmp_result { - SELABEL_SUBSET, - SELABEL_EQUAL, - SELABEL_SUPERSET, - SELABEL_INCOMPARABLE -}; - -/** - * selabel_cmp - Compare two label configurations. - * @h1: handle for the first label configuration - * @h2: handle for the first label configuration - * - * Compare two label configurations. - * Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL - * if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset - * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable. - */ -enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1, - struct selabel_handle *h2); - -/** - * selabel_stats - log labeling operation statistics. - * @handle: specifies backend instance to query - * - * Log a message with information about the number of queries performed, - * number of unused matching entries, or other operational statistics. - * Message is backend-specific, some backends may not output a message. - */ -void selabel_stats(struct selabel_handle *handle); - -/* - * Type codes used by specific backends - */ - -/* X backend */ -#define SELABEL_X_PROP 1 -#define SELABEL_X_EXT 2 -#define SELABEL_X_CLIENT 3 -#define SELABEL_X_EVENT 4 -#define SELABEL_X_SELN 5 -#define SELABEL_X_POLYPROP 6 -#define SELABEL_X_POLYSELN 7 - -/* DB backend */ -#define SELABEL_DB_DATABASE 1 -#define SELABEL_DB_SCHEMA 2 -#define SELABEL_DB_TABLE 3 -#define SELABEL_DB_COLUMN 4 -#define SELABEL_DB_SEQUENCE 5 -#define SELABEL_DB_VIEW 6 -#define SELABEL_DB_PROCEDURE 7 -#define SELABEL_DB_BLOB 8 -#define SELABEL_DB_TUPLE 9 -#define SELABEL_DB_LANGUAGE 10 - -#ifdef __cplusplus -} -#endif -#endif /* _SELABEL_H_ */ |