summaryrefslogtreecommitdiff
path: root/include/selinux/selinux.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/selinux/selinux.h')
-rw-r--r--include/selinux/selinux.h291
1 files changed, 0 insertions, 291 deletions
diff --git a/include/selinux/selinux.h b/include/selinux/selinux.h
deleted file mode 100644
index 8827da8..0000000
--- a/include/selinux/selinux.h
+++ /dev/null
@@ -1,291 +0,0 @@
-#ifndef _SELINUX_H_
-#define _SELINUX_H_
-
-#include <sys/types.h>
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
-extern int is_selinux_enabled(void);
-/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
-extern int is_selinux_mls_enabled(void);
-
-/* No longer used; here for compatibility with legacy callers. */
-typedef char *security_context_t;
-
-/* Free the memory allocated for a context by any of the below get* calls. */
-extern void freecon(char * con);
-
-/* Free the memory allocated for a context array by security_compute_user. */
-extern void freeconary(char ** con);
-
-/* Wrappers for the /proc/pid/attr API. */
-
-/* Get current context, and set *con to refer to it.
- Caller must free via freecon. */
-extern int getcon(char ** con);
-
-/* Set the current security context to con.
- Note that use of this function requires that the entire application
- be trusted to maintain any desired separation between the old and new
- security contexts, unlike exec-based transitions performed via setexeccon.
- When possible, decompose your application and use setexeccon()+execve()
- instead. Note that the application may lose access to its open descriptors
- as a result of a setcon() unless policy allows it to use descriptors opened
- by the old context. */
-extern int setcon(const char * con);
-
-/* Get context of process identified by pid, and
- set *con to refer to it. Caller must free via freecon. */
-extern int getpidcon(pid_t pid, char ** con);
-
-/* Get previous context (prior to last exec), and set *con to refer to it.
- Caller must free via freecon. */
-extern int getprevcon(char ** con);
-
-/* Get exec context, and set *con to refer to it.
- Sets *con to NULL if no exec context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
-extern int getexeccon(char ** con);
-
-/* Set exec security context for the next execve.
- Call with NULL if you want to reset to the default. */
-extern int setexeccon(const char * con);
-
-/* Get fscreate context, and set *con to refer to it.
- Sets *con to NULL if no fs create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
-extern int getfscreatecon(char ** con);
-
-/* Set the fscreate security context for subsequent file creations.
- Call with NULL if you want to reset to the default. */
-extern int setfscreatecon(const char * context);
-
-/* Get keycreate context, and set *con to refer to it.
- Sets *con to NULL if no key create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
-extern int getkeycreatecon(char ** con);
-
-/* Set the keycreate security context for subsequent key creations.
- Call with NULL if you want to reset to the default. */
-extern int setkeycreatecon(const char * context);
-
-/* Get sockcreate context, and set *con to refer to it.
- Sets *con to NULL if no socket create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
-extern int getsockcreatecon(char ** con);
-
-/* Set the sockcreate security context for subsequent socket creations.
- Call with NULL if you want to reset to the default. */
-extern int setsockcreatecon(const char * context);
-
-/* Wrappers for the xattr API. */
-
-/* Get file context, and set *con to refer to it.
- Caller must free via freecon. */
-extern int getfilecon(const char *path, char ** con);
-extern int lgetfilecon(const char *path, char ** con);
-extern int fgetfilecon(int fd, char ** con);
-
-/* Set file context */
-extern int setfilecon(const char *path, const char *con);
-extern int lsetfilecon(const char *path, const char *con);
-extern int fsetfilecon(int fd, const char *con);
-
-/* Wrappers for the socket API */
-
-/* Get context of peer socket, and set *con to refer to it.
- Caller must free via freecon. */
-extern int getpeercon(int fd, char ** con);
-
-/* Wrappers for the selinuxfs (policy) API. */
-
-typedef unsigned int access_vector_t;
-typedef unsigned short security_class_t;
-
-struct av_decision {
- access_vector_t allowed;
- access_vector_t decided;
- access_vector_t auditallow;
- access_vector_t auditdeny;
- unsigned int seqno;
- unsigned int flags;
-};
-
-/* Definitions of av_decision.flags */
-#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
-
-/* Structure for passing options, used by AVC and label subsystems */
-struct selinux_opt {
- int type;
- const char *value;
-};
-
-/* Callback facilities */
-union selinux_callback {
- /* log the printf-style format and arguments,
- with the type code indicating the type of message */
- int
-#ifdef __GNUC__
-__attribute__ ((format(printf, 2, 3)))
-#endif
- (*func_log) (int type, const char *fmt, ...);
- /* store a string representation of auditdata (corresponding
- to the given security class) into msgbuf. */
- int (*func_audit) (void *auditdata, security_class_t cls,
- char *msgbuf, size_t msgbufsize);
- /* validate the supplied context, modifying if necessary */
- int (*func_validate) (char **ctx);
- /* netlink callback for setenforce message */
- int (*func_setenforce) (int enforcing);
- /* netlink callback for policyload message */
- int (*func_policyload) (int seqno);
-};
-
-#define SELINUX_CB_LOG 0
-#define SELINUX_CB_AUDIT 1
-#define SELINUX_CB_VALIDATE 2
-#define SELINUX_CB_SETENFORCE 3
-#define SELINUX_CB_POLICYLOAD 4
-
-extern union selinux_callback selinux_get_callback(int type);
-extern void selinux_set_callback(int type, union selinux_callback cb);
-
- /* Logging type codes, passed to the logging callback */
-#define SELINUX_ERROR 0
-#define SELINUX_WARNING 1
-#define SELINUX_INFO 2
-#define SELINUX_AVC 3
-
-/* Compute an access decision. */
-extern int security_compute_av(const char * scon,
- const char * tcon,
- security_class_t tclass,
- access_vector_t requested,
- struct av_decision *avd);
-
-/* Compute a labeling decision and set *newcon to refer to it.
- Caller must free via freecon. */
-extern int security_compute_create(const char * scon,
- const char * tcon,
- security_class_t tclass,
- char ** newcon);
-
-/* Compute a relabeling decision and set *newcon to refer to it.
- Caller must free via freecon. */
-extern int security_compute_relabel(const char * scon,
- const char * tcon,
- security_class_t tclass,
- char ** newcon);
-
-/* Compute a polyinstantiation member decision and set *newcon to refer to it.
- Caller must free via freecon. */
-extern int security_compute_member(const char * scon,
- const char * tcon,
- security_class_t tclass,
- char ** newcon);
-
-/* Compute the set of reachable user contexts and set *con to refer to
- the NULL-terminated array of contexts. Caller must free via freeconary. */
-extern int security_compute_user(const char * scon,
- const char *username,
- char *** con);
-
-/* Load a policy configuration. */
-extern int security_load_policy(void *data, size_t len);
-
-/* Get the context of an initial kernel security identifier by name.
- Caller must free via freecon */
-extern int security_get_initial_context(const char *name,
- char ** con);
-
-/* Translate boolean strict to name value pair. */
-typedef struct {
- const char *name;
- int value;
-} SELboolean;
-/* save a list of booleans in a single transaction. */
-extern int security_set_boolean_list(size_t boolcnt,
- SELboolean * const boollist, int permanent);
-
-/* Check the validity of a security context. */
-extern int security_check_context(const char * con);
-
-/* Canonicalize a security context. */
-extern int security_canonicalize_context(const char * con,
- char ** canoncon);
-
-/* Get the enforce flag value. */
-extern int security_getenforce(void);
-
-/* Set the enforce flag value. */
-extern int security_setenforce(int value);
-
-/* Get the behavior for undefined classes/permissions */
-extern int security_deny_unknown(void);
-
-/* Disable SELinux at runtime (must be done prior to initial policy load). */
-extern int security_disable(void);
-
-/* Get the policy version number. */
-extern int security_policyvers(void);
-
-/* Get the boolean names */
-extern int security_get_boolean_names(char ***names, int *len);
-
-/* Get the pending value for the boolean */
-extern int security_get_boolean_pending(const char *name);
-
-/* Get the active value for the boolean */
-extern int security_get_boolean_active(const char *name);
-
-/* Set the pending value for the boolean */
-extern int security_set_boolean(const char *name, int value);
-
-/* Commit the pending values for the booleans */
-extern int security_commit_booleans(void);
-
-/* Userspace class mapping support */
-struct security_class_mapping {
- const char *name;
- const char *perms[sizeof(access_vector_t) * 8 + 1];
-};
-
-extern int selinux_set_mapping(struct security_class_mapping *map);
-
-/* Common helpers */
-
-/* Convert between security class values and string names */
-extern security_class_t string_to_security_class(const char *name);
-extern const char *security_class_to_string(security_class_t cls);
-
-/* Convert between individual access vector permissions and string names */
-extern const char *security_av_perm_to_string(security_class_t tclass,
- access_vector_t perm);
-extern access_vector_t string_to_av_perm(security_class_t tclass,
- const char *name);
-
-/* Returns an access vector in a string representation. User must free the
- * returned string via free(). */
-extern int security_av_string(security_class_t tclass,
- access_vector_t av, char **result);
-
-/* Check permissions and perform appropriate auditing. */
-extern int selinux_check_access(const char * scon,
- const char * tcon,
- const char *tclass,
- const char *perm, void *aux);
-
-/* Set the path to the selinuxfs mount point explicitly.
- Normally, this is determined automatically during libselinux
- initialization, but this is not always possible, e.g. for /sbin/init
- which performs the initial mount of selinuxfs. */
-void set_selinuxmnt(const char *mnt);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 13:13:42 +0000