1/*
2 * Labeling interface for userspace object managers and others.
3 *
4 * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
5 */
6#ifndef _SELABEL_H_
7#define _SELABEL_H_
8
9#include <stdbool.h>
10#include <sys/types.h>
11#include <selinux/selinux.h>
12
13#ifdef __cplusplus
14extern "C" {
15#endif
16
17/*
18 * Opaque type used for all label handles.
19 */
20
21struct selabel_handle;
22
23/*
24 * Available backends.
25 */
26
27/* file contexts */
28#define SELABEL_CTX_FILE	0
29/* media contexts */
30#define SELABEL_CTX_MEDIA	1
31/* x contexts */
32#define SELABEL_CTX_X		2
33/* db objects */
34#define SELABEL_CTX_DB		3
35/* Android property service contexts */
36#define SELABEL_CTX_ANDROID_PROP 4
37
38/*
39 * Available options
40 */
41
42/* no-op option, useful for unused slots in an array of options */
43#define SELABEL_OPT_UNUSED	0
44/* validate contexts before returning them (boolean value) */
45#define SELABEL_OPT_VALIDATE	1
46/* don't use local customizations to backend data (boolean value) */
47#define SELABEL_OPT_BASEONLY	2
48/* specify an alternate path to use when loading backend data */
49#define SELABEL_OPT_PATH	3
50/* select a subset of the search space as an optimization (file backend) */
51#define SELABEL_OPT_SUBSET	4
52/* total number of options */
53#define SELABEL_NOPT		5
54
55/*
56 * Label operations
57 */
58
59/**
60 * selabel_open - Create a labeling handle.
61 * @backend: one of the constants specifying a supported labeling backend.
62 * @opts: array of selabel_opt structures specifying label options or NULL.
63 * @nopts: number of elements in opts array or zero for no options.
64 *
65 * Open a labeling backend for use.  The available backend identifiers are
66 * listed above.  Options may be provided via the opts parameter; available
67 * options are listed above.  Not all options may be supported by every
68 * backend.  Return value is the created handle on success or NULL with
69 * @errno set on failure.
70 */
71struct selabel_handle *selabel_open(unsigned int backend,
72				    const struct selinux_opt *opts,
73				    unsigned nopts);
74
75/**
76 * selabel_close - Close a labeling handle.
77 * @handle: specifies handle to close
78 *
79 * Destroy the specified handle, closing files, freeing allocated memory,
80 * etc.  The handle may not be further used after it has been closed.
81 */
82void selabel_close(struct selabel_handle *handle);
83
84/**
85 * selabel_lookup - Perform labeling lookup operation.
86 * @handle: specifies backend instance to query
87 * @con: returns the appropriate context with which to label the object
88 * @key: string input to lookup operation
89 * @type: numeric input to the lookup operation
90 *
91 * Perform a labeling lookup operation.  Return %0 on success, -%1 with
92 * @errno set on failure.  The key and type arguments are the inputs to the
93 * lookup operation; appropriate values are dictated by the backend in use.
94 * The result is returned in the memory pointed to by @con and must be freed
95 * by the user with freecon().
96 */
97int selabel_lookup(struct selabel_handle *handle, char **con,
98		   const char *key, int type);
99int selabel_lookup_raw(struct selabel_handle *handle, char **con,
100		       const char *key, int type);
101
102bool selabel_partial_match(struct selabel_handle *handle, const char *key);
103
104int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
105			      const char *key, const char **aliases, int type);
106
107/**
108 * selabel_stats - log labeling operation statistics.
109 * @handle: specifies backend instance to query
110 *
111 * Log a message with information about the number of queries performed,
112 * number of unused matching entries, or other operational statistics.
113 * Message is backend-specific, some backends may not output a message.
114 */
115void selabel_stats(struct selabel_handle *handle);
116
117/*
118 * Type codes used by specific backends
119 */
120
121/* X backend */
122#define SELABEL_X_PROP		1
123#define SELABEL_X_EXT		2
124#define SELABEL_X_CLIENT	3
125#define SELABEL_X_EVENT		4
126#define SELABEL_X_SELN		5
127#define SELABEL_X_POLYPROP	6
128#define SELABEL_X_POLYSELN	7
129
130/* DB backend */
131#define SELABEL_DB_DATABASE	1
132#define SELABEL_DB_SCHEMA	2
133#define SELABEL_DB_TABLE	3
134#define SELABEL_DB_COLUMN	4
135#define SELABEL_DB_SEQUENCE	5
136#define SELABEL_DB_VIEW		6
137#define SELABEL_DB_PROCEDURE	7
138#define SELABEL_DB_BLOB		8
139#define SELABEL_DB_TUPLE	9
140#define SELABEL_DB_LANGUAGE	10
141
142#ifdef __cplusplus
143}
144#endif
145#endif	/* _SELABEL_H_ */
146