1/*
2 * Labeling interface for userspace object managers and others.
3 *
4 * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
5 */
6#ifndef _SELABEL_H_
7#define _SELABEL_H_
8
9#include <stdbool.h>
10#include <sys/types.h>
11#include <selinux/selinux.h>
12
13#ifdef __cplusplus
14extern "C" {
15#endif
16
17/*
18 * Opaque type used for all label handles.
19 */
20
21struct selabel_handle;
22
23/*
24 * Available backends.
25 */
26
27/* file contexts */
28#define SELABEL_CTX_FILE	0
29/* media contexts */
30#define SELABEL_CTX_MEDIA	1
31/* x contexts */
32#define SELABEL_CTX_X		2
33/* db objects */
34#define SELABEL_CTX_DB		3
35/* Android property service contexts */
36#define SELABEL_CTX_ANDROID_PROP 4
37
38/*
39 * Available options
40 */
41
42/* no-op option, useful for unused slots in an array of options */
43#define SELABEL_OPT_UNUSED	0
44/* validate contexts before returning them (boolean value) */
45#define SELABEL_OPT_VALIDATE	1
46/* don't use local customizations to backend data (boolean value) */
47#define SELABEL_OPT_BASEONLY	2
48/* specify an alternate path to use when loading backend data */
49#define SELABEL_OPT_PATH	3
50/* select a subset of the search space as an optimization (file backend) */
51#define SELABEL_OPT_SUBSET	4
52/* total number of options */
53#define SELABEL_NOPT		5
54
55/*
56 * Label operations
57 */
58
59/**
60 * selabel_open - Create a labeling handle.
61 * @backend: one of the constants specifying a supported labeling backend.
62 * @opts: array of selabel_opt structures specifying label options or NULL.
63 * @nopts: number of elements in opts array or zero for no options.
64 *
65 * Open a labeling backend for use.  The available backend identifiers are
66 * listed above.  Options may be provided via the opts parameter; available
67 * options are listed above.  Not all options may be supported by every
68 * backend.  Return value is the created handle on success or NULL with
69 * @errno set on failure.
70 */
71struct selabel_handle *selabel_open(unsigned int backend,
72				    const struct selinux_opt *opts,
73				    unsigned nopts);
74
75/**
76 * selabel_close - Close a labeling handle.
77 * @handle: specifies handle to close
78 *
79 * Destroy the specified handle, closing files, freeing allocated memory,
80 * etc.  The handle may not be further used after it has been closed.
81 */
82void selabel_close(struct selabel_handle *handle);
83
84/**
85 * selabel_lookup - Perform labeling lookup operation.
86 * @handle: specifies backend instance to query
87 * @con: returns the appropriate context with which to label the object
88 * @key: string input to lookup operation
89 * @type: numeric input to the lookup operation
90 *
91 * Perform a labeling lookup operation.  Return %0 on success, -%1 with
92 * @errno set on failure.  The key and type arguments are the inputs to the
93 * lookup operation; appropriate values are dictated by the backend in use.
94 * The result is returned in the memory pointed to by @con and must be freed
95 * by the user with freecon().
96 */
97int selabel_lookup(struct selabel_handle *handle, char **con,
98		   const char *key, int type);
99int selabel_lookup_raw(struct selabel_handle *handle, char **con,
100		       const char *key, int type);
101
102bool selabel_partial_match(struct selabel_handle *handle, const char *key);
103
104/**
105 * selabel_stats - log labeling operation statistics.
106 * @handle: specifies backend instance to query
107 *
108 * Log a message with information about the number of queries performed,
109 * number of unused matching entries, or other operational statistics.
110 * Message is backend-specific, some backends may not output a message.
111 */
112void selabel_stats(struct selabel_handle *handle);
113
114/*
115 * Type codes used by specific backends
116 */
117
118/* X backend */
119#define SELABEL_X_PROP		1
120#define SELABEL_X_EXT		2
121#define SELABEL_X_CLIENT	3
122#define SELABEL_X_EVENT		4
123#define SELABEL_X_SELN		5
124#define SELABEL_X_POLYPROP	6
125#define SELABEL_X_POLYSELN	7
126
127/* DB backend */
128#define SELABEL_DB_DATABASE	1
129#define SELABEL_DB_SCHEMA	2
130#define SELABEL_DB_TABLE	3
131#define SELABEL_DB_COLUMN	4
132#define SELABEL_DB_SEQUENCE	5
133#define SELABEL_DB_VIEW		6
134#define SELABEL_DB_PROCEDURE	7
135#define SELABEL_DB_BLOB		8
136#define SELABEL_DB_TUPLE	9
137#define SELABEL_DB_LANGUAGE	10
138
139#ifdef __cplusplus
140}
141#endif
142#endif	/* _SELABEL_H_ */
143