147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Labeling interface for userspace object managers and others. 347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * 447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> 547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifndef _SELABEL_H_ 747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define _SELABEL_H_ 847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <stdbool.h> 1047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <sys/types.h> 1147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <selinux/selinux.h> 1247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifdef __cplusplus 1447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern "C" { 1547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 1647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 1847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Opaque type used for all label handles. 1947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 2047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstruct selabel_handle; 2247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 2447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Available backends. 2547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 2647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* file contexts */ 2847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_CTX_FILE 0 2947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* media contexts */ 3047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_CTX_MEDIA 1 3147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* x contexts */ 3247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_CTX_X 2 3347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* db objects */ 3447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_CTX_DB 3 3547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Android property service contexts */ 3647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_CTX_ANDROID_PROP 4 3747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 3947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Available options 4047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 4147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 4247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* no-op option, useful for unused slots in an array of options */ 4347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_OPT_UNUSED 0 4447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* validate contexts before returning them (boolean value) */ 4547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_OPT_VALIDATE 1 4647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* don't use local customizations to backend data (boolean value) */ 4747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_OPT_BASEONLY 2 4847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* specify an alternate path to use when loading backend data */ 4947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_OPT_PATH 3 5047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* select a subset of the search space as an optimization (file backend) */ 5147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_OPT_SUBSET 4 5247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* total number of options */ 5347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_NOPT 5 5447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 5547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 5647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Label operations 5747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 5847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 5947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/** 6047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * selabel_open - Create a labeling handle. 6147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @backend: one of the constants specifying a supported labeling backend. 6247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @opts: array of selabel_opt structures specifying label options or NULL. 6347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @nopts: number of elements in opts array or zero for no options. 6447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * 6547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Open a labeling backend for use. The available backend identifiers are 6647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * listed above. Options may be provided via the opts parameter; available 6747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * options are listed above. Not all options may be supported by every 6847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * backend. Return value is the created handle on success or NULL with 6947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @errno set on failure. 7047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 7147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstruct selabel_handle *selabel_open(unsigned int backend, 7247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const struct selinux_opt *opts, 7347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner unsigned nopts); 7447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 7547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/** 7647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * selabel_close - Close a labeling handle. 7747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @handle: specifies handle to close 7847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * 7947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Destroy the specified handle, closing files, freeing allocated memory, 8047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * etc. The handle may not be further used after it has been closed. 8147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 8247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnervoid selabel_close(struct selabel_handle *handle); 8347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 8447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/** 8547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * selabel_lookup - Perform labeling lookup operation. 8647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @handle: specifies backend instance to query 8747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @con: returns the appropriate context with which to label the object 8847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @key: string input to lookup operation 8947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @type: numeric input to the lookup operation 9047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * 9147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Perform a labeling lookup operation. Return %0 on success, -%1 with 9247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @errno set on failure. The key and type arguments are the inputs to the 9347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * lookup operation; appropriate values are dictated by the backend in use. 9447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * The result is returned in the memory pointed to by @con and must be freed 9547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * by the user with freecon(). 9647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 9747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerint selabel_lookup(struct selabel_handle *handle, char **con, 9847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *key, int type); 9947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerint selabel_lookup_raw(struct selabel_handle *handle, char **con, 10047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *key, int type); 10147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerbool selabel_partial_match(struct selabel_handle *handle, const char *key); 10347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/** 10547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * selabel_stats - log labeling operation statistics. 10647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * @handle: specifies backend instance to query 10747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * 10847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Log a message with information about the number of queries performed, 10947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * number of unused matching entries, or other operational statistics. 11047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Message is backend-specific, some backends may not output a message. 11147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 11247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnervoid selabel_stats(struct selabel_handle *handle); 11347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 11447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* 11547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * Type codes used by specific backends 11647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner */ 11747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 11847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* X backend */ 11947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_PROP 1 12047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_EXT 2 12147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_CLIENT 3 12247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_EVENT 4 12347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_SELN 5 12447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_POLYPROP 6 12547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_X_POLYSELN 7 12647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 12747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* DB backend */ 12847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_DATABASE 1 12947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_SCHEMA 2 13047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_TABLE 3 13147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_COLUMN 4 13247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_SEQUENCE 5 13347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_VIEW 6 13447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_PROCEDURE 7 13547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_BLOB 8 13647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_TUPLE 9 13747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELABEL_DB_LANGUAGE 10 13847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 13947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifdef __cplusplus 14047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner} 14147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 14247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif /* _SELABEL_H_ */ 143