147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifndef _SELINUX_H_ 247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define _SELINUX_H_ 347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <sys/types.h> 547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#include <stdarg.h> 647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifdef __cplusplus 847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern "C" { 947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 1047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */ 1247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int is_selinux_enabled(void); 1347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ 1447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int is_selinux_mls_enabled(void); 1547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* No longer used; here for compatibility with legacy callers. */ 1747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnertypedef char *security_context_t; 1847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 1947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Free the memory allocated for a context by any of the below get* calls. */ 2047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern void freecon(char * con); 2147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Free the memory allocated for a context array by security_compute_user. */ 2347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern void freeconary(char ** con); 2447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Wrappers for the /proc/pid/attr API. */ 2647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 2747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get current context, and set *con to refer to it. 2847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 2947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getcon(char ** con); 3047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 3147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the current security context to con. 3247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Note that use of this function requires that the entire application 3347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner be trusted to maintain any desired separation between the old and new 3447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security contexts, unlike exec-based transitions performed via setexeccon. 3547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner When possible, decompose your application and use setexeccon()+execve() 3647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner instead. Note that the application may lose access to its open descriptors 3747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner as a result of a setcon() unless policy allows it to use descriptors opened 3847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner by the old context. */ 3947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setcon(const char * con); 4047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 4147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get context of process identified by pid, and 4247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner set *con to refer to it. Caller must free via freecon. */ 4347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getpidcon(pid_t pid, char ** con); 4447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 4547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get previous context (prior to last exec), and set *con to refer to it. 4647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 4747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getprevcon(char ** con); 4847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 4947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get exec context, and set *con to refer to it. 5047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Sets *con to NULL if no exec context has been set, i.e. using default. 5147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner If non-NULL, caller must free via freecon. */ 5247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getexeccon(char ** con); 5347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 5447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set exec security context for the next execve. 5547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Call with NULL if you want to reset to the default. */ 5647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setexeccon(const char * con); 5747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 5847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get fscreate context, and set *con to refer to it. 5947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Sets *con to NULL if no fs create context has been set, i.e. using default. 6047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner If non-NULL, caller must free via freecon. */ 6147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getfscreatecon(char ** con); 6247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 6347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the fscreate security context for subsequent file creations. 6447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Call with NULL if you want to reset to the default. */ 6547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setfscreatecon(const char * context); 6647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 6747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get keycreate context, and set *con to refer to it. 6847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Sets *con to NULL if no key create context has been set, i.e. using default. 6947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner If non-NULL, caller must free via freecon. */ 7047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getkeycreatecon(char ** con); 7147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 7247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the keycreate security context for subsequent key creations. 7347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Call with NULL if you want to reset to the default. */ 7447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setkeycreatecon(const char * context); 7547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 7647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get sockcreate context, and set *con to refer to it. 7747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Sets *con to NULL if no socket create context has been set, i.e. using default. 7847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner If non-NULL, caller must free via freecon. */ 7947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getsockcreatecon(char ** con); 8047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 8147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the sockcreate security context for subsequent socket creations. 8247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Call with NULL if you want to reset to the default. */ 8347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setsockcreatecon(const char * context); 8447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 8547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Wrappers for the xattr API. */ 8647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 8747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get file context, and set *con to refer to it. 8847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 8947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getfilecon(const char *path, char ** con); 9047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int lgetfilecon(const char *path, char ** con); 9147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int fgetfilecon(int fd, char ** con); 9247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 9347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set file context */ 9447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int setfilecon(const char *path, const char *con); 9547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int lsetfilecon(const char *path, const char *con); 9647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int fsetfilecon(int fd, const char *con); 9747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 9847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Wrappers for the socket API */ 9947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get context of peer socket, and set *con to refer to it. 10147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 10247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int getpeercon(int fd, char ** con); 10347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Wrappers for the selinuxfs (policy) API. */ 10547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnertypedef unsigned int access_vector_t; 10747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnertypedef unsigned short security_class_t; 10847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 10947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstruct av_decision { 11047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t allowed; 11147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t decided; 11247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t auditallow; 11347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t auditdeny; 11447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner unsigned int seqno; 11547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner unsigned int flags; 11647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner}; 11747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 11847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Definitions of av_decision.flags */ 11947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001 12047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 12147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Structure for passing options, used by AVC and label subsystems */ 12247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstruct selinux_opt { 12347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int type; 12447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *value; 12547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner}; 12647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 12747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Callback facilities */ 12847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerunion selinux_callback { 12947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* log the printf-style format and arguments, 13047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner with the type code indicating the type of message */ 13147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int 13247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifdef __GNUC__ 13347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner__attribute__ ((format(printf, 2, 3))) 13447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 13547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner (*func_log) (int type, const char *fmt, ...); 13647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* store a string representation of auditdata (corresponding 13747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner to the given security class) into msgbuf. */ 13847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int (*func_audit) (void *auditdata, security_class_t cls, 13947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char *msgbuf, size_t msgbufsize); 14047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* validate the supplied context, modifying if necessary */ 14147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int (*func_validate) (char **ctx); 14247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* netlink callback for setenforce message */ 14347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int (*func_setenforce) (int enforcing); 14447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* netlink callback for policyload message */ 14547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int (*func_policyload) (int seqno); 14647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner}; 14747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 14847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_CB_LOG 0 14947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_CB_AUDIT 1 15047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_CB_VALIDATE 2 15147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_CB_SETENFORCE 3 15247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_CB_POLICYLOAD 4 15347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 15447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern union selinux_callback selinux_get_callback(int type); 15547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern void selinux_set_callback(int type, union selinux_callback cb); 15647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 15747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner /* Logging type codes, passed to the logging callback */ 15847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_ERROR 0 15947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_WARNING 1 16047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_INFO 2 16147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#define SELINUX_AVC 3 16247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 16347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Compute an access decision. */ 16447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_compute_av(const char * scon, 16547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char * tcon, 16647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_class_t tclass, 16747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t requested, 16847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner struct av_decision *avd); 16947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 17047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Compute a labeling decision and set *newcon to refer to it. 17147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 17247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_compute_create(const char * scon, 17347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char * tcon, 17447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_class_t tclass, 17547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char ** newcon); 17647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 17747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Compute a relabeling decision and set *newcon to refer to it. 17847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 17947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_compute_relabel(const char * scon, 18047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char * tcon, 18147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_class_t tclass, 18247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char ** newcon); 18347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 18447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Compute a polyinstantiation member decision and set *newcon to refer to it. 18547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon. */ 18647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_compute_member(const char * scon, 18747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char * tcon, 18847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner security_class_t tclass, 18947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char ** newcon); 19047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 19147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Compute the set of reachable user contexts and set *con to refer to 19247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner the NULL-terminated array of contexts. Caller must free via freeconary. */ 19347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_compute_user(const char * scon, 19447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *username, 19547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char *** con); 19647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 19747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Load a policy configuration. */ 19847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_load_policy(void *data, size_t len); 19947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 20047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the context of an initial kernel security identifier by name. 20147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Caller must free via freecon */ 20247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_get_initial_context(const char *name, 20347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char ** con); 20447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 20547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Translate boolean strict to name value pair. */ 20647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnertypedef struct { 20747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *name; 20847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner int value; 20947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner} SELboolean; 21047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* save a list of booleans in a single transaction. */ 21147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_set_boolean_list(size_t boolcnt, 21247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner SELboolean * const boollist, int permanent); 21347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 21447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Check the validity of a security context. */ 21547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_check_context(const char * con); 21647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 21747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Canonicalize a security context. */ 21847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_canonicalize_context(const char * con, 21947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner char ** canoncon); 22047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 22147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the enforce flag value. */ 22247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_getenforce(void); 22347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 22447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the enforce flag value. */ 22547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_setenforce(int value); 22647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 22747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the behavior for undefined classes/permissions */ 22847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_deny_unknown(void); 22947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 23047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Disable SELinux at runtime (must be done prior to initial policy load). */ 23147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_disable(void); 23247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 23347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the policy version number. */ 23447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_policyvers(void); 23547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 23647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the boolean names */ 23747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_get_boolean_names(char ***names, int *len); 23847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 23947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the pending value for the boolean */ 24047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_get_boolean_pending(const char *name); 24147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 24247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Get the active value for the boolean */ 24347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_get_boolean_active(const char *name); 24447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 24547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the pending value for the boolean */ 24647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_set_boolean(const char *name, int value); 24747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 24847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Commit the pending values for the booleans */ 24947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_commit_booleans(void); 25047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 25147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Userspace class mapping support */ 25247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerstruct security_class_mapping { 25347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *name; 25447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *perms[sizeof(access_vector_t) * 8 + 1]; 25547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner}; 25647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 25747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int selinux_set_mapping(struct security_class_mapping *map); 25847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 25947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Common helpers */ 26047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 26147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Convert between security class values and string names */ 26247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern security_class_t string_to_security_class(const char *name); 26347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern const char *security_class_to_string(security_class_t cls); 26447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 26547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Convert between individual access vector permissions and string names */ 26647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern const char *security_av_perm_to_string(security_class_t tclass, 26747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t perm); 26847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern access_vector_t string_to_av_perm(security_class_t tclass, 26947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *name); 27047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 27147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Returns an access vector in a string representation. User must free the 27247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner * returned string via free(). */ 27347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int security_av_string(security_class_t tclass, 27447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner access_vector_t av, char **result); 27547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 27647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Check permissions and perform appropriate auditing. */ 27747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnerextern int selinux_check_access(const char * scon, 27847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char * tcon, 27947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *tclass, 28047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner const char *perm, void *aux); 28147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 28247173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner/* Set the path to the selinuxfs mount point explicitly. 28347173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner Normally, this is determined automatically during libselinux 28447173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner initialization, but this is not always possible, e.g. for /sbin/init 28547173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner which performs the initial mount of selinuxfs. */ 28647173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turnervoid set_selinuxmnt(const char *mnt); 28747173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner 28847173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#ifdef __cplusplus 28947173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner} 29047173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 29147173c7d6704f1258b2d85537caa09185f6920c8David 'Digit' Turner#endif 292