Cross Reference: /external/selinux/libselinux/include/selinux/selinux.h

History log of /external/selinux/libselinux/include/selinux/selinux.h
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
9eb9c9327563014ad6a807814e7975424642d5b9	19-Feb-2014	Stephen Smalley <sds@tycho.nsa.gov>	Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
a2737333c795cae2aa4e31deed95a8e155d64d4a	20-Nov-2012	Guillem Jover <guillem@debian.org>	libselinux: Refactor rpm_execcon() into a new setexecfilecon() This new function allows a process to invoke helper programs with a new execution context based on the filename, this is initially intended for package managers so that they can easily execute package scriptlets or maintainer scripts. Base rpm_execcon() off this new function. Signed-off-by: Guillem Jover <guillem@debian.org> /external/selinux/libselinux/include/selinux/selinux.h
d24fb6834d8089832a24e80d862d5944e3781b43	07-Nov-2013	Colin Walters <walters@verbum.org>	selinux_set_mapping: Document it This patch may not actually be useful since there's a man page. /external/selinux/libselinux/include/selinux/selinux.h
7eec00a5be8b5cebcbbc9a30b42b34f4a623c587	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_current_policy_path, which returns the a pointer to the loaded policy Also change audit2why to look at the loaded policy rather then searching on disk for the policy file. It is more likely that you are examining the running policy. /external/selinux/libselinux/include/selinux/selinux.h
851266c1803ed7ce3e8ec2cb2b76e038ca3bd3de	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	define SELINUX_TRANS_DIR in selinux.h I wanted to separate this directory out in order for a new patch to mcstransd to watch this directory for newly created files, which it could then translate. The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then setrans could translate the processes to show system_u:system_r:svirt_t:vm1 /external/selinux/libselinux/include/selinux/selinux.h
ce2a8848ad45e375cfdb58cebe28bc12431bb3db	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_systemd_contexts_path systemd has some internal contexts like generated systemd unit files that we want to allow it to check against processes trying to manage them. /external/selinux/libselinux/include/selinux/selinux.h
7fe6036ca5e3624d6e3a0294b909d93b145eac31	09-Oct-2013	Dan Walsh <dwalsh@redhat.com>	Add selinux_set_policy_root sets an alternate policy root directory path This allows us to specify under which the compiled policy file and context configuration files exist. We can use this with matchpathcon to check the labels under alternate policies, and we can use it for sepolicy manpage to build manpages during policy build. /external/selinux/libselinux/include/selinux/selinux.h
13b599d7b80c1464683f66a1e93e02b984d94c1d	17-Oct-2012	rhatdan <dwalsh@redhat.com>	libselinux: mode_to_security_class: interface to translate a mode_t in to a security class coreutils needs to be able to take a statbuf and ask permissions questions. This gives us the interface to translate that statbuf mode_t into a security class which can be used. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
ee6901618c9da360515474145504c7b58258441f	11-Jun-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: expose selinux_boolean_sub Make selinux_boolean_sub a public method so getsebool can use it, as well as potentially used within libsemanage. Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
88c35241535803247bd3044187c6c3b3c7f02c79	18-Apr-2012	Eric Paris <eparis@redhat.com>	libselinux: boolean name equivalency Add support for booleans.subs file. Basically this allows us to finally change badly named booleans to some standard name. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
c802d4a6d53120a7c067c29625a17b09f922f4d3	18-Apr-2012	Dan Walsh <dwalsh@redhat.com>	libselinux: Add support for lxc_contexts_path In order for lxc to look up its process and file labels we add new libselinux support. This is what we do for everything else, like libvirt, seposgresql, etc. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
2b5a0530e7c06150c84fc233fbfab40c57130f84	25-Mar-2012	Kohei KaiGai <kaigai@kaigai.gr.jp>	libselinux: security_compute_create_name(3) I'd like to use this interface to implement special case handling for the default labeling behavior on temporary database objects. Allow userspace to use the filename_trans rules added to policy. Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com> Signed-off-by: Eric Paris <eparis@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
b82b7e02dfcd46db75a94352815830fdb651fa94	23-Jan-2012	Daniel P. Berrange <berrange@redhat.com>	libselinux: Fix const-correctness * include/selinux/selinux.h, src/init.c: set_selinuxmnt should take a const char mntpath src/get_default_type.c: Avoid bad cast discarding const * load_policy.c: Fix var decl to avoid discarding const Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
2b06f474006db3f32895dab9e393324febb9e16f	23-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: rename and export symlink_realpath symlink_realpath is used by both libselinux and policycoreutils. Instead of coding it twice, export the libselinux version under a new name that makes it sound more generic. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
9c46a0a3153124753e3afbd2090fea65a09e1df1	20-Oct-2011	Dan Walsh <dwalsh@redhat.com>	libselinux: simple interface for access checks Some programs, like passwd, need to do simeple one time access checks. Rather than set up a full avc cache and use that infrastructure they were directly using security_compute_av. A problem with this approach is the lack of audit on denials. This patch creates a new interface that is simple to use and which will still listen to things like permissive and output audit messages on denials. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
b3b19fdce58ff6ddfa6dfb8e5576c922c96e1e45	22-Sep-2011	Eric Paris <eparis@redhat.com>	libselinux: load_policy: handle selinux=0 and /sys/fs/selinux not exist Handle situation where selinux=0 passed to the kernel and both /selinux and /sys/fs/selinux directories do not exist. We used to handle selinux=0 (or kernel compile without selinux) by getting ENODEV when we tried to mount selinuxfs on /selinux. Now selinux=0 means that /sys/fs/selinux won't exist and we never create the real directory /selinux at all. So we get ENOENT instead of ENODEV. The solution is to check to see if the mount failure was for ENODEV and if not to check if selinuxfs exists in /proc/filesystems at all. If it doesn't exist, that's equivalent to ENODEV. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
bc1a8e2a4af543d04e8df70a92a5a7a3aeebf669	09-Mar-2011	Richard Haines <richard_c_haines@btinternet.com>	libselinux: selinux_file_context_verify function returns wrong value. selinux_file_context_verify(3) should now return the correct codes and matchpathcon(8) has been modified to handle them. The selinux_file_context_verify(3)and selinux_file_context_cmp(3) man pages have also been updated (re-written really) to correct return codes. I found that selabel_open left errno set to ENOENT because a file_contexts.subs file did not exist on my system, but left selabel_open alone and set errno = 0 before calling selinux_filecontext_cmp. [fix uninitialize init variable in matchpathcon.c::main - eparis] Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com> /external/selinux/libselinux/include/selinux/selinux.h
20b43b3fd3d392c4f12a963a4e46c264e7ed5163	06-Apr-2011	Daniel J Walsh <dwalsh@redhat.com>	This patch adds a new subs_dist file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The idea is to allow distributions to ship a subs file as well as let the user modify subs. In F16 we are looking at shipping a file_contexts.subs_dist file like this cat file_contexts.subs_dist /run /var/run /run/lock /var/lock /var/run/lock /var/lock /lib64 /lib /usr/lib64 /usr/lib The we will remove all (64)? from policy. This will allow us to make sure all /usr/lib/libBLAH is labeled the same as /usr/lib64/libBLAH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6 QT0An0ihA60di9CRsEqEdVbSaHOwtte5 =LXgd -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libselinux/include/selinux/selinux.h
1629d2f89a8c5f758413b87b94740aaaa5f21144	06-Apr-2011	Daniel J Walsh <dwalsh@redhat.com>	This patch cleans up a couple of crashes caused by libselinux -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you fail to load_policy in the init or SELinux is disabled, you need to free the selinux_mnt variable and clear the memory. systemd was calling load_polcy on a DISABLED system then later on it would call is_selinux_enabled() and get incorrect response, since selinux_mnt still had valid data. The second bug in libselinux, resolves around calling the selinux_key_delete(destructor_key) if the selinux_key_create call had never been called. This was causing data to be freed in other applications that loaded an unloaded the libselinux library but never setup setrans or matchpathcon. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2c0/UACgkQrlYvE4MpobMP1QCfXAFD3pfWFLd1lylU/vjsZmpM mcUAnA2l3/GKGC3hT8XB9E+2pTfpy+uj =jpyr -----END PGP SIGNATURE----- Signed-off-by: Steve Lawrence <slawrence@tresys.com> /external/selinux/libselinux/include/selinux/selinux.h
6a17cfaafcdab82c9909eccff56968913b36a631	14-Jun-2010	KaiGai Kohei <kaigai@ak.jp.nec.com>	Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: libselinux APIs should take "const" qualifier? Date: Tue, 23 Mar 2010 11:56:36 +0900 (2010/03/19 22:32), Stephen Smalley wrote: > On Fri, 2010-03-19 at 16:52 +0900, KaiGai Kohei wrote: >> Right now, security_context_t is an alias of char , declared in selinux.h. >> >> Various kind of libselinux API takes security_context_t arguments, >> however, it is inconvenience in several situations. >> >> For example, the following query is parsed, then delivered to access >> control subsystem with the security context as "const char " cstring. >> >> ALTER TABLE my_tbl SECURITY LABEL TO 'system_u:object_r:sepgsql_table_t:SystemHigh'; >> const char <---- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> In this case, we want to call selinux_trans_to_raw_context() to translate >> the given security context into raw format. But it takes security_context_t >> argument for the source context, although this pointer is read-only. >> In the result, compiler raises warnings because we gave "const char " pointer >> into functions which take security_context_t (= char ). >> >> Any comments? >> >> It seems to me the following functions' prototype should be qualified by >> "const". > > That seems reasonable and should have no impact on library ABI. > On the other hand, others have pointed out that security_context_t is > not a properly encapsulated data type at all, and perhaps should be > deprecated and replaced with direct use of char/const char* throughout. > > There are other library API issues as well that have come up in the > past, such as lack of adequate namespacing (with approaches put forth), > but we don't ever seem to get a round tuit. At first, I tried to add const qualifiers read-only security_context_t pointers, but didn't replace them by char /const char yet, right now. BTW, I could find out the following code: int security_compute_create(security_context_t scon, security_context_t tcon, security_class_t tclass, security_context_t * newcon) { int ret; security_context_t rscon = scon; security_context_t rtcon = tcon; security_context_t rnewcon; if (selinux_trans_to_raw_context(scon, &rscon)) return -1; if (selinux_trans_to_raw_context(tcon, &rtcon)) { freecon(rscon); return -1; } : In this case, scon and tcon can be qualified by const, and the first argument of selinux_trans_to_raw_context() can take const pointer. But it tries to initialize rscon and tscon by const pointer, although these are used to store raw security contexts. The selinux_trans_to_raw_context() always set dynamically allocated text string on the second argument, so we don't need to initialize it anyway. I also removed these initializations in this patch. Does the older mcstrans code could return without allocation of raw format when the given scon is already raw format? I don't know why these are initialized in this manner. Thanks. -- KaiGai Kohei <kaigai@ak.jp.nec.com> Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libselinux/include/selinux/selinux.h
70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83	15-Mar-2010	Eamon Walsh <ewalsh@tycho.nsa.gov>	This patch allows selabel_() interfaces to provide an expected security context for the given database object identified by its name and object class. It is necessary to implement a feature something like the restorecon on databases. The specfile shall be described as follows: ------------------------ # # The specfile for database objects # (for SE-PostgreSQL) # # <object class> <object name> <security context> # db_database system_u:object_r:sepgsql_db_t:s0 db_schema .pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0 db_schema .* system_u:object_r:sepgsql_schema_t:s0 db_table .pg_catalog. system_u:object_r:sepgsql_sysobj_t:s0 db_table ..* system_u:object_r:sepgsql_table_t:s0 ------------------------ - All the characters after the '#' are ignored. - Wildcards ('' and '?') are available. - It returns the first match security context. Note that hierarchy of the namespace of database objects depends on RDBMS. So, author of the specfile needs to write correct patterns which are suitable for the target RDBMS. The patched selabel_() interfaces don't have any heuristics for the namespace hierarchy to be suitable for widespread RDBMSs. In the case of SE-PgSQL, when we lookup an expected security context for the 'my_table' table in the 'public' schema and 'postgres' database, the caller shall provide 'postgres.public.my_table' as a key. In the default, it tries to read a specfile which maps database objects and security context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts. Note that when another RDBMS uses this interface, it needs to give an explicit SELABEL_OPT_PATH option on the selabel_open(). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov> /external/selinux/libselinux/include/selinux/selinux.h
7d19f9df510daef5dc929df5854c2dda2a64f475	20-Oct-2009	Chad Sellers <csellers@tresys.com>	libselinux: Export reset_selinux_config() In integrating SELinux policy into rpm, we have a need to be able to reset the configuration data (e.g. policy type) loaded into libselinux. These values are currently loaded lazily by a number of different functions (e.g. matchpatchcon_init()). Since we are changing rpm to install policy, including initial base policy, we need to be able to reload these configuration items after the policy has been installed. reset_selinux_config() already exists and is used by selinux_init_load_policy() for a similar reason, but it is not exported. This was probably intentionaly since it is not thread safe at all. That said, rpm needs to do the same thing. This patch makes the function public, and places a warning in the header comment that it is not thread safe. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libselinux/include/selinux/selinux.h
66d07600075d53735197520e4a5bbe6796a89d25	16-Sep-2009	Daniel J Walsh <dwalsh@redhat.com>	This patch fixes the exception handling in libselinux-python bindings On 09/16/2009 03:35 PM, Joshua Brindle wrote: > > > Joshua Brindle wrote: >> >> >> Daniel J Walsh wrote: >>> What do you think of this one. Removed excess swig cruft, >>> >>> You need to run >>> >>> make swigify to generate those changes. >>> >> >> Ok, looking at this now. I don't completely get how it works. I'm trying >> to reproduce what you are doing by hand but nothing comes out of gcc: >> >> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' > >> temp.c >> [root@localhost src]# gcc -c temp.c -aux-info temp.aux >> [root@localhost src]# ls temp.* >> temp.c temp.o >> >> >> What is the purpose of the aux-info thing, and why doesn't it work on my >> F11 machine? >> >> also, I'm not sure if the best place for selinuxswig_exception.i is >> swigify or pywrap. In the swigify case it shouldn't be in the clean >> target because if you check out the repo and do make clean; make pywrap >> you'll get an error. (I can make these fixes, I'm just trying to figure >> out how it all works first). >> > > Oh, one more thing, should this be python specific? (E.g, should it be > named selinuxswig_python_exception.i ?) Changed name to selinux_python_exception.i WOrks for me on F11 and F12 dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux dwalsh@localhost$ ls temp.* temp.aux temp.c temp.o cat temp.aux /* compiled from: . / / /usr/include/sys/select.h:109:NC / extern int select (int, fd_set , fd_set , fd_set , struct timeval ); / /usr/include/sys/select.h:121:NC / extern int pselect (int, fd_set , fd_set , fd_set , const struct timespec , const __sigset_t ); /* /usr/include/sys/sysmacros.h:31:NC / extern unsigned int gnu_dev_major (long long unsigned int); / /usr/include/sys/sysmacros.h:34:NC / extern unsigned int gnu_dev_minor (long long unsigned int); / /usr/include/sys/sysmacros.h:37:NC / extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int); / ../include/selinux/selinux.h:12:NC / extern int is_selinux_enabled (void); / ../include/selinux/selinux.h:14:NC / extern int is_selinux_mls_enabled (void); / ../include/selinux/selinux.h:19:NC / extern void freecon (security_context_t); / ../include/selinux/selinux.h:22:NC / extern void freeconary (security_context_t ); ... commit 38d98bd958f42ea18c9376e624d733795665ee22 Author: Dan Walsh <dwalsh@redhat.com> Date: Wed Sep 16 16:51:14 2009 -0400 Add exception code /external/selinux/libselinux/include/selinux/selinux.h
532bd9a8926b4123c9444660041f4e9961543577	07-Jul-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: This patch add seusers support to SELinux Date: Mon, 18 May 2009 14:20:30 -0400 The idea here is to break the seusers file up into lots of little seusers file that can be user specific, also adds the service field to be used by tools like pam_selinux to choose which is the correct context to log a user in as. Patch was added to facilitate IPA handing out SELinux content for selection of roles at login. Signed-off-by: Joshua Brindle <method@manicmethod.com> /external/selinux/libselinux/include/selinux/selinux.h
20271d94ed2b26b94b052ba6ed90b63566cecbb7	04-Jun-2009	Daniel J Walsh <dwalsh@redhat.com>	Author: Daniel J Walsh Email: dwalsh@redhat.com Subject: SELinux context patch Date: Mon, 18 May 2009 14:16:12 -0400 This patch adds context files for virtual_domain and virtual_image, these are both being used to locat the default context to be executed by svirt. I also included the subs patch which I submitted before. This patch allows us to substitute prefixes to matchpathcon. So we can say /export/home == /home and /web == /var/www Author: Chad Sellers Email: csellers@tresys.com Flipped free()'s in original patch when strdup'd fail to proper order. Signed-off-by: Chad Sellers <csellers@tresys.com> /external/selinux/libselinux/include/selinux/selinux.h
433a99d4032706af724ff779d8d9d539f20793f8	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	It is useful for userspace object manager, if libselinux has an interface something like: int security_deny_unknown(void); This interface can suggest applications preferable behavior when string_to_security_class() or string_to_av_perm() returns invalid value which means the security policy does not define required ones. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> /external/selinux/libselinux/include/selinux/selinux.h
55ed6e7fa6b7d55c628fa04508521920e60a43f7	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	This patch enables applications to handle permissive domain correctly. Since the v2.6.26 kernel, SELinux has supported an idea of permissive domain which allows certain processes to work as if permissive mode, even if the global setting is enforcing mode. However, we don't have an application program interface to inform what domains are permissive one, and what domains are not. It means applications focuses on SELinux (XACE/SELinux, SE-PostgreSQL and so on) cannot handle permissive domain correctly. This patch add the sixth field (flags) on the reply of the /selinux/access interface which is used to make an access control decision from userspace. If the first bit of the flags field is positive, it means the required access control decision is on permissive domain, so application should allow any required actions, as the kernel doing. This patch also has a side benefit. The av_decision.flags is set at context_struct_compute_av(). It enables to check required permissions without read_lock(&policy_rwlock). Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> /external/selinux/libselinux/include/selinux/selinux.h
318748d65917fa5a96c17ce3b564074e43482d75	08-Apr-2009	KaiGai Kohei <kaigai@ak.jp.nec.com>	The attached patch enables userspace object managers to handle notification messages via netlink socket from SELinux. * Two new callbacks were added to selinux_set_callback(3) - SELINUX_CB_SETENFORCE is invoked when it got SELNL_MSG_SETENFORCE message in the avc_netlink_process(). - SELINUX_CB_POLICYLOAD is invoked when it got SELNL_MSG_POLICYLOAD message in the avc_netlink_process(). * Three functions were exposed to applications. - int avc_netlink_open(int blocking); - void avc_netlink_loop(void); - void avc_netlink_close(void); Due to a few reasons, SE-PostgreSQL implements its own userspace avc, so it needs to copy and paste some of avc_internal.c. This update enables to share common part from such kind of application. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> /external/selinux/libselinux/include/selinux/selinux.h
f9b1f1a2a17298b60a94780ab5899a8d91cbf100	01-Jan-2009	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add config path function for secolor.conf file. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> /external/selinux/libselinux/include/selinux/selinux.h
cfa3cb6fa5d0cc00fde75ee74ec2da577f62e141	26-Nov-2008	Eamon Walsh <ewalsh@tycho.nsa.gov>	Add client routines for translating raw security contexts into colors. Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> /external/selinux/libselinux/include/selinux/selinux.h
13cd4c8960688af11ad23b4c946149015c80d549	19-Aug-2008	Joshua Brindle <method@manicmethod.com>	initial import from svn trunk revision 2950 /external/selinux/libselinux/include/selinux/selinux.h