Home | History | Annotate | Download | only in selinux 
      1 /*
      2  * Labeling interface for userspace object managers and others.
      3  *
      4  * Author : Eamon Walsh <ewalsh (at) tycho.nsa.gov>
      5  */
      6 #ifndef _SELABEL_H_
      7 #define _SELABEL_H_
      8 
      9 #include <sys/types.h>
     10 #include <selinux/selinux.h>
     11 
     12 #ifdef __cplusplus
     13 extern "C" {
     14 #endif
     15 
     16 /*
     17  * Opaque type used for all label handles.
     18  */
     19 
     20 struct selabel_handle;
     21 
     22 /*
     23  * Available backends.
     24  */
     25 
     26 /* file contexts */
     27 #define SELABEL_CTX_FILE	0
     28 /* media contexts */
     29 #define SELABEL_CTX_MEDIA	1
     30 /* x contexts */
     31 #define SELABEL_CTX_X		2
     32 /* db objects */
     33 #define SELABEL_CTX_DB		3
     34 /* Android property service contexts */
     35 #define SELABEL_CTX_ANDROID_PROP 4
     36 
     37 /*
     38  * Available options
     39  */
     40 
     41 /* no-op option, useful for unused slots in an array of options */
     42 #define SELABEL_OPT_UNUSED	0
     43 /* validate contexts before returning them (boolean value) */
     44 #define SELABEL_OPT_VALIDATE	1
     45 /* don't use local customizations to backend data (boolean value) */
     46 #define SELABEL_OPT_BASEONLY	2
     47 /* specify an alternate path to use when loading backend data */
     48 #define SELABEL_OPT_PATH	3
     49 /* select a subset of the search space as an optimization (file backend) */
     50 #define SELABEL_OPT_SUBSET	4
     51 /* total number of options */
     52 #define SELABEL_NOPT		5
     53 
     54 /*
     55  * Label operations
     56  */
     57 
     58 /**
     59  * selabel_open - Create a labeling handle.
     60  * @backend: one of the constants specifying a supported labeling backend.
     61  * @opts: array of selabel_opt structures specifying label options or NULL.
     62  * @nopts: number of elements in opts array or zero for no options.
     63  *
     64  * Open a labeling backend for use.  The available backend identifiers are
     65  * listed above.  Options may be provided via the opts parameter; available
     66  * options are listed above.  Not all options may be supported by every
     67  * backend.  Return value is the created handle on success or NULL with
     68  * @errno set on failure.
     69  */
     70 struct selabel_handle *selabel_open(unsigned int backend,
     71 				    const struct selinux_opt *opts,
     72 				    unsigned nopts);
     73 
     74 /**
     75  * selabel_close - Close a labeling handle.
     76  * @handle: specifies handle to close
     77  *
     78  * Destroy the specified handle, closing files, freeing allocated memory,
     79  * etc.  The handle may not be further used after it has been closed.
     80  */
     81 void selabel_close(struct selabel_handle *handle);
     82 
     83 /**
     84  * selabel_lookup - Perform labeling lookup operation.
     85  * @handle: specifies backend instance to query
     86  * @con: returns the appropriate context with which to label the object
     87  * @key: string input to lookup operation
     88  * @type: numeric input to the lookup operation
     89  *
     90  * Perform a labeling lookup operation.  Return %0 on success, -%1 with
     91  * @errno set on failure.  The key and type arguments are the inputs to the
     92  * lookup operation; appropriate values are dictated by the backend in use.
     93  * The result is returned in the memory pointed to by @con and must be freed
     94  * by the user with freecon().
     95  */
     96 int selabel_lookup(struct selabel_handle *handle, security_context_t *con,
     97 		   const char *key, int type);
     98 int selabel_lookup_raw(struct selabel_handle *handle, security_context_t *con,
     99 		       const char *key, int type);
    100 
    101 /**
    102  * selabel_stats - log labeling operation statistics.
    103  * @handle: specifies backend instance to query
    104  *
    105  * Log a message with information about the number of queries performed,
    106  * number of unused matching entries, or other operational statistics.
    107  * Message is backend-specific, some backends may not output a message.
    108  */
    109 void selabel_stats(struct selabel_handle *handle);
    110 
    111 /*
    112  * Type codes used by specific backends
    113  */
    114 
    115 /* X backend */
    116 #define SELABEL_X_PROP		1
    117 #define SELABEL_X_EXT		2
    118 #define SELABEL_X_CLIENT	3
    119 #define SELABEL_X_EVENT		4
    120 #define SELABEL_X_SELN		5
    121 #define SELABEL_X_POLYPROP	6
    122 #define SELABEL_X_POLYSELN	7
    123 
    124 /* DB backend */
    125 #define SELABEL_DB_DATABASE	1
    126 #define SELABEL_DB_SCHEMA	2
    127 #define SELABEL_DB_TABLE	3
    128 #define SELABEL_DB_COLUMN	4
    129 #define SELABEL_DB_SEQUENCE	5
    130 #define SELABEL_DB_VIEW		6
    131 #define SELABEL_DB_PROCEDURE	7
    132 #define SELABEL_DB_BLOB		8
    133 #define SELABEL_DB_TUPLE	9
    134 #define SELABEL_DB_LANGUAGE	10
    135 
    136 #ifdef __cplusplus
    137 }
    138 #endif
    139 #endif	/* _SELABEL_H_ */
    140