1 /* 2 * Labeling interface for userspace object managers and others. 3 * 4 * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> 5 */ 6 #ifndef _SELABEL_H_ 7 #define _SELABEL_H_ 8 9 #include <stdbool.h> 10 #include <sys/types.h> 11 #include <selinux/selinux.h> 12 13 #ifdef __cplusplus 14 extern "C" { 15 #endif 16 17 /* 18 * Opaque type used for all label handles. 19 */ 20 21 struct selabel_handle; 22 23 /* 24 * Available backends. 25 */ 26 27 /* file contexts */ 28 #define SELABEL_CTX_FILE 0 29 /* media contexts */ 30 #define SELABEL_CTX_MEDIA 1 31 /* x contexts */ 32 #define SELABEL_CTX_X 2 33 /* db objects */ 34 #define SELABEL_CTX_DB 3 35 /* Android property service contexts */ 36 #define SELABEL_CTX_ANDROID_PROP 4 37 38 /* 39 * Available options 40 */ 41 42 /* no-op option, useful for unused slots in an array of options */ 43 #define SELABEL_OPT_UNUSED 0 44 /* validate contexts before returning them (boolean value) */ 45 #define SELABEL_OPT_VALIDATE 1 46 /* don't use local customizations to backend data (boolean value) */ 47 #define SELABEL_OPT_BASEONLY 2 48 /* specify an alternate path to use when loading backend data */ 49 #define SELABEL_OPT_PATH 3 50 /* select a subset of the search space as an optimization (file backend) */ 51 #define SELABEL_OPT_SUBSET 4 52 /* total number of options */ 53 #define SELABEL_NOPT 5 54 55 /* 56 * Label operations 57 */ 58 59 /** 60 * selabel_open - Create a labeling handle. 61 * @backend: one of the constants specifying a supported labeling backend. 62 * @opts: array of selabel_opt structures specifying label options or NULL. 63 * @nopts: number of elements in opts array or zero for no options. 64 * 65 * Open a labeling backend for use. The available backend identifiers are 66 * listed above. Options may be provided via the opts parameter; available 67 * options are listed above. Not all options may be supported by every 68 * backend. Return value is the created handle on success or NULL with 69 * @errno set on failure. 70 */ 71 struct selabel_handle *selabel_open(unsigned int backend, 72 const struct selinux_opt *opts, 73 unsigned nopts); 74 75 /** 76 * selabel_close - Close a labeling handle. 77 * @handle: specifies handle to close 78 * 79 * Destroy the specified handle, closing files, freeing allocated memory, 80 * etc. The handle may not be further used after it has been closed. 81 */ 82 void selabel_close(struct selabel_handle *handle); 83 84 /** 85 * selabel_lookup - Perform labeling lookup operation. 86 * @handle: specifies backend instance to query 87 * @con: returns the appropriate context with which to label the object 88 * @key: string input to lookup operation 89 * @type: numeric input to the lookup operation 90 * 91 * Perform a labeling lookup operation. Return %0 on success, -%1 with 92 * @errno set on failure. The key and type arguments are the inputs to the 93 * lookup operation; appropriate values are dictated by the backend in use. 94 * The result is returned in the memory pointed to by @con and must be freed 95 * by the user with freecon(). 96 */ 97 int selabel_lookup(struct selabel_handle *handle, char **con, 98 const char *key, int type); 99 int selabel_lookup_raw(struct selabel_handle *handle, char **con, 100 const char *key, int type); 101 102 bool selabel_partial_match(struct selabel_handle *handle, const char *key); 103 104 int selabel_lookup_best_match(struct selabel_handle *rec, char **con, 105 const char *key, const char **aliases, int type); 106 107 enum selabel_cmp_result { 108 SELABEL_SUBSET, 109 SELABEL_EQUAL, 110 SELABEL_SUPERSET, 111 SELABEL_INCOMPARABLE 112 }; 113 114 /** 115 * selabel_cmp - Compare two label configurations. 116 * @h1: handle for the first label configuration 117 * @h2: handle for the first label configuration 118 * 119 * Compare two label configurations. 120 * Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL 121 * if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset 122 * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable. 123 */ 124 enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1, 125 struct selabel_handle *h2); 126 127 /** 128 * selabel_stats - log labeling operation statistics. 129 * @handle: specifies backend instance to query 130 * 131 * Log a message with information about the number of queries performed, 132 * number of unused matching entries, or other operational statistics. 133 * Message is backend-specific, some backends may not output a message. 134 */ 135 void selabel_stats(struct selabel_handle *handle); 136 137 /* 138 * Type codes used by specific backends 139 */ 140 141 /* X backend */ 142 #define SELABEL_X_PROP 1 143 #define SELABEL_X_EXT 2 144 #define SELABEL_X_CLIENT 3 145 #define SELABEL_X_EVENT 4 146 #define SELABEL_X_SELN 5 147 #define SELABEL_X_POLYPROP 6 148 #define SELABEL_X_POLYSELN 7 149 150 /* DB backend */ 151 #define SELABEL_DB_DATABASE 1 152 #define SELABEL_DB_SCHEMA 2 153 #define SELABEL_DB_TABLE 3 154 #define SELABEL_DB_COLUMN 4 155 #define SELABEL_DB_SEQUENCE 5 156 #define SELABEL_DB_VIEW 6 157 #define SELABEL_DB_PROCEDURE 7 158 #define SELABEL_DB_BLOB 8 159 #define SELABEL_DB_TUPLE 9 160 #define SELABEL_DB_LANGUAGE 10 161 162 #ifdef __cplusplus 163 } 164 #endif 165 #endif /* _SELABEL_H_ */ 166