1/*
2 * Labeling interface for userspace object managers and others.
3 *
4 * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
5 */
6#ifndef _SELABEL_H_
7#define _SELABEL_H_
8
9#include <stdbool.h>
10#include <stdint.h>
11#include <sys/types.h>
12#include <selinux/selinux.h>
13
14#ifdef __cplusplus
15extern "C" {
16#endif
17
18/*
19 * Opaque type used for all label handles.
20 */
21
22struct selabel_handle;
23
24/*
25 * Available backends.
26 */
27
28/* file contexts */
29#define SELABEL_CTX_FILE 0
30/* media contexts */
31#define SELABEL_CTX_MEDIA 1
32/* x contexts */
33#define SELABEL_CTX_X 2
34/* db objects */
35#define SELABEL_CTX_DB 3
36/* Android property service contexts */
37#define SELABEL_CTX_ANDROID_PROP 4
38/* Android service contexts */
39#define SELABEL_CTX_ANDROID_SERVICE 5
40
41/*
42 * Available options
43 */
44
45/* no-op option, useful for unused slots in an array of options */
46#define SELABEL_OPT_UNUSED 0
47/* validate contexts before returning them (boolean value) */
48#define SELABEL_OPT_VALIDATE 1
49/* don't use local customizations to backend data (boolean value) */
50#define SELABEL_OPT_BASEONLY 2
51/* specify an alternate path to use when loading backend data */
52#define SELABEL_OPT_PATH 3
53/* select a subset of the search space as an optimization (file backend) */
54#define SELABEL_OPT_SUBSET 4
55/* require a hash calculation on spec files */
56#define SELABEL_OPT_DIGEST 5
57/* total number of options */
58#define SELABEL_NOPT 6
59
60/*
61 * Label operations
62 */
63
64/**
65 * selabel_open - Create a labeling handle.
66 * @backend: one of the constants specifying a supported labeling backend.
67 * @opts: array of selabel_opt structures specifying label options or NULL.
68 * @nopts: number of elements in opts array or zero for no options.
69 *
70 * Open a labeling backend for use. The available backend identifiers are
71 * listed above. Options may be provided via the opts parameter; available
72 * options are listed above. Not all options may be supported by every
73 * backend. Return value is the created handle on success or NULL with
74 * @errno set on failure.
75 */
76extern struct selabel_handle *selabel_open(unsigned int backend,
77 const struct selinux_opt *opts,
78 unsigned nopts);
79
80/**
81 * selabel_close - Close a labeling handle.
82 * @handle: specifies handle to close
83 *
84 * Destroy the specified handle, closing files, freeing allocated memory,
85 * etc. The handle may not be further used after it has been closed.
86 */
87extern void selabel_close(struct selabel_handle *handle);
88
89/**
90 * selabel_lookup - Perform labeling lookup operation.
91 * @handle: specifies backend instance to query
92 * @con: returns the appropriate context with which to label the object
93 * @key: string input to lookup operation
94 * @type: numeric input to the lookup operation
95 *
96 * Perform a labeling lookup operation. Return %0 on success, -%1 with
97 * @errno set on failure. The key and type arguments are the inputs to the
98 * lookup operation; appropriate values are dictated by the backend in use.
99 * The result is returned in the memory pointed to by @con and must be freed
100 * by the user with freecon().
101 */
102extern int selabel_lookup(struct selabel_handle *handle, char **con,
103 const char *key, int type);
104extern int selabel_lookup_raw(struct selabel_handle *handle, char **con,
105 const char *key, int type);
106
107extern bool selabel_partial_match(struct selabel_handle *handle, const char *key);
108
109extern bool selabel_get_digests_all_partial_matches(struct selabel_handle *rec,
110 const char *key,
111 uint8_t **calculated_digest,
112 uint8_t **xattr_digest,
113 size_t *digest_len);
114extern bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
115 const char *key, uint8_t* digest);
116
117extern int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
118 const char *key, const char **aliases, int type);
119extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
120 const char *key, const char **aliases, int type);
121
122/**
123 * selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
124 * generate the digest. The SELABEL_OPT_DIGEST option must
125 * be set in selabel_open() to initiate the digest generation.
126 * @handle: specifies backend instance to query
127 * @digest: returns a pointer to the SHA1 digest.
128 * @digest_len: returns length of digest in bytes.
129 * @specfiles: a list of specfiles used in the SHA1 digest generation.
130 * The list is NULL terminated and will hold @num_specfiles entries.
131 * @num_specfiles: number of specfiles in the list.
132 *
133 * Return %0 on success, -%1 with @errno set on failure.
134 */
135extern int selabel_digest(struct selabel_handle *rec,
136 unsigned char **digest, size_t *digest_len,
137 char ***specfiles, size_t *num_specfiles);
138
139enum selabel_cmp_result {
140 SELABEL_SUBSET,
141 SELABEL_EQUAL,
142 SELABEL_SUPERSET,
143 SELABEL_INCOMPARABLE
144};
145
146/**
147 * selabel_cmp - Compare two label configurations.
148 * @h1: handle for the first label configuration
149 * @h2: handle for the first label configuration
150 *
151 * Compare two label configurations.
152 * Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL
153 * if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
154 * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
155 */
156extern enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
157 struct selabel_handle *h2);
158
159/**
160 * selabel_stats - log labeling operation statistics.
161 * @handle: specifies backend instance to query
162 *
163 * Log a message with information about the number of queries performed,
164 * number of unused matching entries, or other operational statistics.
165 * Message is backend-specific, some backends may not output a message.
166 */
167extern void selabel_stats(struct selabel_handle *handle);
168
169/*
170 * Type codes used by specific backends
171 */
172
173/* X backend */
174#define SELABEL_X_PROP 1
175#define SELABEL_X_EXT 2
176#define SELABEL_X_CLIENT 3
177#define SELABEL_X_EVENT 4
178#define SELABEL_X_SELN 5
179#define SELABEL_X_POLYPROP 6
180#define SELABEL_X_POLYSELN 7
181
182/* DB backend */
183#define SELABEL_DB_DATABASE 1
184#define SELABEL_DB_SCHEMA 2
185#define SELABEL_DB_TABLE 3
186#define SELABEL_DB_COLUMN 4
187#define SELABEL_DB_SEQUENCE 5
188#define SELABEL_DB_VIEW 6
189#define SELABEL_DB_PROCEDURE 7
190#define SELABEL_DB_BLOB 8
191#define SELABEL_DB_TUPLE 9
192#define SELABEL_DB_LANGUAGE 10
193#define SELABEL_DB_EXCEPTION 11
194#define SELABEL_DB_DATATYPE 12
195
196#ifdef __cplusplus
197}
198#endif
199#endif /* _SELABEL_H_ */
200

source code of include/selinux/label.h