1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/*
* This file describes the internal interface used by the labeler
* for calling the user-supplied memory allocation, validation,
* and locking routine.
*
* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
*/
#ifndef _SELABEL_INTERNAL_H_
#define _SELABEL_INTERNAL_H_
#include <stdlib.h>
#include <stdarg.h>
#include <selinux/selinux.h>
#include <selinux/label.h>
#include "dso.h"
/*
* Installed backends
*/
int selabel_file_init(struct selabel_handle *rec, const struct selinux_opt *opts,
unsigned nopts) hidden;
int selabel_media_init(struct selabel_handle *rec, const struct selinux_opt *opts,
unsigned nopts) hidden;
int selabel_x_init(struct selabel_handle *rec, const struct selinux_opt *opts,
unsigned nopts) hidden;
int selabel_db_init(struct selabel_handle *rec,
const struct selinux_opt *opts, unsigned nopts) hidden;
int selabel_property_init(struct selabel_handle *rec,
const struct selinux_opt *opts, unsigned nopts) hidden;
int selabel_service_init(struct selabel_handle *rec,
const struct selinux_opt *opts, unsigned nopts) hidden;
/*
* Labeling internal structures
*/
struct selabel_sub {
char *src;
int slen;
char *dst;
struct selabel_sub *next;
};
struct selabel_lookup_rec {
char * ctx_raw;
char * ctx_trans;
int validated;
};
struct selabel_handle {
/* arguments that were passed to selabel_open */
unsigned int backend;
int validating;
/* labeling operations */
struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
const char *key, int type);
void (*func_close) (struct selabel_handle *h);
void (*func_stats) (struct selabel_handle *h);
bool (*func_partial_match) (struct selabel_handle *h, const char *key);
struct selabel_lookup_rec *(*func_lookup_best_match)
(struct selabel_handle *h,
const char *key,
const char **aliases,
int type);
enum selabel_cmp_result (*func_cmp)(struct selabel_handle *h1,
struct selabel_handle *h2);
/* supports backend-specific state information */
void *data;
/*
* The main spec file used. Note for file contexts the local and/or
* homedirs could also have been used to resolve a context.
*/
char *spec_file;
/* substitution support */
struct selabel_sub *dist_subs;
struct selabel_sub *subs;
};
/*
* Validation function
*/
extern int
selabel_validate(struct selabel_handle *rec,
struct selabel_lookup_rec *contexts) hidden;
/*
* The read_spec_entries function may be used to
* replace sscanf to read entries from spec files.
*/
extern int read_spec_entries(char *line_buf, const char **errbuf, int num_args, ...);
#endif /* _SELABEL_INTERNAL_H_ */
|
