/usr/include/apol/netcon-query.h is in libapol-dev 3.3.6.ds-7.2ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 | /**
* @file
* Public Interface for querying portcons, netifcons, and nodecons of
* a policy.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
*
* Copyright (C) 2006-2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef APOL_NETCON_QUERY_H
#define APOL_NETCON_QUERY_H
#ifdef __cplusplus
extern "C"
{
#endif
#include "policy.h"
#include "vector.h"
#include "context-query.h"
#include <qpol/policy.h>
typedef struct apol_portcon_query apol_portcon_query_t;
typedef struct apol_netifcon_query apol_netifcon_query_t;
typedef struct apol_nodecon_query apol_nodecon_query_t;
/******************** portcon queries ********************/
/**
* Execute a query against all portcons within the policy. The
* returned portcons will be unordered.
*
* @param p Policy within which to look up portcons.
* @param po Structure containing parameters for query. If this is
* NULL then return all portcons.
* @param v Reference to a vector of qpol_portcon_t. The vector will
* be allocated by this function. The caller must call
* apol_vector_destroy() afterwards. This will be set to NULL upon no
* results or upon error.
*
* @return 0 on success (including none found), negative on error.
*/
extern int apol_portcon_get_by_query(const apol_policy_t * p, const apol_portcon_query_t * po, apol_vector_t ** v);
/**
* Allocate and return a new portcon query structure. All fields are
* initialized, such that running this blank query results in
* returning all portcons within the policy. The caller must call
* apol_portcon_query_destroy() upon the return value afterwards.
*
* @return An initialized portcon query structure, or NULL upon error.
*/
extern apol_portcon_query_t *apol_portcon_query_create(void);
/**
* Deallocate all memory associated with the referenced portcon
* query, and then set it to NULL. This function does nothing if the
* query is already NULL.
*
* @param po Reference to a portcon query structure to destroy.
*/
extern void apol_portcon_query_destroy(apol_portcon_query_t ** po);
/**
* Set a portcon query to return only portcons that use this protocol.
*
* @param p Policy handler, to report errors.
* @param po Portcon query to set.
* @param proto Limit query to only portcons with this protocol, or
* negative to unset this field.
*
* @return Always 0.
*/
extern int apol_portcon_query_set_protocol(const apol_policy_t * p, apol_portcon_query_t * po, int proto);
/**
* Set a portcon query to return only portcons with this as their low
* port.
*
* @param p Policy handler, to report errors.
* @param po Portcon query to set.
* @param low Limit query to only portcons with this low port, or
* negative to unset this field.
*
* @return Always 0.
*/
extern int apol_portcon_query_set_low(const apol_policy_t * p, apol_portcon_query_t * po, int low);
/**
* Set a portcon query to return only portcons with this as their high
* port.
*
* @param p Policy handler, to report errors.
* @param po Portcon query to set.
* @param high Limit query to only portcons with this high port, or
* negative to unset this field.
*
* @return Always 0.
*/
extern int apol_portcon_query_set_high(const apol_policy_t * p, apol_portcon_query_t * po, int high);
/**
* Set a portcon query to return only portcons matching a context.
* This function takes ownership of the context, such that the caller
* must not modify nor destroy it afterwards.
*
* @param p Policy handler, to report errors.
* @param po Portcon query to set.
* @param context Limit query to only portcons matching this context,
* or NULL to unset this field.
* @param range_match Specifies how to match the MLS range within the
* context. This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
* APOL_QUERY_EXACT. This parameter is ignored if context is NULL.
*
* @return Always returns 0.
*/
extern int apol_portcon_query_set_context(const apol_policy_t * p,
apol_portcon_query_t * po, apol_context_t * context, unsigned int range_match);
/**
* Creates a string containing the textual representation of
* a portcon type.
* @param p Reference to a policy.
* @param portcon Reference to the portcon statement to be rendered.
*
* @return A newly allocated string on success, caller must free;
* NULL on error.
*/
extern char *apol_portcon_render(const apol_policy_t * p, const qpol_portcon_t * portcon);
/******************** netifcon queries ********************/
/**
* Execute a query against all netifcons within the policy. The
* returned netifcons will be unordered.
*
* @param p Policy within which to look up netifcons.
* @param n Structure containing parameters for query. If this is
* NULL then return all netifcons.
* @param v Reference to a vector of qpol_netifcon_t. The vector will
* be allocated by this function. The caller must call
* apol_vector_destroy() afterwards,. This will be set to NULL upon
* no results or upon error.
*
* @return 0 on success (including none found), negative on error.
*/
extern int apol_netifcon_get_by_query(const apol_policy_t * p, const apol_netifcon_query_t * n, apol_vector_t ** v);
/**
* Allocate and return a new netifcon query structure. All fields are
* initialized, such that running this blank query results in
* returning all netifcons within the policy. The caller must call
* apol_netifcon_query_destroy() upon the return value afterwards.
*
* @return An initialized netifcon query structure, or NULL upon
* error.
*/
extern apol_netifcon_query_t *apol_netifcon_query_create(void);
/**
* Deallocate all memory associated with the referenced netifcon
* query, and then set it to NULL. This function does nothing if the
* query is already NULL.
*
* @param n Reference to a netifcon query structure to destroy.
*/
extern void apol_netifcon_query_destroy(apol_netifcon_query_t ** n);
/**
* Set a netifcon query to return only netifcons that use this device.
*
* @param p Policy handler, to report errors.
* @param n Netifcon query to set.
* @param dev Limit query to only netifcons that use this device, or
* NULL to unset this field.
*
* @return 0 on success, negative on error.
*/
extern int apol_netifcon_query_set_device(const apol_policy_t * p, apol_netifcon_query_t * n, const char *dev);
/**
* Set a netifcon query to return only netifcons matching this context
* for its interface. This function takes ownership of the context,
* such that the caller must not modify nor destroy it afterwards.
*
* @param p Policy handler, to report errors.
* @param n Netifcon query to set.
* @param context Limit query to only netifcon matching this context
* for its interface, or NULL to unset this field.
* @param range_match Specifies how to match the MLS range within the
* context. This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
* APOL_QUERY_EXACT. This parameter is ignored if context is NULL.
*
* @return Always returns 0.
*/
extern int apol_netifcon_query_set_if_context(const apol_policy_t * p,
apol_netifcon_query_t * n, apol_context_t * context,
unsigned int range_match);
/**
* Set a netifcon query to return only netifcons matching this context
* for its messages. This function takes ownership of the context,
* such that the caller must not modify nor destroy it afterwards.
*
* @param p Policy handler, to report errors.
* @param n Netifcon query to set.
* @param context Limit query to only netifcon matching this context
* for its messages, or NULL to unset this field.
* @param range_match Specifies how to match the MLS range within the
* context. This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
* APOL_QUERY_EXACT. This parameter is ignored if context is NULL.
*
* @return Always returns 0.
*/
extern int apol_netifcon_query_set_msg_context(const apol_policy_t * p,
apol_netifcon_query_t * n, apol_context_t * context,
unsigned int range_match);
/**
* Creates a string containing the textual representation of
* a netifcon type.
* @param p Reference to a policy.
* @param netifcon Reference to the netifcon statement to be rendered.
*
* @return A newly allocated string on success, caller must free;
* NULL on error.
*/
extern char *apol_netifcon_render(const apol_policy_t * p, const qpol_netifcon_t * netifcon);
/******************** nodecon queries ********************/
/**
* Execute a query against all nodecons within the policy. The
* returned nodecons will be unordered.
*
* @param p Policy within which to look up nodecons.
* @param n Structure containing parameters for query. If this is
* NULL then return all nodecons.
* @param v Reference to a vector of qpol_nodecon_t. The vector will
* be allocated by this function. The caller must call
* apol_vector_destroy() afterwards. This will be set to NULL upon no
* results or upon error.
*
* @return 0 on success (including none found), negative on error.
*/
extern int apol_nodecon_get_by_query(const apol_policy_t * p, const apol_nodecon_query_t * n, apol_vector_t ** v);
/**
* Allocate and return a new nodecon query structure. All fields are
* initialized, such that running this blank query results in
* returning all nodecons within the policy. The caller must call
* apol_nodecon_query_destroy() upon the return value afterwards.
*
* @return An initialized nodecon query structure, or NULL upon
* error.
*/
extern apol_nodecon_query_t *apol_nodecon_query_create(void);
/**
* Deallocate all memory associated with the referenced nodecon
* query, and then set it to NULL. This function does nothing if the
* query is already NULL.
*
* @param n Reference to a nodecon query structure to destroy.
*/
extern void apol_nodecon_query_destroy(apol_nodecon_query_t ** n);
/**
* Set a nodecon query to return only nodecons with this protocol,
* either IPv4 or IPv6.
*
* @param p Policy handler, to report errors.
* @param n Nodecon query to set.
* @param proto Limit query to only this protocol, either QPOL_IPV4 or
* QPOL_IPV6, or a negative value to unset this field.
*
* @return 0 if protocol was valid, -1 on error.
*/
extern int apol_nodecon_query_set_protocol(const apol_policy_t * p, apol_nodecon_query_t * n, int proto);
/**
* Set a nodecon query to return only nodecons with this address. If
* the protocol is QPOL_IPV4 then only the first element of the
* address array is used, for QPOL_IPV6 all four are used.
*
* @param p Policy handler, to report errors.
* @param n Nodecon query to set.
* @param addr Array of no more than four elements representing the
* address, or NULL to unset this field. This function will make a
* copy of the array.
* @param proto Format of address, either QPOL_IPV4 or QPOL_IPV6.
* This parameter is ignored if addr is NULL.
*
* @return 0 if protocol was valid, -1 on error.
*/
extern int apol_nodecon_query_set_addr(const apol_policy_t * p, apol_nodecon_query_t * n, uint32_t * addr, int proto);
/**
* Set a nodecon query to return only nodecons with this netmask. If
* the protocol is QPOL_IPV4 then only the first element of the mask
* array is used, for QPOL_IPV6 all four are used.
*
* @param p Policy handler, to report errors.
* @param n Nodecon query to set.
* @param mask Array of no more than four elements representing the
* netmask, or NULL to unset this field. This function will make a
* copy of the array.
* @param proto Format of mask, either QPOL_IPV4 or QPOL_IPV6. This
* parameter is ignored if mask is NULL.
*
* @return 0 if protocol was valid, -1 on error.
*/
extern int apol_nodecon_query_set_mask(const apol_policy_t * p, apol_nodecon_query_t * n, uint32_t * mask, int proto);
/**
* Set a nodecon query to return only nodecons matching this context.
* This function takes ownership of the context, such that the caller
* must not modify nor destroy it afterwards.
*
* @param p Policy handler, to report errors.
* @param n Nodecon query to set.
* @param context Limit query to only nodecons matching this context,
* or NULL to unset this field.
* @param range_match Specifies how to match the MLS range within the
* context. This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
* APOL_QUERY_EXACT. This parameter is ignored if context is NULL.
*
* @return Always returns 0.
*/
extern int apol_nodecon_query_set_context(const apol_policy_t * p,
apol_nodecon_query_t * n, apol_context_t * context, unsigned int range_match);
/**
* Creates a string containing the textual representation of
* a nodecon type.
* @param p Reference to a policy.
* @param nodecon Reference to the nodecon statement to be rendered.
*
* @return A newly allocated string on success, caller must free;
* NULL on error.
*/
extern char *apol_nodecon_render(const apol_policy_t * p, const qpol_nodecon_t * nodecon);
#ifdef __cplusplus
}
#endif
#endif /* APOL_NETCON_QUERY_H */
|