This file is indexed.

/usr/include/apol/netcon-query.h is in libapol-dev 3.3.6.ds-7.2ubuntu4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
/**
 *  @file
 *  Public Interface for querying portcons, netifcons, and nodecons of
 *  a policy.
 *
 *  @author Jeremy A. Mowery jmowery@tresys.com
 *  @author Jason Tang jtang@tresys.com
 *
 *  Copyright (C) 2006-2007 Tresys Technology, LLC
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

#ifndef APOL_NETCON_QUERY_H
#define APOL_NETCON_QUERY_H

#ifdef	__cplusplus
extern "C"
{
#endif

#include "policy.h"
#include "vector.h"
#include "context-query.h"
#include <qpol/policy.h>

	typedef struct apol_portcon_query apol_portcon_query_t;
	typedef struct apol_netifcon_query apol_netifcon_query_t;
	typedef struct apol_nodecon_query apol_nodecon_query_t;

/******************** portcon queries ********************/

/**
 * Execute a query against all portcons within the policy.  The
 * returned portcons will be unordered.
 *
 * @param p Policy within which to look up portcons.
 * @param po Structure containing parameters for query.	 If this is
 * NULL then return all portcons.
 * @param v Reference to a vector of qpol_portcon_t.  The vector will
 * be allocated by this function. The caller must call
 * apol_vector_destroy() afterwards.  This will be set to NULL upon no
 * results or upon error.
 *
 * @return 0 on success (including none found), negative on error.
 */
	extern int apol_portcon_get_by_query(const apol_policy_t * p, const apol_portcon_query_t * po, apol_vector_t ** v);

/**
 * Allocate and return a new portcon query structure. All fields are
 * initialized, such that running this blank query results in
 * returning all portcons within the policy. The caller must call
 * apol_portcon_query_destroy() upon the return value afterwards.
 *
 * @return An initialized portcon query structure, or NULL upon error.
 */
	extern apol_portcon_query_t *apol_portcon_query_create(void);

/**
 * Deallocate all memory associated with the referenced portcon
 * query, and then set it to NULL.  This function does nothing if the
 * query is already NULL.
 *
 * @param po Reference to a portcon query structure to destroy.
 */
	extern void apol_portcon_query_destroy(apol_portcon_query_t ** po);

/**
 * Set a portcon query to return only portcons that use this protocol.
 *
 * @param p Policy handler, to report errors.
 * @param po Portcon query to set.
 * @param proto Limit query to only portcons with this protocol, or
 * negative to unset this field.
 *
 * @return Always 0.
 */
	extern int apol_portcon_query_set_protocol(const apol_policy_t * p, apol_portcon_query_t * po, int proto);

/**
 * Set a portcon query to return only portcons with this as their low
 * port.
 *
 * @param p Policy handler, to report errors.
 * @param po Portcon query to set.
 * @param low Limit query to only portcons with this low port, or
 * negative to unset this field.
 *
 * @return Always 0.
 */
	extern int apol_portcon_query_set_low(const apol_policy_t * p, apol_portcon_query_t * po, int low);

/**
 * Set a portcon query to return only portcons with this as their high
 * port.
 *
 * @param p Policy handler, to report errors.
 * @param po Portcon query to set.
 * @param high Limit query to only portcons with this high port, or
 * negative to unset this field.
 *
 * @return Always 0.
 */
	extern int apol_portcon_query_set_high(const apol_policy_t * p, apol_portcon_query_t * po, int high);

/**
 * Set a portcon query to return only portcons matching a context.
 * This function takes ownership of the context, such that the caller
 * must not modify nor destroy it afterwards.
 *
 * @param p Policy handler, to report errors.
 * @param po Portcon query to set.
 * @param context Limit query to only portcons matching this context,
 * or NULL to unset this field.
 * @param range_match Specifies how to match the MLS range within the
 * context.  This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
 * APOL_QUERY_EXACT.  This parameter is ignored if context is NULL.
 *
 * @return Always returns 0.
 */
	extern int apol_portcon_query_set_context(const apol_policy_t * p,
						  apol_portcon_query_t * po, apol_context_t * context, unsigned int range_match);

/**
 * Creates a string containing the textual representation of
 * a portcon type.
 * @param p Reference to a policy.
 * @param portcon Reference to the portcon statement to be rendered.
 *
 * @return A newly allocated string on success, caller must free;
 * NULL on error.
 */
	extern char *apol_portcon_render(const apol_policy_t * p, const qpol_portcon_t * portcon);

/******************** netifcon queries ********************/

/**
 * Execute a query against all netifcons within the policy.  The
 * returned netifcons will be unordered.
 *
 * @param p Policy within which to look up netifcons.
 * @param n Structure containing parameters for query.	If this is
 * NULL then return all netifcons.
 * @param v Reference to a vector of qpol_netifcon_t.  The vector will
 * be allocated by this function.  The caller must call
 * apol_vector_destroy() afterwards,.  This will be set to NULL upon
 * no results or upon error.
 *
 * @return 0 on success (including none found), negative on error.
 */
	extern int apol_netifcon_get_by_query(const apol_policy_t * p, const apol_netifcon_query_t * n, apol_vector_t ** v);

/**
 * Allocate and return a new netifcon query structure.	All fields are
 * initialized, such that running this blank query results in
 * returning all netifcons within the policy.  The caller must call
 * apol_netifcon_query_destroy() upon the return value afterwards.
 *
 * @return An initialized netifcon query structure, or NULL upon
 * error.
 */
	extern apol_netifcon_query_t *apol_netifcon_query_create(void);

/**
 * Deallocate all memory associated with the referenced netifcon
 * query, and then set it to NULL.  This function does nothing if the
 * query is already NULL.
 *
 * @param n Reference to a netifcon query structure to destroy.
 */
	extern void apol_netifcon_query_destroy(apol_netifcon_query_t ** n);

/**
 * Set a netifcon query to return only netifcons that use this device.
 *
 * @param p Policy handler, to report errors.
 * @param n Netifcon query to set.
 * @param dev Limit query to only netifcons that use this device, or
 * NULL to unset this field.
 *
 * @return 0 on success, negative on error.
 */
	extern int apol_netifcon_query_set_device(const apol_policy_t * p, apol_netifcon_query_t * n, const char *dev);

/**
 * Set a netifcon query to return only netifcons matching this context
 * for its interface.  This function takes ownership of the context,
 * such that the caller must not modify nor destroy it afterwards.
 *
 * @param p Policy handler, to report errors.
 * @param n Netifcon query to set.
 * @param context Limit query to only netifcon matching this context
 * for its interface, or NULL to unset this field.
 * @param range_match Specifies how to match the MLS range within the
 * context.  This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
 * APOL_QUERY_EXACT.  This parameter is ignored if context is NULL.
 *
 * @return Always returns 0.
 */
	extern int apol_netifcon_query_set_if_context(const apol_policy_t * p,
						      apol_netifcon_query_t * n, apol_context_t * context,
						      unsigned int range_match);

/**
 * Set a netifcon query to return only netifcons matching this context
 * for its messages.  This function takes ownership of the context,
 * such that the caller must not modify nor destroy it afterwards.
 *
 * @param p Policy handler, to report errors.
 * @param n Netifcon query to set.
 * @param context Limit query to only netifcon matching this context
 * for its messages, or NULL to unset this field.
 * @param range_match Specifies how to match the MLS range within the
 * context.  This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
 * APOL_QUERY_EXACT.  This parameter is ignored if context is NULL.
 *
 * @return Always returns 0.
 */
	extern int apol_netifcon_query_set_msg_context(const apol_policy_t * p,
						       apol_netifcon_query_t * n, apol_context_t * context,
						       unsigned int range_match);

/**
 * Creates a string containing the textual representation of
 * a netifcon type.
 * @param p Reference to a policy.
 * @param netifcon Reference to the netifcon statement to be rendered.
 *
 * @return A newly allocated string on success, caller must free;
 * NULL on error.
 */
	extern char *apol_netifcon_render(const apol_policy_t * p, const qpol_netifcon_t * netifcon);

/******************** nodecon queries ********************/

/**
 * Execute a query against all nodecons within the policy.  The
 * returned nodecons will be unordered.
 *
 * @param p Policy within which to look up nodecons.
 * @param n Structure containing parameters for query.	If this is
 * NULL then return all nodecons.
 * @param v Reference to a vector of qpol_nodecon_t.  The vector will
 * be allocated by this function.  The caller must call
 * apol_vector_destroy() afterwards.  This will be set to NULL upon no
 * results or upon error.
 *
 * @return 0 on success (including none found), negative on error.
 */
	extern int apol_nodecon_get_by_query(const apol_policy_t * p, const apol_nodecon_query_t * n, apol_vector_t ** v);

/**
 * Allocate and return a new nodecon query structure.  All fields are
 * initialized, such that running this blank query results in
 * returning all nodecons within the policy.  The caller must call
 * apol_nodecon_query_destroy() upon the return value afterwards.
 *
 * @return An initialized nodecon query structure, or NULL upon
 * error.
 */
	extern apol_nodecon_query_t *apol_nodecon_query_create(void);

/**
 * Deallocate all memory associated with the referenced nodecon
 * query, and then set it to NULL.  This function does nothing if the
 * query is already NULL.
 *
 * @param n Reference to a nodecon query structure to destroy.
 */
	extern void apol_nodecon_query_destroy(apol_nodecon_query_t ** n);

/**
 * Set a nodecon query to return only nodecons with this protocol,
 * either IPv4 or IPv6.
 *
 * @param p Policy handler, to report errors.
 * @param n Nodecon query to set.
 * @param proto Limit query to only this protocol, either QPOL_IPV4 or
 * QPOL_IPV6, or a negative value to unset this field.
 *
 * @return 0 if protocol was valid, -1 on error.
 */
	extern int apol_nodecon_query_set_protocol(const apol_policy_t * p, apol_nodecon_query_t * n, int proto);

/**
 * Set a nodecon query to return only nodecons with this address.  If
 * the protocol is QPOL_IPV4 then only the first element of the
 * address array is used, for QPOL_IPV6 all four are used.
 *
 * @param p Policy handler, to report errors.
 * @param n Nodecon query to set.
 * @param addr Array of no more than four elements representing the
 * address, or NULL to unset this field.  This function will make a
 * copy of the array.
 * @param proto Format of address, either QPOL_IPV4 or QPOL_IPV6.
 * This parameter is ignored if addr is NULL.
 *
 * @return 0 if protocol was valid, -1 on error.
 */
	extern int apol_nodecon_query_set_addr(const apol_policy_t * p, apol_nodecon_query_t * n, uint32_t * addr, int proto);

/**
 * Set a nodecon query to return only nodecons with this netmask.  If
 * the protocol is QPOL_IPV4 then only the first element of the mask
 * array is used, for QPOL_IPV6 all four are used.
 *
 * @param p Policy handler, to report errors.
 * @param n Nodecon query to set.
 * @param mask Array of no more than four elements representing the
 * netmask, or NULL to unset this field.  This function will make a
 * copy of the array.
 * @param proto Format of mask, either QPOL_IPV4 or QPOL_IPV6.  This
 * parameter is ignored if mask is NULL.
 *
 * @return 0 if protocol was valid, -1 on error.
 */
	extern int apol_nodecon_query_set_mask(const apol_policy_t * p, apol_nodecon_query_t * n, uint32_t * mask, int proto);

/**
 * Set a nodecon query to return only nodecons matching this context.
 * This function takes ownership of the context, such that the caller
 * must not modify nor destroy it afterwards.
 *
 * @param p Policy handler, to report errors.
 * @param n Nodecon query to set.
 * @param context Limit query to only nodecons matching this context,
 * or NULL to unset this field.
 * @param range_match Specifies how to match the MLS range within the
 * context.  This must be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or
 * APOL_QUERY_EXACT.  This parameter is ignored if context is NULL.
 *
 * @return Always returns 0.
 */
	extern int apol_nodecon_query_set_context(const apol_policy_t * p,
						  apol_nodecon_query_t * n, apol_context_t * context, unsigned int range_match);

/**
 * Creates a string containing the textual representation of
 * a nodecon type.
 * @param p Reference to a policy.
 * @param nodecon Reference to the nodecon statement to be rendered.
 *
 * @return A newly allocated string on success, caller must free;
 * NULL on error.
 */
	extern char *apol_nodecon_render(const apol_policy_t * p, const qpol_nodecon_t * nodecon);

#ifdef	__cplusplus
}
#endif

#endif				       /* APOL_NETCON_QUERY_H */