/usr/include/sefs/fclist.hh is in libsefs-dev 3.3.6.ds-7.2ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 | /**
* @file
* Defines the public interface for the file context list abstract
* object. A user must call a constructor for one of sefs_fcfile_t,
* sefs_db_t, or sefs_filesystem_t to create a sefs_fclist_t object.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
*
* Copyright (C) 2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef SEFS_FCLIST_H
#define SEFS_FCLIST_H
#include <sefs/entry.hh>
#include <sefs/query.hh>
#ifdef __cplusplus
extern "C"
{
#endif
#include <selinux/selinux.h>
#include <stdarg.h>
#ifndef __cplusplus
#include <stdbool.h>
#endif
#include <apol/policy.h>
#define SEFS_MSG_ERR 1 /*!< Message describes a fatal error. */
#define SEFS_MSG_WARN 2 /*!< Message is issued as a warning but does not represent a fatal error. */
#define SEFS_MSG_INFO 3 /*!< Message is issued for inormational reasons and does not represent an atypical state. */
struct sefs_fclist;
typedef void (*sefs_callback_fn_t) (void *varg, const struct sefs_fclist * fclist, int level, const char *fmt,
va_list argp);
/**
* Possible types of fclist for use with sefs_fclist_get_data().
*/
typedef enum sefs_fclist_type
{
SEFS_FCLIST_TYPE_NONE = 0, /*!< Not an actual type, used for error conditions */
SEFS_FCLIST_TYPE_FILESYSTEM, /*!< get_data returns sefs_filesystem_t, a representation of a file system */
SEFS_FCLIST_TYPE_FCFILE, /*!< get_data returns sefs_fcfile_t, a representation of a collection of file_context files */
SEFS_FCLIST_TYPE_DB /*!< get_data returns sefs_db_t, a representation of a database of file system contexts */
} sefs_fclist_type_e;
/**
* Invoke a sefs_fclist_t's callback for an error, passing it a format
* string and arguments.
*/
#define SEFS_ERR(fclist, format, ...) sefs_fclist_handleMsg(fclist, SEFS_MSG_ERR, format, __VA_ARGS__)
/**
* Invoke a sefs_fclist_t's callback for a warning, passing it a
* format string and arguments.
*/
#define SEFS_WARN(fclist, format, ...) sefs_fclist_handleMsg(fclist, SEFS_MSG_WARN, format, __VA_ARGS__)
/**
* Invoke a sefs_fclist's callback for an informational message,
* passing it a format string and arguments.
*/
#define SEFS_INFO(fclist, format, ...) sefs_fclist_handleMsg(fclist, SEFS_MSG_INFO, format, __VA_ARGS__)
extern void sefs_fclist_handleMsg(const struct sefs_fclist *fclist, int level, const char *fmt, ...);
__attribute__ ((format(printf, 3, 4))) void sefs_fclist_handleMsg(const struct sefs_fclist *fclist, int level,
const char *fmt, ...);
#ifdef __cplusplus
}
#include <stdexcept>
struct apol_bst;
struct context_node;
#define SEFS_MAP_FUNC_DEFINED
/**
* Function invoked upon each matching file context entry during a query.
*/
typedef int (*sefs_fclist_map_fn_t) (sefs_fclist *, const sefs_entry *, void *);
/**
* An abstract class the represents a list of file contexts. Contexts
* may be read from a filesystem, inferred from a file_contexts file,
* or read from a database.
*/
class sefs_fclist
{
#ifndef SWIG_FRIENDS
friend void sefs_fclist_handleMsg(const sefs_fclist * fclist, int level, const char *fmt, ...);
friend class sefs_entry;
#endif
public:
virtual ~sefs_fclist();
/**
* Perform a sefs query on the given file context list object,
* and then invoke a callback upon each matching entry.
* Mapping occurs in the order of entries as specified by the
* file context list.
* @param query Query object containing search parameters. If
* NULL, invoke the callback on all entries.
* @param fn Function to invoke upon matching entries. This
* function will be called with three parameters: a pointer to
* this fclist, pointer to a matching entry, and an arbitrary
* data pointer. It should return a non-negative value upon
* success, negative value upon error and to abort the
* mapping. Be aware that the entry may go out of scope upon
* conclusion of runQueryMap(), so \a fn will need to clone
* the entry if it needs it later.
* <p>
* <b>This function must not throw any exceptions.</b> Doing
* so will most likely corrupt fclist's internal state.
* Instead, return a negative value to abort processing.
* @param data Arbitrary pointer to be passed into \a fn as a
* third parameter.
* @return Last value returned by fn() (i.e., >= on success, <
* 0 on failure). If the fclist has no entries then return 0.
* @exception std::runtime_error Error while reading contexts
* from the fclist.
* @exception std::invalid_argument One or more query arguments
* is invalid.
*/
virtual int runQueryMap(sefs_query * query, sefs_fclist_map_fn_t fn, void *data) throw(std::runtime_error,
std::invalid_argument) = 0;
/**
* Perform a sefs query on the given file context list object
* and return a list of matching entries.
* @param query Query object containing search parameters. If
* NULL, return all contexts.
* @return A newly allocated unsorted vector (of class
* sefs_entry *) containing all entries matching the query.
* Do not modify the returned entries. Note that the vector
* may be empty. The caller is responsible for calling
* apol_vector_destroy() on the returned vector.
* @exception std::bad_alloc Out of memory.
* @exception std::runtime_error Error while reading contexts
* from the fclist.
* @exception std::invalid_argument One or more query arguments
* is invalid.
*/
apol_vector_t *runQuery(sefs_query * query) throw(std::bad_alloc, std::runtime_error, std::invalid_argument);
/**
* Determine if the contexts in the fclist contain MLS fields.
* @return \a true if MLS fields are present, \a false if not
* or undeterminable.
*/
virtual bool isMLS() const = 0;
/**
* Associate a policy with the fclist. This is needed to
* resolve attributes and MLS ranges in queries. If a policy
* is already associated, then calling this function removes
* that previous association.
* @param policy Policy to associate with \a fclist. If NULL,
* remove any policy association. While \a policy is
* associated with \a fclist the caller should not destroy \a
* policy.
* @see sefs_query_set_type()
* @see sefs_query_set_range()
*/
void associatePolicy(apol_policy_t * new_policy);
/**
* Return the policy currently associated with this fclist.
* Do not destroy the policy without first unassociating it
* (via call to sefs_fclist::associatePolicy(NULL)).
* @return Currently associated policy, or NULL if none is
* set.
*/
apol_policy_t *associatePolicy() const;
/**
* Get the type of fclist object represented by \a fclist.
* @return The type of fclist object or SEFS_FCLIST_TYPE_NONE
* on error.
*/
sefs_fclist_type_e fclist_type() const;
protected:
sefs_fclist(sefs_fclist_type_e type, sefs_callback_fn_t callback, void *varg) throw(std::bad_alloc);
/**
* Given the parts of a context, return a context node (which
* would contain an apol_context_t). If the context already
* exists, then a pointer to the existing one is returned.
*
* @param user User component of the context. The string will
* be duplicated.
* @param role Role component of the context. The string will
* be duplicated.
* @param type Type component of the context. The string will
* be duplicated.
* @param range Range component of the context. The string
* will be duplicated, or NULL if no range exists.
*
* @return A context node. Do not free() it.
*/
struct sefs_context_node *getContext(const char *user, const char *role, const char *type,
const char *range) throw(std::bad_alloc);
/**
* Given a SELinux security context, return a context node
* (which would contain an apol_context_t). If the context
* already exists, then a pointer to the existing one is
* returned.
*
* @param scon Security context from which to obtain a node.
*
* @return A context node. Do not free() it.
*/
struct sefs_context_node *getContext(const security_context_t scon) throw(std::bad_alloc);
apol_policy_t *policy;
struct apol_bst *user_tree, *role_tree, *type_tree, *range_tree, *path_tree;
struct apol_bst *dev_tree;
struct apol_bst *context_tree;
private:
/**
* Write a message to the callback stored within a fclist
* error handler. If the msg_callback field is empty, then
* the default message callback will be used.
* @param level Severity of message, one of SEFS_MSG_*.
* @param fmt Format string to print, using syntax of
* printf(3).
*/
void handleMsg(int level, const char *fmt, va_list va_args) const;
sefs_callback_fn_t _callback;
void *_varg;
sefs_fclist_type_e _fclist_type;
};
extern "C"
{
#endif
//we do not want to wrap two copies of everything so have SWIG ignore
//the compatibility section.
#ifndef SWIG
typedef struct sefs_fclist sefs_fclist_t;
#ifndef SEFS_MAP_FUNC_DEFINED
struct sefs_fclist;
struct sefs_entry;
typedef int (*sefs_fclist_map_fn_t) (struct sefs_fclist *, const struct sefs_entry *, void *);
#endif
/**
* Deallocate all memory associated with the referenced fclist object,
* and then set it to NULL. This function does nothing if the fclist
* object is already NULL.
* @param Reference to a fclist object to destroy.
*/
extern void sefs_fclist_destroy(sefs_fclist_t ** fclist);
/**
* Perform a sefs query on the given file context list object.
* @see sefs_fclist::runQueryMap()
*/
extern int sefs_fclist_run_query_map(sefs_fclist_t * fclist, sefs_query_t * query, sefs_fclist_map_fn_t fn, void *data);
/**
* Perform a sefs query on the given file context list object.
* @see sefs_fclist::runQuery()
*/
extern apol_vector_t *sefs_fclist_run_query(sefs_fclist_t * fclist, sefs_query_t * query);
/**
* Determine if the contexts in the fclist contain MLS fields.
* @see sefs_fclist::isMLS()
*/
extern bool sefs_fclist_get_is_mls(const sefs_fclist_t * fclist);
/**
* Associate a policy with the fclist.
* @see sefs_fclist::associatePolicy()
* @see sefs_query_set_type()
* @see sefs_query_set_range()
*/
extern void sefs_fclist_associate_policy(sefs_fclist_t * fclist, apol_policy_t * policy);
/**
* Get the type of fclist object represented by \a fclist.
* @see sefs_fclist::fclist_type()
*/
extern sefs_fclist_type_e sefs_fclist_get_fclist_type(const sefs_fclist_t * fclist);
#endif /* SWIG */
#ifdef __cplusplus
}
#endif
#endif /* SEFS_FCLIST_H */
|