/usr/include/semanage/handle.h is in libsemanage1-dev 2.1.0-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 | /* Authors: Joshua Brindle <jbrindle@tresys.com>
* Jason Tang <jtang@tresys.com>
*
* Copyright (C) 2005 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _SEMANAGE_HANDLE_H_
#define _SEMANAGE_HANDLE_H_
/* All accesses with semanage are through a "semanage_handle". The
* handle may ultimately reference local config files,
* the binary policy file, a module store, or a policy management server.
*/
struct semanage_handle;
typedef struct semanage_handle semanage_handle_t;
/* Create and return a semanage handle.
The handle is initially in the disconnected state. */
semanage_handle_t *semanage_handle_create(void);
/* Deallocate all space associated with a semanage_handle_t, including
* the pointer itself. CAUTION: this function does not disconnect
* from the backend; be sure that a semanage_disconnect() was
* previously called if the handle was connected. */
void semanage_handle_destroy(semanage_handle_t *);
/* This is the type of connection to the store, for now only
* direct is supported */
enum semanage_connect_type {
SEMANAGE_CON_INVALID = 0, SEMANAGE_CON_DIRECT,
SEMANAGE_CON_POLSERV_LOCAL, SEMANAGE_CON_POLSERV_REMOTE
};
/* This function allows you to specify the store to connect to.
* It must be called after semanage_handle_create but before
* semanage_connect. The argument should be the full path to the store.
*/
void semanage_select_store(semanage_handle_t * handle, char *path,
enum semanage_connect_type storetype);
/* Just reload the policy */
int semanage_reload_policy(semanage_handle_t * handle);
/* set whether to reload the policy or not after a commit,
* 1 for yes (default), 0 for no */
void semanage_set_reload(semanage_handle_t * handle, int do_reload);
/* set whether to rebuild the policy on commit, even if no
* changes were performed.
* 1 for yes, 0 for no (default) */
void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
/* create the store if it does not exist, this only has an effect on
* direct connections and must be called before semanage_connect
* 1 for yes, 0 for no (default) */
void semanage_set_create_store(semanage_handle_t * handle, int create_store);
/*Get whether or not dontaudits will be disabled upon commit */
int semanage_get_disable_dontaudit(semanage_handle_t * handle);
/* Set whether or not to disable dontaudits upon commit */
void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
/* Set whether or not to execute setfiles to check file contexts upon commit */
void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts);
/* Check whether policy is managed via libsemanage on this system.
* Must be called prior to trying to connect.
* Return 1 if policy is managed via libsemanage on this system,
* 0 if policy is not managed, or -1 on error.
*/
int semanage_is_managed(semanage_handle_t *);
/* "Connect" to a manager based on the configuration and
* associate the provided handle with the connection.
* If the connect fails then this function returns a negative value,
* else it returns zero.
*/
int semanage_connect(semanage_handle_t *);
/* Disconnect from the manager given by the handle. If already
* disconnected then this function does nothing. Return 0 if
* disconnected properly or already disconnected, negative value on
* error. */
int semanage_disconnect(semanage_handle_t *);
/* Attempt to obtain a transaction lock on the manager. If another
* process has the lock then this function may block, depending upon
* the timeout value in the handle.
*
* Note that if the semanage_handle has not yet obtained a transaction
* lock whenever a writer function is called, there will be an
* implicit call to this function. */
int semanage_begin_transaction(semanage_handle_t *);
/* Attempt to commit all changes since this transaction began. If the
* commit is successful then increment the "policy sequence number"
* and then release the transaction lock. Return that policy number
* afterwards, or -1 on error.
*/
int semanage_commit(semanage_handle_t *);
#define SEMANAGE_CAN_READ 1
#define SEMANAGE_CAN_WRITE 2
/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
* or writable, respectively. <0 if an error occured */
int semanage_access_check(semanage_handle_t * sh);
/* returns 0 if not connected, 1 if connected */
int semanage_is_connected(semanage_handle_t * sh);
/* returns 1 if policy is MLS, 0 otherwise. */
int semanage_mls_enabled(semanage_handle_t *sh);
/* META NOTES
*
* For all functions a non-negative number indicates success. For some
* functions a >=0 returned value is the "policy sequence number". This
* number keeps tracks of policy revisions and is used to detect if
* one semanage client has committed policy changes while another is
* still connected.
*/
#endif
|