Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2456] branches/policyrep
|
From: <ew...@us...> - 2007-05-31 21:16:33
|
Revision: 2456
http://svn.sourceforge.net/selinux/?rev=2456&view=rev
Author: ewalsh
Date: 2007-05-31 14:16:31 -0700 (Thu, 31 May 2007)
Log Message:
-----------
applied r2450:2453 from trunk
Modified Paths:
--------------
branches/policyrep/libselinux/ChangeLog
branches/policyrep/libselinux/VERSION
branches/policyrep/libselinux/include/selinux/avc.h
branches/policyrep/libselinux/include/selinux/selinux.h
branches/policyrep/scripts/Lindent
Modified: branches/policyrep/libselinux/ChangeLog
===================================================================
--- branches/policyrep/libselinux/ChangeLog 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/ChangeLog 2007-05-31 21:16:31 UTC (rev 2456)
@@ -1,3 +1,6 @@
+2.0.17 2007-05-31
+ * Updated Lindent script and reindented two header files.
+
2.0.16 2007-05-09
* Merged additional swig python bindings from Dan Walsh.
Modified: branches/policyrep/libselinux/VERSION
===================================================================
--- branches/policyrep/libselinux/VERSION 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/VERSION 2007-05-31 21:16:31 UTC (rev 2456)
@@ -1 +1 @@
-2.0.16
+2.0.17
Modified: branches/policyrep/libselinux/include/selinux/avc.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/avc.h 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/include/selinux/avc.h 2007-05-31 21:16:31 UTC (rev 2456)
@@ -18,11 +18,11 @@
/*
* SID format and operations
*/
- struct security_id {
- security_context_t ctx;
- unsigned int refcnt;
- };
- typedef struct security_id *security_id_t;
+struct security_id {
+ security_context_t ctx;
+ unsigned int refcnt;
+};
+typedef struct security_id *security_id_t;
#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
@@ -37,8 +37,8 @@
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
- int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
- int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,8 +51,8 @@
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
- int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
- int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
@@ -64,7 +64,7 @@
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
- int sidget(security_id_t sid);
+int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
@@ -76,7 +76,7 @@
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
- int sidput(security_id_t sid);
+int sidput(security_id_t sid);
/**
* avc_get_initial_sid - get SID for an initial kernel security identifier
@@ -87,15 +87,15 @@
* @name using security_get_initial_context() and then call
* avc_context_to_sid() to get the corresponding SID.
*/
- int avc_get_initial_sid(const char * name, security_id_t * sid);
+int avc_get_initial_sid(const char *name, security_id_t * sid);
/*
* AVC entry
*/
- struct avc_entry;
- struct avc_entry_ref {
- struct avc_entry *ae;
- };
+struct avc_entry;
+struct avc_entry_ref {
+ struct avc_entry *ae;
+};
/**
* avc_entry_ref_init - initialize an AVC entry reference.
@@ -119,42 +119,42 @@
* listening thread won't be started for kernel policy change messages.
* If no locking callbacks are passed, no locking will take place.
*/
- struct avc_memory_callback {
- /* malloc() equivalent. */
- void *(*func_malloc) (size_t size);
- /* free() equivalent. */
- void (*func_free) (void *ptr);
- /* Note that these functions should set errno on failure.
- If not, some avc routines may return -1 without errno set. */
- };
+struct avc_memory_callback {
+ /* malloc() equivalent. */
+ void *(*func_malloc) (size_t size);
+ /* free() equivalent. */
+ void (*func_free) (void *ptr);
+ /* Note that these functions should set errno on failure.
+ If not, some avc routines may return -1 without errno set. */
+};
- struct avc_log_callback {
- /* log the printf-style format and arguments. */
- void (*func_log) (const char *fmt, ...);
- /* store a string representation of auditdata (corresponding
- to the given security class) into msgbuf. */
- void (*func_audit) (void *auditdata, security_class_t cls,
- char *msgbuf, size_t msgbufsize);
- };
+struct avc_log_callback {
+ /* log the printf-style format and arguments. */
+ void (*func_log) (const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ void (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+};
- struct avc_thread_callback {
- /* create and start a thread, returning an opaque pointer to it;
- the thread should run the given function. */
- void *(*func_create_thread) (void (*run) (void));
- /* cancel a given thread and free its resources. */
- void (*func_stop_thread) (void *thread);
- };
+struct avc_thread_callback {
+ /* create and start a thread, returning an opaque pointer to it;
+ the thread should run the given function. */
+ void *(*func_create_thread) (void (*run) (void));
+ /* cancel a given thread and free its resources. */
+ void (*func_stop_thread) (void *thread);
+};
- struct avc_lock_callback {
- /* create a lock and return an opaque pointer to it. */
- void *(*func_alloc_lock) (void);
- /* obtain a given lock, blocking if necessary. */
- void (*func_get_lock) (void *lock);
- /* release a given lock. */
- void (*func_release_lock) (void *lock);
- /* destroy a given lock (free memory, etc.) */
- void (*func_free_lock) (void *lock);
- };
+struct avc_lock_callback {
+ /* create a lock and return an opaque pointer to it. */
+ void *(*func_alloc_lock) (void);
+ /* obtain a given lock, blocking if necessary. */
+ void (*func_get_lock) (void *lock);
+ /* release a given lock. */
+ void (*func_release_lock) (void *lock);
+ /* destroy a given lock (free memory, etc.) */
+ void (*func_free_lock) (void *lock);
+};
/*
* AVC operations
@@ -175,11 +175,11 @@
* for those callbacks (see the definition of the callback
* structures above).
*/
- int avc_init(const char *msgprefix,
- const struct avc_memory_callback *mem_callbacks,
- const struct avc_log_callback *log_callbacks,
- const struct avc_thread_callback *thread_callbacks,
- const struct avc_lock_callback *lock_callbacks);
+int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
@@ -189,7 +189,7 @@
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
- void avc_cleanup(void);
+void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
@@ -199,7 +199,7 @@
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
- int avc_reset(void);
+int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
@@ -210,7 +210,7 @@
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
- void avc_destroy(void);
+void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
@@ -233,12 +233,11 @@
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
- int avc_has_perm_noaudit(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- access_vector_t requested,
- struct avc_entry_ref *aeref,
- struct av_decision *avd);
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
@@ -258,9 +257,9 @@
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
- int avc_has_perm(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct avc_entry_ref *aeref, void *auditdata);
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
@@ -281,9 +280,9 @@
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
- void avc_audit(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct av_decision *avd, int result, void *auditdata);
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
/**
* avc_compute_create - Compute SID for labeling a new object.
@@ -299,10 +298,9 @@
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
- int avc_compute_create(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- security_id_t *newsid);
+int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
/*
* security event callback facility
@@ -333,14 +331,14 @@
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
- int avc_add_callback(int (*callback)
- (uint32_t event, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms,
- access_vector_t * out_retained),
- uint32_t events, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms);
+int avc_add_callback(int (*callback)
+ (uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
/*
* AVC statistics
@@ -351,16 +349,16 @@
*/
#define AVC_CACHE_STATS 1
- struct avc_cache_stats {
- unsigned entry_lookups;
- unsigned entry_hits;
- unsigned entry_misses;
- unsigned entry_discards;
- unsigned cav_lookups;
- unsigned cav_hits;
- unsigned cav_probes;
- unsigned cav_misses;
- };
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
/**
* avc_cache_stats - get cache access statistics.
@@ -371,7 +369,7 @@
* avc_reset(). See the structure definition for
* details.
*/
- void avc_cache_stats(struct avc_cache_stats *stats);
+void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
@@ -380,7 +378,7 @@
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
- void avc_av_stats(void);
+void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
@@ -389,7 +387,7 @@
* distribution of the SID table. The audit callback
* is used to print the message.
*/
- void avc_sid_stats(void);
+void avc_sid_stats(void);
#ifdef __cplusplus
}
Modified: branches/policyrep/libselinux/include/selinux/selinux.h
===================================================================
--- branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/libselinux/include/selinux/selinux.h 2007-05-31 21:16:31 UTC (rev 2456)
@@ -9,24 +9,24 @@
#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
- extern int is_selinux_enabled(void);
+extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
- extern int is_selinux_mls_enabled(void);
+extern int is_selinux_mls_enabled(void);
- typedef char *security_context_t;
+typedef char *security_context_t;
/* Free the memory allocated for a context by any of the below get* calls. */
- extern void freecon(security_context_t con);
+extern void freecon(security_context_t con);
/* Free the memory allocated for a context array by security_compute_user. */
- extern void freeconary(security_context_t * con);
+extern void freeconary(security_context_t * con);
/* Wrappers for the /proc/pid/attr API. */
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
- extern int getcon(security_context_t * con);
- extern int getcon_raw(security_context_t * con);
+extern int getcon(security_context_t * con);
+extern int getcon_raw(security_context_t * con);
/* Set the current security context to con.
Note that use of this function requires that the entire application
@@ -36,165 +36,165 @@
instead. Note that the application may lose access to its open descriptors
as a result of a setcon() unless policy allows it to use descriptors opened
by the old context. */
- extern int setcon(security_context_t con);
- extern int setcon_raw(security_context_t con);
+extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
/* Get context of process identified by pid, and
set *con to refer to it. Caller must free via freecon. */
- extern int getpidcon(pid_t pid, security_context_t * con);
- extern int getpidcon_raw(pid_t pid, security_context_t * con);
+extern int getpidcon(pid_t pid, security_context_t * con);
+extern int getpidcon_raw(pid_t pid, security_context_t * con);
/* Get previous context (prior to last exec), and set *con to refer to it.
Caller must free via freecon. */
- extern int getprevcon(security_context_t * con);
- extern int getprevcon_raw(security_context_t * con);
+extern int getprevcon(security_context_t * con);
+extern int getprevcon_raw(security_context_t * con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getexeccon(security_context_t * con);
- extern int getexeccon_raw(security_context_t * con);
+extern int getexeccon(security_context_t * con);
+extern int getexeccon_raw(security_context_t * con);
/* Set exec security context for the next execve.
Call with NULL if you want to reset to the default. */
- extern int setexeccon(security_context_t con);
- extern int setexeccon_raw(security_context_t con);
+extern int setexeccon(security_context_t con);
+extern int setexeccon_raw(security_context_t con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getfscreatecon(security_context_t * con);
- extern int getfscreatecon_raw(security_context_t * con);
+extern int getfscreatecon(security_context_t * con);
+extern int getfscreatecon_raw(security_context_t * con);
/* Set the fscreate security context for subsequent file creations.
Call with NULL if you want to reset to the default. */
- extern int setfscreatecon(security_context_t context);
- extern int setfscreatecon_raw(security_context_t context);
+extern int setfscreatecon(security_context_t context);
+extern int setfscreatecon_raw(security_context_t context);
/* Get keycreate context, and set *con to refer to it.
Sets *con to NULL if no key create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getkeycreatecon(security_context_t * con);
- extern int getkeycreatecon_raw(security_context_t * con);
+extern int getkeycreatecon(security_context_t * con);
+extern int getkeycreatecon_raw(security_context_t * con);
/* Set the keycreate security context for subsequent key creations.
Call with NULL if you want to reset to the default. */
- extern int setkeycreatecon(security_context_t context);
- extern int setkeycreatecon_raw(security_context_t context);
+extern int setkeycreatecon(security_context_t context);
+extern int setkeycreatecon_raw(security_context_t context);
/* Get sockcreate context, and set *con to refer to it.
Sets *con to NULL if no socket create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
- extern int getsockcreatecon(security_context_t * con);
- extern int getsockcreatecon_raw(security_context_t * con);
+extern int getsockcreatecon(security_context_t * con);
+extern int getsockcreatecon_raw(security_context_t * con);
/* Set the sockcreate security context for subsequent socket creations.
Call with NULL if you want to reset to the default. */
- extern int setsockcreatecon(security_context_t context);
- extern int setsockcreatecon_raw(security_context_t context);
+extern int setsockcreatecon(security_context_t context);
+extern int setsockcreatecon_raw(security_context_t context);
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
- extern int getfilecon(const char *path, security_context_t * con);
- extern int getfilecon_raw(const char *path, security_context_t * con);
- extern int lgetfilecon(const char *path, security_context_t * con);
- extern int lgetfilecon_raw(const char *path, security_context_t * con);
- extern int fgetfilecon(int fd, security_context_t * con);
- extern int fgetfilecon_raw(int fd, security_context_t * con);
+extern int getfilecon(const char *path, security_context_t * con);
+extern int getfilecon_raw(const char *path, security_context_t * con);
+extern int lgetfilecon(const char *path, security_context_t * con);
+extern int lgetfilecon_raw(const char *path, security_context_t * con);
+extern int fgetfilecon(int fd, security_context_t * con);
+extern int fgetfilecon_raw(int fd, security_context_t * con);
/* Set file context */
- extern int setfilecon(const char *path, security_context_t con);
- extern int setfilecon_raw(const char *path, security_context_t con);
- extern int lsetfilecon(const char *path, security_context_t con);
- extern int lsetfilecon_raw(const char *path, security_context_t con);
- extern int fsetfilecon(int fd, security_context_t con);
- extern int fsetfilecon_raw(int fd, security_context_t con);
+extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
+extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
+extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
/* Wrappers for the socket API */
/* Get context of peer socket, and set *con to refer to it.
Caller must free via freecon. */
- extern int getpeercon(int fd, security_context_t * con);
- extern int getpeercon_raw(int fd, security_context_t * con);
+extern int getpeercon(int fd, security_context_t * con);
+extern int getpeercon_raw(int fd, security_context_t * con);
/* Wrappers for the selinuxfs (policy) API. */
- typedef unsigned int access_vector_t;
- typedef unsigned short security_class_t;
+typedef unsigned int access_vector_t;
+typedef unsigned short security_class_t;
- struct av_decision {
- access_vector_t allowed;
- access_vector_t decided;
- access_vector_t auditallow;
- access_vector_t auditdeny;
- unsigned int seqno;
- };
+struct av_decision {
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ unsigned int seqno;
+};
/* Compute an access decision. */
- extern int security_compute_av(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested,
- struct av_decision *avd);
- extern int security_compute_av_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- access_vector_t requested,
- struct av_decision *avd);
+extern int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_create(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_create_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute a relabeling decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_relabel(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_relabel_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
Caller must free via freecon. */
- extern int security_compute_member(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
- extern int security_compute_member_raw(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t * newcon);
+extern int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute the set of reachable user contexts and set *con to refer to
the NULL-terminated array of contexts. Caller must free via freeconary. */
- extern int security_compute_user(security_context_t scon,
- const char *username,
- security_context_t ** con);
- extern int security_compute_user_raw(security_context_t scon,
- const char *username,
- security_context_t ** con);
+extern int security_compute_user(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+extern int security_compute_user_raw(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
/* Load a policy configuration. */
- extern int security_load_policy(void *data, size_t len);
+extern int security_load_policy(void *data, size_t len);
/* Get the context of an initial kernel security identifier by name.
Caller must free via freecon */
- extern int security_get_initial_context(const char * name,
- security_context_t * con);
- extern int security_get_initial_context_raw(const char * name,
- security_context_t * con);
+extern int security_get_initial_context(const char *name,
+ security_context_t * con);
+extern int security_get_initial_context_raw(const char *name,
+ security_context_t * con);
/*
* Make a policy image and load it.
@@ -204,7 +204,7 @@
* manipulating it as needed to match the kernel's supported version, and
* then calling security_load_policy to load it.
*/
- extern int selinux_mkload_policy(void);
+extern int selinux_mkload_policy(void);
/*
* Perform the initial policy load.
@@ -221,103 +221,100 @@
* determine how to proceed. If enforcing (*enforce > 0), then init should
* halt the system. Otherwise, init may proceed normally without a re-exec.
*/
- extern int selinux_init_load_policy(int *enforce);
+extern int selinux_init_load_policy(int *enforce);
/* Translate boolean strict to name value pair. */
- typedef struct {
- char *name;
- int value;
- } SELboolean;
- /* save a list of booleans in a single transaction. */
- extern int security_set_boolean_list(size_t boolcnt,
- SELboolean * boollist);
+typedef struct {
+ char *name;
+ int value;
+} SELboolean;
+/* save a list of booleans in a single transaction. */
+extern int security_set_boolean_list(size_t boolcnt, SELboolean * boollist);
/* Check the validity of a security context. */
- extern int security_check_context(security_context_t con);
- extern int security_check_context_raw(security_context_t con);
+extern int security_check_context(security_context_t con);
+extern int security_check_context_raw(security_context_t con);
/* Canonicalize a security context. */
- extern int security_canonicalize_context(security_context_t con,
- security_context_t * canoncon);
- extern int security_canonicalize_context_raw(security_context_t con,
- security_context_t *
- canoncon);
+extern int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon);
+extern int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon);
/* Get the enforce flag value. */
- extern int security_getenforce(void);
+extern int security_getenforce(void);
/* Set the enforce flag value. */
- extern int security_setenforce(int value);
+extern int security_setenforce(int value);
/* Disable SELinux at runtime (must be done prior to initial policy load). */
- extern int security_disable(void);
+extern int security_disable(void);
/* Get the policy version number. */
- extern int security_policyvers(void);
+extern int security_policyvers(void);
/* Get the boolean names */
- extern int security_get_boolean_names(char ***names, int *len);
+extern int security_get_boolean_names(char ***names, int *len);
/* Get the pending value for the boolean */
- extern int security_get_boolean_pending(const char *name);
+extern int security_get_boolean_pending(const char *name);
/* Get the active value for the boolean */
- extern int security_get_boolean_active(const char *name);
+extern int security_get_boolean_active(const char *name);
/* Set the pending value for the boolean */
- extern int security_set_boolean(const char *name, int value);
+extern int security_set_boolean(const char *name, int value);
/* Commit the pending values for the booleans */
- extern int security_commit_booleans(void);
+extern int security_commit_booleans(void);
/* Common helpers */
/* Convert between security class values and string names */
- extern security_class_t string_to_security_class(const char *name);
- extern const char *security_class_to_string(security_class_t cls);
+extern security_class_t string_to_security_class(const char *name);
+extern const char *security_class_to_string(security_class_t cls);
/* Convert between individual access vector permissions and string names */
- extern const char *security_av_perm_to_string(security_class_t tclass,
- access_vector_t perm);
- extern access_vector_t string_to_av_perm(security_class_t tclass,
- const char *name);
+extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
+extern access_vector_t string_to_av_perm(security_class_t tclass,
+ const char *name);
/* Returns an access vector in a string representation. User must free the
* returned string via free(). */
- extern int security_av_string(security_class_t tclass,
- access_vector_t av, char **result);
+extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
/* Display an access vector in a string representation. */
- extern void print_access_vector(security_class_t tclass,
- access_vector_t av);
+extern void print_access_vector(security_class_t tclass, access_vector_t av);
/* Set the function used by matchpathcon_init when displaying
errors about the file_contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). */
- extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
+extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
/* Set the function used by matchpathcon_init when checking the
validity of a context in the file contexts configuration. If not set,
then this defaults to a test based on security_check_context().
The function is also responsible for reporting any such error, and
may include the 'path' and 'lineno' in such error messages. */
- extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
- unsigned lineno,
- char *context));
+extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
+ unsigned lineno,
+ char *context));
/* Same as above, but also allows canonicalization of the context,
by changing *context to refer to the canonical form. If not set,
and invalidcon is also not set, then this defaults to calling
security_canonicalize_context(). */
- extern void set_matchpathcon_canoncon(int (*f) (const char *path,
- unsigned lineno,
- char **context));
+extern void set_matchpathcon_canoncon(int (*f) (const char *path,
+ unsigned lineno,
+ char **context));
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
- extern void set_matchpathcon_flags(unsigned int flags);
+extern void set_matchpathcon_flags(unsigned int flags);
/* Load the file contexts configuration specified by 'path'
into memory for use by subsequent matchpathcon calls.
@@ -327,15 +324,14 @@
function also checks for a 'path'.homedirs file and
a 'path'.local file and loads additional specifications
from them if present. */
- extern int matchpathcon_init(const char *path);
+extern int matchpathcon_init(const char *path);
/* Same as matchpathcon_init, but only load entries with
regexes that have stems that are prefixes of 'prefix'. */
- extern int matchpathcon_init_prefix(const char *path,
- const char *prefix);
+extern int matchpathcon_init_prefix(const char *path, const char *prefix);
/* Free the memory allocated by matchpathcon_init. */
- extern void matchpathcon_fini(void);
+extern void matchpathcon_fini(void);
/* Match the specified pathname and mode against the file contexts
configuration and set *con to refer to the resulting context.
@@ -343,134 +339,131 @@
Caller must free via freecon.
If matchpathcon_init has not already been called, then this function
will call it upon its first invocation with a NULL path. */
- extern int matchpathcon(const char *path,
- mode_t mode, security_context_t * con);
+extern int matchpathcon(const char *path,
+ mode_t mode, security_context_t * con);
/* Same as above, but return a specification index for
later use in a matchpathcon_filespec_add() call - see below. */
- extern int matchpathcon_index(const char *path,
- mode_t mode, security_context_t * con);
+extern int matchpathcon_index(const char *path,
+ mode_t mode, security_context_t * con);
/* Maintain an association between an inode and a specification index,
and check whether a conflicting specification is already associated
with the same inode (e.g. due to multiple hard links). If so, then
use the latter of the two specifications based on their order in the
file contexts configuration. Return the used specification index. */
- extern int matchpathcon_filespec_add(ino_t ino, int specind,
- const char *file);
+extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
/* Destroy any inode associations that have been added, e.g. to restart
for a new filesystem. */
- extern void matchpathcon_filespec_destroy(void);
+extern void matchpathcon_filespec_destroy(void);
/* Display statistics on the hash table usage for the associations. */
- extern void matchpathcon_filespec_eval(void);
+extern void matchpathcon_filespec_eval(void);
/* Check to see whether any specifications had no matches and report them.
The 'str' is used as a prefix for any warning messages. */
- extern void matchpathcon_checkmatches(char *str);
+extern void matchpathcon_checkmatches(char *str);
/* Match the specified media and against the media contexts
configuration and set *con to refer to the resulting context.
Caller must free con via freecon. */
- extern int matchmediacon(const char *media, security_context_t * con);
+extern int matchmediacon(const char *media, security_context_t * con);
/*
selinux_getenforcemode reads the /etc/selinux/config file and determines
whether the machine should be started in enforcing (1), permissive (0) or
disabled (-1) mode.
*/
- extern int selinux_getenforcemode(int *enforce);
+extern int selinux_getenforcemode(int *enforce);
/*
selinux_getpolicytype reads the /etc/selinux/config file and determines
what the default policy for the machine is. Calling application must
free policytype.
*/
- extern int selinux_getpolicytype(char **policytype);
+extern int selinux_getpolicytype(char **policytype);
/*
selinux_policy_root reads the /etc/selinux/config file and returns
the directory path under which the compiled policy file and context
configuration files exist.
*/
- extern const char *selinux_policy_root(void);
+extern const char *selinux_policy_root(void);
/* These functions return the paths to specific files under the
policy root directory. */
- extern const char *selinux_binary_policy_path(void);
- extern const char *selinux_failsafe_context_path(void);
- extern const char *selinux_removable_context_path(void);
- extern const char *selinux_default_context_path(void);
- extern const char *selinux_user_contexts_path(void);
- extern const char *selinux_file_context_path(void);
- extern const char *selinux_file_context_homedir_path(void);
- extern const char *selinux_file_context_local_path(void);
- extern const char *selinux_homedir_context_path(void);
- extern const char *selinux_media_context_path(void);
- extern const char *selinux_contexts_path(void);
- extern const char *selinux_securetty_types_path(void);
- extern const char *selinux_customizable_types_path(void);
- extern const char *selinux_usersconf_path(void);
- extern const char *selinux_translations_path(void);
- extern const char *selinux_netfilter_context_path(void);
- extern const char *selinux_path(void);
+extern const char *selinux_binary_policy_path(void);
+extern const char *selinux_failsafe_context_path(void);
+extern const char *selinux_removable_context_path(void);
+extern const char *selinux_default_context_path(void);
+extern const char *selinux_user_contexts_path(void);
+extern const char *selinux_file_context_path(void);
+extern const char *selinux_file_context_homedir_path(void);
+extern const char *selinux_file_context_local_path(void);
+extern const char *selinux_homedir_context_path(void);
+extern const char *selinux_media_context_path(void);
+extern const char *selinux_contexts_path(void);
+extern const char *selinux_securetty_types_path(void);
+extern const char *selinux_customizable_types_path(void);
+extern const char *selinux_usersconf_path(void);
+extern const char *selinux_translations_path(void);
+extern const char *selinux_netfilter_context_path(void);
+extern const char *selinux_path(void);
/* Check a permission in the passwd class.
Return 0 if granted or -1 otherwise. */
- extern int selinux_check_passwd_access(access_vector_t requested);
- extern int checkPasswdAccess(access_vector_t requested);
+extern int selinux_check_passwd_access(access_vector_t requested);
+extern int checkPasswdAccess(access_vector_t requested);
/* Check if the tty_context is defined as a securetty
Return 0 if secure, < 0 otherwise. */
- extern int selinux_check_securetty_context(security_context_t
- tty_context);
+extern int selinux_check_securetty_context(security_context_t tty_context);
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
which performs the initial mount of selinuxfs. */
- void set_selinuxmnt(char *mnt);
+void set_selinuxmnt(char *mnt);
/* Execute a helper for rpm in an appropriate security context. */
- extern int rpm_execcon(unsigned int verified,
- const char *filename,
- char *const argv[], char *const envp[]);
+extern int rpm_execcon(unsigned int verified,
+ const char *filename,
+ char *const argv[], char *const envp[]);
/* Returns whether a file context is customizable, and should not
be relabeled . */
- extern int is_context_customizable(security_context_t scontext);
+extern int is_context_customizable(security_context_t scontext);
/* Perform context translation between the human-readable format
("translated") and the internal system format ("raw").
Caller must free the resulting context via freecon.
Returns -1 upon an error or 0 otherwise.
If passed NULL, sets the returned context to NULL and returns 0. */
- extern int selinux_trans_to_raw_context(security_context_t trans,
- security_context_t * rawp);
- extern int selinux_raw_to_trans_context(security_context_t raw,
- security_context_t * transp);
+extern int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp);
+extern int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp);
/* Get the SELinux username and level to use for a given Linux username.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
Returns 0 on success or -1 otherwise.
Caller must free the returned strings via free. */
- extern int getseuserbyname(const char *linuxuser, char **seuser,
- char **level);
+extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
/* Compare two file contexts, return 0 if equivalent. */
- int selinux_file_context_cmp(const security_context_t a,
- const security_context_t b);
+int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b);
/*
* Verify the context of the file 'path' against policy.
* Return 0 if correct.
*/
- int selinux_file_context_verify(const char *path, mode_t mode);
+int selinux_file_context_verify(const char *path, mode_t mode);
/* This function sets the file context on to the system defaults returns 0 on success */
- int selinux_lsetfilecon_default(const char *path);
+int selinux_lsetfilecon_default(const char *path);
#ifdef __cplusplus
}
Modified: branches/policyrep/scripts/Lindent
===================================================================
--- branches/policyrep/scripts/Lindent 2007-05-31 21:00:31 UTC (rev 2455)
+++ branches/policyrep/scripts/Lindent 2007-05-31 21:16:31 UTC (rev 2456)
@@ -1,2 +1,8 @@
#!/bin/sh
+
+perl -e 'undef $/;' -pi \
+ -e 's|#ifdef __cplusplus\n(.*?)\n#endif|//__CPP \1|g' "$@"
+
indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs "$@"
+
+perl -pi -e 's|^//__CPP (.*)$|#ifdef __cplusplus\n\1\n#endif|' "$@"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
