Crate selinux_sys[−][src]

`selinux-sys`: Unsafe Rust bindings for `libselinux`

SELinux is a flexible Mandatory Access Control (MAC) for Linux.

Linking options

This crate finds libselinux based on pkg-config. Environment variables controlling the pkg-config crate also affect this crate.

Depending on this crate

This crate provides the following variables to other crates that depend on it:

DEP_SELINUX_INCLUDE: Path of the directory where library C header files reside.
DEP_SELINUX_LIB: Path of the directory where the library binary resides.

Versioning

This project adheres to Semantic Versioning. The CHANGELOG.md file details notable changes over time.

Modules

digest_result
selabel_cmp_result

Structs

SELboolean
av_decision
avc_cache_stats
avc_entry
avc_entry_ref
avc_lock_callback
avc_log_callback
avc_memory_callback
avc_thread_callback
context_s_t
dir_xattr
security_class_mapping
security_id
selabel_handle
selinux_opt

Constants

AVC_CACHE_STATS
AVC_CALLBACK_AUDITALLOW_DISABLE
AVC_CALLBACK_AUDITALLOW_ENABLE
AVC_CALLBACK_AUDITDENY_DISABLE
AVC_CALLBACK_AUDITDENY_ENABLE
AVC_CALLBACK_GRANT
AVC_CALLBACK_RESET
AVC_CALLBACK_REVOKE
AVC_CALLBACK_TRY_REVOKE
AVC_OPT_SETENFORCE
AVC_OPT_UNUSED
MATCHPATHCON_BASEONLY
MATCHPATHCON_NOTRANS
MATCHPATHCON_VALIDATE
SECSID_WILD	Unspecified SID.
SELABEL_CTX_ANDROID_PROP
SELABEL_CTX_ANDROID_SERVICE
SELABEL_CTX_DB
SELABEL_CTX_FILE
SELABEL_CTX_MEDIA
SELABEL_CTX_X
SELABEL_DB_BLOB
SELABEL_DB_COLUMN
SELABEL_DB_DATABASE
SELABEL_DB_DATATYPE
SELABEL_DB_EXCEPTION
SELABEL_DB_LANGUAGE
SELABEL_DB_PROCEDURE
SELABEL_DB_SCHEMA
SELABEL_DB_SEQUENCE
SELABEL_DB_TABLE
SELABEL_DB_TUPLE
SELABEL_DB_VIEW
SELABEL_NOPT
SELABEL_OPT_BASEONLY
SELABEL_OPT_DIGEST
SELABEL_OPT_PATH
SELABEL_OPT_SUBSET
SELABEL_OPT_UNUSED
SELABEL_OPT_VALIDATE
SELABEL_X_CLIENT
SELABEL_X_EVENT
SELABEL_X_EXT
SELABEL_X_POLYPROP
SELABEL_X_POLYSELN
SELABEL_X_PROP
SELABEL_X_SELN
SELINUX_AVC
SELINUX_AVD_FLAGS_PERMISSIVE
SELINUX_CB_AUDIT
SELINUX_CB_LOG
SELINUX_CB_POLICYLOAD
SELINUX_CB_SETENFORCE
SELINUX_CB_VALIDATE
SELINUX_DEFAULTUSER
SELINUX_ERROR
SELINUX_INFO
SELINUX_RESTORECON_ABORT_ON_ERROR
SELINUX_RESTORECON_ADD_ASSOC
SELINUX_RESTORECON_IGNORE_DIGEST
SELINUX_RESTORECON_IGNORE_MOUNTS
SELINUX_RESTORECON_IGNORE_NOENTRY
SELINUX_RESTORECON_LOG_MATCHES
SELINUX_RESTORECON_MASS_RELABEL
SELINUX_RESTORECON_NOCHANGE
SELINUX_RESTORECON_PROGRESS
SELINUX_RESTORECON_REALPATH
SELINUX_RESTORECON_RECURSE
SELINUX_RESTORECON_SET_SPECFILE_CTX
SELINUX_RESTORECON_SKIP_DIGEST
SELINUX_RESTORECON_SYSLOG_CHANGES
SELINUX_RESTORECON_VERBOSE
SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS
SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS
SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS
SELINUX_RESTORECON_XATTR_RECURSE
SELINUX_RESTORECON_XDEV
SELINUX_TRANS_DIR
SELINUX_WARNING

Functions

avc_add_callback ^⚠	avc_add_callback - Register a callback for security events. @callback: callback function @events: bitwise OR of desired security events @ssid: source security identifier or %SECSID_WILD @tsid: target security identifier or %SECSID_WILD @tclass: target security class @perms: permissions
avc_audit ^⚠	avc_audit - Audit the granting or denial of permissions. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions @avd: access vector decisions @result: result from avc_has_perm_noaudit @auditdata: auxiliary audit data
avc_av_stats ^⚠	avc_av_stats - log av table statistics.
avc_cache_stats ^⚠	avc_cache_stats - get cache access statistics. @stats: reference to statistics structure
avc_cleanup ^⚠	avc_cleanup - Remove unused SIDs and AVC entries.
avc_compute_create ^⚠	avc_compute_create - Compute SID for labeling a new object. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @newsid: pointer to SID reference
avc_compute_member ^⚠	avc_compute_member - Compute SID for polyinstantation. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @newsid: pointer to SID reference
avc_context_to_sid ^⚠	avc_context_to_sid - get SID for context. @ctx: input security context @sid: pointer to SID reference
avc_context_to_sid_raw ^⚠
avc_destroy ^⚠	avc_destroy - Free all AVC structures.
avc_entry_ref_init ^⚠	Initialize an `avc_entry_ref` structure.
avc_get_initial_sid ^⚠	avc_get_initial_sid - get SID for an initial kernel security identifier @name: input name of initial kernel security identifier @sid: pointer to a SID reference
avc_has_perm ^⚠	avc_has_perm - Check permissions and perform any appropriate auditing. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions, interpreted based on @tclass @aeref: AVC entry reference @auditdata: auxiliary audit data
avc_has_perm_noaudit ^⚠	avc_has_perm_noaudit - Check permissions but perform no auditing. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions, interpreted based on @tclass @aeref: AVC entry reference @avd: access vector decisions
avc_netlink_acquire_fd ^⚠	avc_netlink_acquire_fd - Acquire netlink socket fd.
avc_netlink_check_nb ^⚠	avc_netlink_check_nb - Check netlink socket for new messages.
avc_netlink_close ^⚠	avc_netlink_close - Close the netlink socket
avc_netlink_loop ^⚠	avc_netlink_loop - Wait for netlink messages from the kernel
avc_netlink_open ^⚠	avc_netlink_open - Create a netlink socket and connect to the kernel.
avc_netlink_release_fd ^⚠	avc_netlink_release_fd - Release netlink socket fd.
avc_open ^⚠	avc_open - Initialize the AVC. @opts: array of selabel_opt structures specifying AVC options or NULL. @nopts: number of elements in opts array or zero for no options.
avc_reset ^⚠	avc_reset - Flush the cache and reset statistics.
avc_sid_stats ^⚠	avc_sid_stats - log SID table statistics.
avc_sid_to_context ^⚠	avc_sid_to_context - get copy of context corresponding to SID. @sid: input SID @ctx: pointer to context reference
avc_sid_to_context_raw ^⚠
context_free ^⚠
context_new ^⚠
context_range_get ^⚠
context_range_set ^⚠
context_role_get ^⚠
context_role_set ^⚠
context_str ^⚠
context_type_get ^⚠
context_type_set ^⚠
context_user_get ^⚠
context_user_set ^⚠
fgetfilecon ^⚠
fgetfilecon_raw ^⚠
fini_selinuxmnt ^⚠
freecon ^⚠
freeconary ^⚠
fsetfilecon ^⚠
fsetfilecon_raw ^⚠
get_default_context ^⚠
get_default_context_with_level ^⚠
get_default_context_with_role ^⚠
get_default_context_with_rolelevel ^⚠
get_default_type ^⚠
get_ordered_context_list ^⚠
get_ordered_context_list_with_level ^⚠
getcon ^⚠
getcon_raw ^⚠
getexeccon ^⚠
getexeccon_raw ^⚠
getfilecon ^⚠
getfilecon_raw ^⚠
getfscreatecon ^⚠
getfscreatecon_raw ^⚠
getkeycreatecon ^⚠
getkeycreatecon_raw ^⚠
getpeercon ^⚠
getpeercon_raw ^⚠
getpidcon ^⚠
getpidcon_raw ^⚠
getprevcon ^⚠
getprevcon_raw ^⚠
getseuserbyname ^⚠
getsockcreatecon ^⚠
getsockcreatecon_raw ^⚠
is_context_customizable ^⚠
is_selinux_enabled ^⚠
is_selinux_mls_enabled ^⚠
lgetfilecon ^⚠
lgetfilecon_raw ^⚠
lsetfilecon ^⚠
lsetfilecon_raw ^⚠
manual_user_enter_context ^⚠
matchmediacon ^⚠
matchpathcon_checkmatches ^⚠
matchpathcon_filespec_add ^⚠
matchpathcon_filespec_destroy ^⚠
matchpathcon_filespec_eval ^⚠
mode_to_security_class ^⚠
print_access_vector ^⚠
query_user_context ^⚠
security_av_perm_to_string ^⚠
security_av_string ^⚠
security_canonicalize_context ^⚠
security_canonicalize_context_raw ^⚠
security_check_context ^⚠
security_check_context_raw ^⚠
security_class_to_string ^⚠
security_commit_booleans ^⚠
security_compute_av ^⚠
security_compute_av_flags ^⚠
security_compute_av_flags_raw ^⚠
security_compute_av_raw ^⚠
security_compute_create ^⚠
security_compute_create_name ^⚠
security_compute_create_name_raw ^⚠
security_compute_create_raw ^⚠
security_compute_member ^⚠
security_compute_member_raw ^⚠
security_compute_relabel ^⚠
security_compute_relabel_raw ^⚠
security_deny_unknown ^⚠
security_disable ^⚠
security_get_boolean_active ^⚠
security_get_boolean_names ^⚠
security_get_boolean_pending ^⚠
security_get_checkreqprot ^⚠
security_get_initial_context ^⚠
security_get_initial_context_raw ^⚠
security_getenforce ^⚠
security_load_policy ^⚠
security_policyvers ^⚠
security_reject_unknown ^⚠
security_set_boolean ^⚠
security_set_boolean_list ^⚠
security_setenforce ^⚠
security_validatetrans ^⚠
security_validatetrans_raw ^⚠
selabel_close ^⚠	selabel_close - Close a labeling handle. @handle: specifies handle to close
selabel_cmp ^⚠	selabel_cmp - Compare two label configurations. @h1: handle for the first label configuration @h2: handle for the first label configuration
selabel_digest ^⚠	selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to generate the digest. The SELABEL_OPT_DIGEST option must be set in selabel_open() to initiate the digest generation. @handle: specifies backend instance to query @digest: returns a pointer to the SHA1 digest. @digest_len: returns length of digest in bytes. @specfiles: a list of specfiles used in the SHA1 digest generation. The list is NULL terminated and will hold @num_specfiles entries. @num_specfiles: number of specfiles in the list.
selabel_get_digests_all_partial_matches ^⚠
selabel_hash_all_partial_matches ^⚠
selabel_lookup ^⚠	selabel_lookup - Perform labeling lookup operation. @handle: specifies backend instance to query @con: returns the appropriate context with which to label the object @key: string input to lookup operation @type: numeric input to the lookup operation
selabel_lookup_best_match ^⚠
selabel_lookup_best_match_raw ^⚠
selabel_lookup_raw ^⚠
selabel_open ^⚠	selabel_open - Create a labeling handle. @backend: one of the constants specifying a supported labeling backend. @opts: array of selabel_opt structures specifying label options or NULL. @nopts: number of elements in opts array or zero for no options.
selabel_partial_match ^⚠
selabel_stats ^⚠	selabel_stats - log labeling operation statistics. @handle: specifies backend instance to query
selinux_binary_policy_path ^⚠
selinux_boolean_sub ^⚠
selinux_booleans_subs_path ^⚠
selinux_check_access ^⚠	selinux_check_access - Check permissions and perform appropriate auditing. @scon: source security context @tcon: target security context @tclass: target security class string @perm: requested permissions string, interpreted based on @tclass @auditdata: auxiliary audit data
selinux_check_securetty_context ^⚠
selinux_colors_path ^⚠
selinux_contexts_path ^⚠
selinux_current_policy_path ^⚠
selinux_customizable_types_path ^⚠
selinux_default_context_path ^⚠
selinux_default_type_path ^⚠
selinux_failsafe_context_path ^⚠
selinux_file_context_cmp ^⚠
selinux_file_context_homedir_path ^⚠
selinux_file_context_local_path ^⚠
selinux_file_context_path ^⚠
selinux_file_context_subs_dist_path ^⚠
selinux_file_context_subs_path ^⚠
selinux_file_context_verify ^⚠
selinux_get_callback ^⚠
selinux_getenforcemode ^⚠
selinux_getpolicytype ^⚠
selinux_homedir_context_path ^⚠
selinux_init_load_policy ^⚠
selinux_lsetfilecon_default ^⚠
selinux_lxc_contexts_path ^⚠
selinux_media_context_path ^⚠
selinux_mkload_policy ^⚠
selinux_netfilter_context_path ^⚠
selinux_openrc_contexts_path ^⚠
selinux_openssh_contexts_path ^⚠
selinux_path ^⚠
selinux_policy_root ^⚠
selinux_raw_context_to_color ^⚠
selinux_raw_to_trans_context ^⚠
selinux_removable_context_path ^⚠
selinux_reset_config ^⚠
selinux_restorecon ^⚠	selinux_restorecon - Relabel files. @pathname: specifies file/directory to relabel. @restorecon_flags: specifies the actions to be performed when relabeling.
selinux_restorecon_default_handle ^⚠	selinux_restorecon_default_handle - Sets default selabel_open(3) parameters to use the currently loaded policy and file_contexts.
selinux_restorecon_set_alt_rootpath ^⚠	selinux_restorecon_set_alt_rootpath - Use alternate rootpath. @alt_rootpath: containing the alternate rootpath to be used.
selinux_restorecon_set_exclude_list ^⚠	selinux_restorecon_set_exclude_list - Add a list of directories that are to be excluded from relabeling. @exclude_list: containing a NULL terminated list of one or more directories not to be relabeled.
selinux_restorecon_set_sehandle ^⚠	selinux_restorecon_set_sehandle - Set the global fc handle. @hndl: specifies handle to set as the global fc handle.
selinux_restorecon_xattr ^⚠
selinux_securetty_types_path ^⚠
selinux_sepgsql_context_path ^⚠
selinux_set_callback ^⚠
selinux_set_mapping ^⚠	selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names @map: array of security_class_mapping structures
selinux_set_policy_root ^⚠
selinux_snapperd_contexts_path ^⚠
selinux_status_close ^⚠	selinux_status_close - Unmap and close SELinux kernel status page
selinux_status_deny_unknown ^⚠	selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
selinux_status_getenforce ^⚠	selinux_status_getenforce - Get the enforce flag value
selinux_status_open ^⚠	selinux_status_open - Open and map SELinux kernel status page
selinux_status_policyload ^⚠	selinux_status_policyload - Get the number of policy reloaded
selinux_status_updated ^⚠	selinux_status_updated - Inform us whether the kernel status has been updated
selinux_systemd_contexts_path ^⚠
selinux_trans_to_raw_context ^⚠
selinux_translations_path ^⚠
selinux_user_contexts_path ^⚠
selinux_usersconf_path ^⚠
selinux_virtual_domain_context_path ^⚠
selinux_virtual_image_context_path ^⚠
selinux_x_context_path ^⚠
set_matchpathcon_canoncon ^⚠
set_matchpathcon_flags ^⚠
set_matchpathcon_invalidcon ^⚠
set_matchpathcon_printf ^⚠
set_selinuxmnt ^⚠
setcon ^⚠
setcon_raw ^⚠
setexeccon ^⚠
setexeccon_raw ^⚠
setfilecon ^⚠
setfilecon_raw ^⚠
setfscreatecon ^⚠
setfscreatecon_raw ^⚠
setkeycreatecon ^⚠
setkeycreatecon_raw ^⚠
setsockcreatecon ^⚠
setsockcreatecon_raw ^⚠
string_to_av_perm ^⚠
string_to_security_class ^⚠

Type Definitions

__ino_t
__mode_t
__pid_t
__uint8_t
__uint32_t
access_vector_t
context_t
ino_t
mode_t
pid_t
security_class_t
security_id_t

Unions

selinux_callback