selinux 0.6.0

Flexible Mandatory Access Control for Linux
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

#[cfg(test)]
mod tests;

use std::os::raw::{c_char, c_int, c_void};

/// Call back for SELinux operations.
pub trait CallBack {
    /// Prototype of call back function.
    type CallBackType;

    /// Get the current call back function, if one has been set.
    ///
    /// See: `selinux_get_callback()`.
    #[doc(alias = "selinux_get_callback")]
    fn get_call_back() -> Option<Self::CallBackType>;

    /// Set or clear the call back function.
    ///
    /// See: `selinux_set_callback()`.
    #[doc(alias = "selinux_set_callback")]
    fn set_call_back(call_back: Option<Self::CallBackType>);
}

/// Call back used for logging.
#[derive(Debug, Default)]
#[non_exhaustive]
pub struct Log;

impl CallBack for Log {
    type CallBackType = unsafe extern "C" fn(c_int, *const c_char, ...) -> c_int;

    fn get_call_back() -> Option<Self::CallBackType> {
        unsafe { selinux_sys::selinux_get_callback(selinux_sys::SELINUX_CB_LOG).func_log }
    }

    fn set_call_back(func_log: Option<Self::CallBackType>) {
        use selinux_sys::{SELINUX_CB_LOG, selinux_callback, selinux_set_callback};
        unsafe { selinux_set_callback(SELINUX_CB_LOG, selinux_callback { func_log }) }
    }
}

/// Call back used for supplemental auditing in AVC messages.
#[derive(Debug, Default)]
#[non_exhaustive]
pub struct Audit;

impl CallBack for Audit {
    type CallBackType = unsafe extern "C" fn(
        *mut c_void,
        selinux_sys::security_class_t,
        *mut c_char,
        usize,
    ) -> c_int;

    fn get_call_back() -> Option<Self::CallBackType> {
        unsafe { selinux_sys::selinux_get_callback(selinux_sys::SELINUX_CB_AUDIT).func_audit }
    }

    fn set_call_back(func_audit: Option<Self::CallBackType>) {
        use selinux_sys::{SELINUX_CB_AUDIT, selinux_callback, selinux_set_callback};
        unsafe { selinux_set_callback(SELINUX_CB_AUDIT, selinux_callback { func_audit }) }
    }
}

/// Call back used for context validation.
#[derive(Debug, Default)]
#[non_exhaustive]
pub struct ContextValidation;

impl CallBack for ContextValidation {
    type CallBackType = unsafe extern "C" fn(*mut *mut c_char) -> c_int;

    fn get_call_back() -> Option<Self::CallBackType> {
        unsafe { selinux_sys::selinux_get_callback(selinux_sys::SELINUX_CB_VALIDATE).func_validate }
    }

    fn set_call_back(func_validate: Option<Self::CallBackType>) {
        use selinux_sys::{SELINUX_CB_VALIDATE, selinux_callback, selinux_set_callback};
        unsafe { selinux_set_callback(SELINUX_CB_VALIDATE, selinux_callback { func_validate }) }
    }
}

/// Call back invoked when the system enforcing state changes.
#[derive(Debug, Default)]
#[non_exhaustive]
pub struct EnforcingChange;

impl CallBack for EnforcingChange {
    type CallBackType = unsafe extern "C" fn(c_int) -> c_int;

    fn get_call_back() -> Option<Self::CallBackType> {
        use selinux_sys::{SELINUX_CB_SETENFORCE, selinux_get_callback};
        unsafe { selinux_get_callback(SELINUX_CB_SETENFORCE).func_setenforce }
    }

    fn set_call_back(func_setenforce: Option<Self::CallBackType>) {
        use selinux_sys::{SELINUX_CB_SETENFORCE, selinux_callback, selinux_set_callback};
        unsafe { selinux_set_callback(SELINUX_CB_SETENFORCE, selinux_callback { func_setenforce }) }
    }
}

/// Call back invoked when the system security policy is reloaded.
#[derive(Debug, Default)]
#[non_exhaustive]
pub struct SecurityPolicyReload;

impl CallBack for SecurityPolicyReload {
    type CallBackType = unsafe extern "C" fn(c_int) -> c_int;

    fn get_call_back() -> Option<Self::CallBackType> {
        use selinux_sys::{SELINUX_CB_POLICYLOAD, selinux_get_callback};
        unsafe { selinux_get_callback(SELINUX_CB_POLICYLOAD).func_policyload }
    }

    fn set_call_back(func_policyload: Option<Self::CallBackType>) {
        use selinux_sys::{SELINUX_CB_POLICYLOAD, selinux_callback, selinux_set_callback};
        unsafe { selinux_set_callback(SELINUX_CB_POLICYLOAD, selinux_callback { func_policyload }) }
    }
}

/// Log type argument indicating the type of message.
pub mod log_type {
    use std::os::raw::c_int;

    /// Error log entry.
    pub use selinux_sys::SELINUX_ERROR as ERROR;

    /// Warning log entry.
    pub use selinux_sys::SELINUX_WARNING as WARNING;

    /// Informational log entry.
    pub use selinux_sys::SELINUX_INFO as INFO;

    /// AVC log entry.
    pub use selinux_sys::SELINUX_AVC as AVC;

    // The rest of the constants were defined after version 2.8, so selinux_sys might not
    // export them. We therefore define them manually.

    /// Policy loaded.
    pub static POLICY_LOAD: c_int = 4_i32;

    /// SELinux enforcing mode changed.
    pub static SET_ENFORCE: c_int = 5_i32;
}