1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
|
/**
* @file
* Defines the public interface for searching and iterating over
* policy MLS components.
*
* @author Jeremy A. Mowery jmowery@tresys.com
* @author Jason Tang jtang@tresys.com
*
* Copyright (C) 2006-2007 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef QPOL_MLS_QUERY_H
#define QPOL_MLS_QUERY_H
#ifdef __cplusplus
extern "C"
{
#endif
#include <stddef.h>
#include <stdint.h>
typedef struct qpol_level qpol_level_t;
typedef struct qpol_cat qpol_cat_t;
typedef struct qpol_mls_range qpol_mls_range_t;
typedef struct qpol_mls_level qpol_mls_level_t;
#include <qpol/iterator.h>
#include <qpol/policy.h>
/* level */
/**
* Get datum for a security level by (sensitivity) name.
* @param policy The policy from which to get the level datum.
* @param name The sensitivity name; searching is case sensitive.
* @param datum Pointer in which to store the level datum. Must be non-NULL.
* The caller should not free this pointer.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *datum will be NULL.
*/
extern int qpol_policy_get_level_by_name(const qpol_policy_t * policy, const char *name, const qpol_level_t ** datum);
/**
* Get an iterator for the levels in a policy.
* @param policy The policy from which to create the iterator.
* @param iter Iterator of type qpol_level_t* returned;
* The caller is responsible for calling qpol_iterator_destroy
* to free memory used; it is important to note that the iterator
* is valid only as long as the policy is unchanged.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *iter will be NULL.
*/
extern int qpol_policy_get_level_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter);
/**
* Determine if a level is an alias for another level.
* @param policy The policy associated with the level datum.
* @param datum The level to check.
* @param isalias Pointer in which to store the alias state of
* the level. Must be non-NULL.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *isalias will be 0 (false).
*/
extern int qpol_level_get_isalias(const qpol_policy_t * policy, const qpol_level_t * datum, unsigned char *isalias);
/**
* Get the integer value associated with the sensitivity of a level.
* Values range from 1 to the number of declared levels in the policy.
* @param policy The policy associated with the level.
* @param datum The level datum from which to get the value.
* @param value Pointer to the integer to set to value. Must be non-NULL.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *value will be 0.
*/
extern int qpol_level_get_value(const qpol_policy_t * policy, const qpol_level_t * datum, uint32_t * value);
/**
* Get an iterator for the categories associated with a level.
* @param policy The policy associated with the level.
* @param datum The level from which to get the categories.
* @param cats Iterator of type qpol_cat_t* returned;
* the categories are in policy order. The caller is responsible
* for calling qpol_iterator_destroy to free memory used;
* it is important to note that the iterator is valid only as long
* as the policy is unchanged.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *cats will be NULL.
*/
extern int qpol_level_get_cat_iter(const qpol_policy_t * policy, const qpol_level_t * datum, qpol_iterator_t ** cats);
/**
* Get the name which identifies a level from its datum.
* @param policy The policy associated with the level.
* @param datum The level from which to get the name.
* @param name Pointer in which to store the name. Must be non-NULL;
* the caller should not free this string. If the sensitivity is an
* alias, the primary name will be returned.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *name will be NULL.
*/
extern int qpol_level_get_name(const qpol_policy_t * policy, const qpol_level_t * datum, const char **name);
/**
* Get an iterator for the list of aliases for a level.
* @param policy The policy associated with the level.
* @param datum The level for which to get aliases.
* @param aliases Iterator of type char* returned; the caller is
* responsible for calling qpol_iterator_destroy to free
* memory used; it is important to note that the iterator is valid
* only as long as the policy is unchanged. If a level has no aliases,
* the iterator will be at end and have size 0.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *aliases will be NULL.
*/
extern int qpol_level_get_alias_iter(const qpol_policy_t * policy, const qpol_level_t * datum, qpol_iterator_t ** aliases);
/* cat */
/**
* Get the datum for a category by name.
* @param policy The policy from which to get the category.
* @param name The name of the category; searching is case sensitive.
* @param datum Pointer in which to store the datum; the caller should
* not free this pointer.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *datum will be NULL.
*/
extern int qpol_policy_get_cat_by_name(const qpol_policy_t * policy, const char *name, const qpol_cat_t ** datum);
/**
* Get an iterator for the categories declared in a policy.
* @param policy The policy from which to create the iterator.
* @param iter Iterator of type qpol_cat_t* returned;
* the categories are in policy order. The caller is responsible
* for calling qpol_iterator_destroy to free the memory used;
* it is important to note that the iterator is only valid as
* long as the policy is unchanged.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *iter will be NULL.
*/
extern int qpol_policy_get_cat_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter);
/**
* Get the integer value associated with a category. Values range
* from 1 to the number of categories declared in the policy.
* @param policy The policy associated with the category.
* @param datum The category for which to get the value.
* @param value Pointer to the integer to set to value. Must be non-NULL.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *value will be 0.
*/
extern int qpol_cat_get_value(const qpol_policy_t * policy, const qpol_cat_t * datum, uint32_t * value);
/**
* Determine if a category is an alias for another category.
* @param policy The policy associated with the category.
* @param datum The category to check.
* @param isalias Pointer in which to store the alias state of the
* category; must be non-NULL.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *isalias will be 0 (false).
*/
extern int qpol_cat_get_isalias(const qpol_policy_t * policy, const qpol_cat_t * datum, unsigned char *isalias);
/**
* Get the name which identifies a category from its datum.
* @param policy The policy associated with the category.
* @param datum The category from which to get the name.
* @param name Pointer in which to store the name. Must be non-NULL;
* the caller should not free the string. If the category is an alias
* the primary name will be returned.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *name will be NULL.
*/
extern int qpol_cat_get_name(const qpol_policy_t * policy, const qpol_cat_t * datum, const char **name);
/**
* Get an iterator for the list of aliases for a category.
* @param policy The policy associated with the category.
* @param datum The category for which to get aliases.
* @param aliases Iterator of type char* returned; the caller is
* responsible for calling qpol_iterator_destroy to free
* memory used; it is important to note that the iterator is valid
* only as long as the policy is unchanged. If a category has no aliases,
* the iterator will be at end and have size 0.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *aliases will be NULL.
*/
extern int qpol_cat_get_alias_iter(const qpol_policy_t * policy, const qpol_cat_t * datum, qpol_iterator_t ** aliases);
/* mls range */
/**
* Get the low level from a MLS range.
* @param policy The policy associated with the MLS components of range.
* @param range The range from which to get the low level.
* @param level Pointer in which to store the level; the caller
* should not free this pointer.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *level will be NULL.
*/
extern int qpol_mls_range_get_low_level(const qpol_policy_t * policy, const qpol_mls_range_t * range,
const qpol_mls_level_t ** level);
/**
* Get the high level from a MLS range.
* @param policy The policy associated with the MLS components of range.
* @param range The range from which to get the high level.
* @param level Pointer in which to store the level; the caller
* should not free this pointer.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *level will be NULL.
*/
extern int qpol_mls_range_get_high_level(const qpol_policy_t * policy, const qpol_mls_range_t * range,
const qpol_mls_level_t ** level);
/* mls_level */
/**
* Get the name of the sensitivity from a MLS level.
* @param policy The policy associated with the MLS components of level.
* @param level The level from which to get the sensitivity name.
* @param name Pointer in which to store the name; the caller
* should not free this string.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *name will be NULL.
*/
extern int qpol_mls_level_get_sens_name(const qpol_policy_t * policy, const qpol_mls_level_t * level, const char **name);
/**
* Get an iterator for the categories in a MLS level. The list will be
* in policy order.
* @param policy The policy associated with the MLS components of level.
* @param level The level from which to get the categories.
* @param cats Iterator of type qpol_cat_t* returned; the list is in
* policy order. The caller is responsible for calling
* qpol_iterator_destroy to free memory used; it is important to note
* that an iterator is only valid as long as the policy is unchanged.
* @return Returns 0 on success and < 0 on failure; if the call fails,
* errno will be set and *cats will be NULL.
*/
extern int qpol_mls_level_get_cat_iter(const qpol_policy_t * policy, const qpol_mls_level_t * level,
qpol_iterator_t ** cats);
#ifdef __cplusplus
}
#endif
#endif /* QPOL_MLS_QUERY_H */
|
