Module policy

Re-exports

• pub use arrays::FsUseType;
• pub use index::FsUseLabelAndType;

Modules

• arrays
  Special cases of Array<Bytes, Metadata, Data> and instances of Metadata and Data that appear in binary SELinux policies.
• error
• index
• metadata
• parsed_policy
• parser

Structs

• AccessDecision
  Encapsulates the result of a permissions calculation, between source & target domains, for a specific class. Decisions describe which permissions are allowed, and whether permissions should be audit-logged when allowed, and when denied.
• AccessVector
  The set of permissions that may be granted to sources accessing targets of a particular class, as defined in an SELinux policy.
• CategoryId
  Identifies a security category within a policy.
• ClassId
  Identifies a class within a policy.
• ClassInfo
  Information on a Class. This struct is used for sharing Class information outside this crate.
• Policy
• RoleId
  Identifies a role within a policy.
• SecurityContext
  The security context, a variable-length string associated with each SELinux object in the system. The security context contains mandatory user:role:type components and an optional [:range] component.
• SensitivityId
  Identifies a sensitivity level within a policy.
• TypeId
  Identifies a type within a policy.
• Unvalidated
  A Policy that has been successfully parsed, but not validated.
• UserId
  Identifies a user within a policy.

Enums

• SecurityContextError
  Errors that may be returned when attempting to parse or validate a security context.

Constants

• SUPPORTED_POLICY_VERSION
  Maximum SELinux policy version supported by this implementation.

Traits

• AccessVectorComputer
  An owner of policy information that can translate sc::Permission values into AccessVector values that are consistent with the owned policy.
• Parse
  A data structure that can be parsed as a part of a binary policy.

Functions

• parse_policy_by_reference
  Parses binary_policy by reference; that is, constructs parser output structures that contain references to data in binary_policy. This function returns unvalidated_parser_output on success, or an error if parsing failed.
• parse_policy_by_value
  Parses binary_policy by value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns (unvalidated_parser_output, binary_policy) on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires an unvalidated_parser_output type that is independent of the binary_policy lifetime. Taken together, these requirements demand the “move-in + move-out” interface for binary_policy.