Skip to main content

Module policy

Module policy 

Source

Re-exports§

pub use arrays::FsUseType;
pub use arrays::XpermsBitmap;
pub use index::FsUseLabelAndType;
pub use parser::PolicyCursor;

Modules§

arrays
error
index
metadata
parsed_policy
parser
view

Structs§

AccessDecision
Encapsulates the result of a permissions calculation, between source & target domains, for a specific class. Decisions describe which permissions are allowed, and whether permissions should be audit-logged when allowed, and when denied.
AccessVector
Set of permissions that may be granted to sources accessing targets of a particular class.
KernelAccessDecision
MlsLevel
Security level in MLS (Multi-Level Security), consisting of a sensitivity and a set of categories.
MlsRange
Security range in MLS, consisting of a low level and an optional high level.
Policy
SecurityContext
Security context, a variable-length string associated with each SELinux object in the system. Contains mandatory user:role:type components and an optional [:range] component.
Unvalidated
A Policy that has been successfully parsed, but not validated.
XpermsAccessDecision
Encapsulates the result of an extended permissions calculation, between source & target domains, for a specific class, a specific kind of extended permissions, and for a specific xperm prefix byte. Decisions describe which 16-bit xperms are allowed, and whether xperms should be audit-logged when allowed, and when denied.

Enums§

HandleUnknown
Controls how “unknown” policy decisions are handled.
SecurityContextError
Errors that may be returned when attempting to parse or validate a security context.
XpermsKind
A kind of extended permission, corresponding to the base permission that should trigger a check of an extended permission.

Constants§

POLICYDB_VERSION_MAX
Maximum supported SELinux policy database version.

Traits§

AccessVectorComputer
An owner of policy information that can translate [crate::Permission] values into AccessVector values that are consistent with the owned policy.
Parse
A data structure that can be parsed as a part of a binary policy.
PolicyId
Trait for strongly-typed policy identifiers.

Functions§

parse_policy_by_value
Parses binary_policy by value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns (unvalidated_parser_output, binary_policy) on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires an unvalidated_parser_output type that is independent of the binary_policy lifetime. Taken together, these requirements demand the “move-in + move-out” interface for binary_policy.

Type Aliases§

CategoryId
Identifies a security category within a policy.
ClassId
Identifies a class within a policy.
PermissionId
Identifies a permission within an object class (class-relative, 1-indexed).
RoleId
Identifies a role within a policy.
SensitivityId
Identifies a sensitivity level within a policy.
TypeId
Identifies a type (or type attribute) within a policy.
UserId
Identifies a user within a policy.