Module policy

Re-exports

pub use arrays::FsUseType;

pub use arrays::XpermsBitmap;

pub use index::FsUseLabelAndType;

Modules

arrays

Special cases of Array<Bytes, Metadata, Data> and instances of Metadata and Data that appear in binary SELinux policies.

error

index

metadata

parsed_policy

parser

Structs

AccessDecision

Encapsulates the result of a permissions calculation, between source & target domains, for a specific class. Decisions describe which permissions are allowed, and whether permissions should be audit-logged when allowed, and when denied.

AccessVector

The set of permissions that may be granted to sources accessing targets of a particular class, as defined in an SELinux policy.

CategoryId

Identifies a security category within a policy.

ClassId

Identifies a class within a policy.

ClassInfo

Information on a Class. This struct is used for sharing Class information outside this crate.

ClassPermissionId

Identifies a permission within a class.

IoctlAccessDecision

Encapsulates the result of an ioctl extended permissions calculation, between source & target domains, for a specific class, and for a specific ioctl prefix byte. Decisions describe which 16-bit ioctls are allowed, and whether ioctl permissions should be audit-logged when allowed, and when denied.

Policy

RoleId

Identifies a role within a policy.

SecurityContext

The security context, a variable-length string associated with each SELinux object in the system. The security context contains mandatory user:role:type components and an optional [:range] component.

SensitivityId

Identifies a sensitivity level within a policy.

TypeId

Identifies a type within a policy.

Unvalidated

A Policy that has been successfully parsed, but not validated.

UserId

Identifies a user within a policy.

Enums

SecurityContextError

Errors that may be returned when attempting to parse or validate a security context.

Constants

SUPPORTED_POLICY_VERSION

Maximum SELinux policy version supported by this implementation.

Traits

AccessVectorComputer

An owner of policy information that can translate sc::Permission values into AccessVector values that are consistent with the owned policy.

Parse

A data structure that can be parsed as a part of a binary policy.

Functions

parse_policy_by_reference

Parses binary_policy by reference; that is, constructs parser output structures that contain references to data in binary_policy. This function returns unvalidated_parser_output on success, or an error if parsing failed.

parse_policy_by_value

Parses binary_policy by value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns (unvalidated_parser_output, binary_policy) on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires an unvalidated_parser_output type that is independent of the binary_policy lifetime. Taken together, these requirements demand the “move-in + move-out” interface for binary_policy.