Crate selinux_policy

source ·



  • The set of permissions that may be granted to sources accessing targets of a particular class, as defined in an SELinux policy.
  • Identifies a security category within a policy.
  • Identifies a role within a policy.
  • The security context, a variable-length string associated with each SELinux object in the system. The security context contains mandatory user:role:type components and an optional [:range] component.
  • Identifies a sensitivity level within a policy.
  • Identifies a type within a policy.
  • A Policy that has been successfully parsed, but not validated.
  • Identifies a user within a policy.


  • Errors that may be returned when attempting to parse or validate a security context.




  • Parses binary_policy by reference; that is, constructs parser output structures that contain references to data in binary_policy. This function returns unvalidated_parser_output on success, or an error if parsing failed.
  • Parses binary_policy by value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns (unvalidated_parser_output, binary_policy) on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires an unvalidated_parser_output type that is independent of the binary_policy lifetime. Taken together, these requirements demand the “move-in + move-out” interface for binary_policy.