Crate selinux_policy
source ·Modules§
Structs§
- The set of permissions that may be granted to sources accessing targets of a particular class, as defined in an SELinux policy.
- Identifies a security category within a policy.
- Identifies a role within a policy.
- The security context, a variable-length string associated with each SELinux object in the system. The security context contains mandatory
user:role:typecomponents and an optional [:range] component. - Identifies a sensitivity level within a policy.
- Identifies a type within a policy.
- A
Policythat has been successfully parsed, but not validated. - Identifies a user within a policy.
Enums§
- Errors that may be returned when attempting to parse or validate a security context.
Constants§
- Maximum SELinux policy version supported by this implementation.
Traits§
- An owner of policy information that can translate
sc::Permissionvalues intoAccessVectorvalues that are consistent with the owned policy. - A data structure that can be parsed as a part of a binary policy.
Functions§
- Parses
binary_policyby reference; that is, constructs parser output structures that contain references to data inbinary_policy. This function returnsunvalidated_parser_outputon success, or an error if parsing failed. - Parses
binary_policyby value; that is, copies underlying binary data out in addition to building up parser output structures. This function returns(unvalidated_parser_output, binary_policy)on success, or an error if parsing failed. Note that the second component of the success case contains precisely the same bytes as the input. This function depends on a uniformity of interface between the “by value” and “by reference” strategies, but also requires anunvalidated_parser_outputtype that is independent of thebinary_policylifetime. Taken together, these requirements demand the “move-in + move-out” interface forbinary_policy.